From: Eileen McNaughton Date: Tue, 19 Aug 2014 23:40:57 +0000 (+1200) Subject: CRM-15148 add tests to check impact of ACLs on contributions X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=ae4bb4c9d0702b73f7373ac3f2487563eb2e1905;p=civicrm-core.git CRM-15148 add tests to check impact of ACLs on contributions testEntitiesGetCoreACLLimitingHookNoCheck fails without the commit to the api file (next commit) reinstate deleted functions --- diff --git a/tests/phpunit/api/v3/ACLPermissionTest.php b/tests/phpunit/api/v3/ACLPermissionTest.php index 4320cc0993..5d8331fb91 100644 --- a/tests/phpunit/api/v3/ACLPermissionTest.php +++ b/tests/phpunit/api/v3/ACLPermissionTest.php @@ -62,6 +62,14 @@ class api_v3_ACLPermissionTest extends CiviUnitTestCase { CRM_Utils_Hook::singleton()->reset(); $tablesToTruncate = array( 'civicrm_contact', + 'civicrm_group_contact', + 'civicrm_group', + 'civicrm_acl', + 'civicrm_acl_cache', + 'civicrm_acl_entity_role', + 'civicrm_acl_contact_cache', + 'civicrm_contribution', + 'civicrm_participant', ); $this->quickCleanup($tablesToTruncate); $config = CRM_Core_Config::singleton(); @@ -97,7 +105,7 @@ class api_v3_ACLPermissionTest extends CiviUnitTestCase { * Function tests that deleted contacts are not returned */ function testContactGetPermissionHookNoDeleted() { - $result = $this->callAPISuccess('contact', 'create', array('id' => 2, 'is_deleted' => 1)); + $this->callAPISuccess('contact', 'create', array('id' => 2, 'is_deleted' => 1)); $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereHookAllResults')); $result = $this->callAPISuccess('contact', 'get', array( 'check_permissions' => 1, @@ -229,6 +237,94 @@ class api_v3_ACLPermissionTest extends CiviUnitTestCase { ); } + function setupCoreACL() { + $this->createLoggedInUser(); + $this->_permissionedDisabledGroup = $this->groupCreate(array('title' => 'pick-me-disabled', 'is_active' => 0, 'name' => 'pick-me-disabled')); + $this->_permissionedGroup = $this->groupCreate(array('title' => 'pick-me-active', 'is_active' => 1, 'name' => 'pick-me-active')); + $this->setupACL(); + } + /** + * @dataProvider entities + * confirm that without check permissions we still get 2 contacts returned + */ + function testEntitiesGetHookLimitingHookNoCheck($entity) { + CRM_Core_Config::singleton()->userPermissionClass->permissions = array(); + $this->setUpEntities($entity); + $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereHookNoResults')); + $result = $this->callAPISuccess($entity, 'get', array( + 'check_permissions' => 0, + 'return' => 'contact_id', + )); + $this->assertEquals(2, $result['count']); + } + + /** + * @dataProvider entities + * confirm that without check permissions we still get 2 entities returned + */ + function testEntitiesGetCoreACLLimitingHookNoCheck($entity) { + $this->setupCoreACL(); + //CRM_Core_Config::singleton()->userPermissionClass->permissions = array(); + $this->setUpEntities($entity); + $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereHookNoResults')); + $result = $this->callAPISuccess($entity, 'get', array( + 'check_permissions' => 0, + 'return' => 'contact_id', + )); + $this->assertEquals(2, $result['count']); + } + /** + * @dataProvider entities + * confirm that with check permissions we don't get entities + */ + function testEntitiesGetCoreACLLimitingHookCheck($entity) { + $this->setupCoreACL(); + $this->setUpEntities($entity); + $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereHookNoResults')); + $result = $this->callAPISuccess($entity, 'get', array( + 'check_permissions' => 1, + 'return' => 'contact_id', + )); + $this->assertEquals(0, $result['count']); + } + + + /** + * @dataProvider entities + * Function tests that an empty where hook returns no results + */ + function testEntityGetNoResultsHook($entity) { + $this->markTestIncomplete('hook acls only work with contacts so far'); + CRM_Core_Config::singleton()->userPermissionClass->permissions = array(); + $this->setUpEntities($entity); + $this->hookClass->setHook('civicrm_aclWhereClause', array($this, 'aclWhereHookNoResults')); + $result = $this->callAPISuccess($entity, 'get', array( + 'check_permission' => 1, + )); + $this->assertEquals(0, $result['count']); + } + + /** + * @return array + */ + public static function entities() { + return array(array('contribution'), array('participant'),);// @todo array('pledge' => 'pledge') + } + + /** + * Create 2 entities + */ + public function setUpEntities($entity) { + $baoObj = new CRM_Core_DAO(); + $baoObj->createTestObject( _civicrm_api3_get_BAO($entity), array(), 2, 0); + CRM_Core_Config::singleton()->userPermissionClass->permissions = array( + 'access CiviCRM', + 'access CiviContribute', + 'access CiviEvent', + 'view event participants', + ); + } + /** * no results returned */ @@ -248,7 +344,4 @@ class api_v3_ACLPermissionTest extends CiviUnitTestCase { function aclWhereOnlySecond($type, &$tables, &$whereTables, &$contactID, &$where) { $where = " contact_a.id > 1"; } - - } -