From: demeritcowboy Date: Thu, 25 Feb 2021 22:32:24 +0000 (-0500) Subject: test showing non-admins can't see closed cases X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=bb7707f1934ce0bc3bb09ebbdfdf5ee703436877;p=civicrm-core.git test showing non-admins can't see closed cases --- diff --git a/tests/phpunit/CRM/Case/BAO/CaseTest.php b/tests/phpunit/CRM/Case/BAO/CaseTest.php index d49f73ab79..f2af4b77e7 100644 --- a/tests/phpunit/CRM/Case/BAO/CaseTest.php +++ b/tests/phpunit/CRM/Case/BAO/CaseTest.php @@ -1163,4 +1163,42 @@ class CRM_Case_BAO_CaseTest extends CiviUnitTestCase { ]; } + /** + * Test that if you only have "my cases" permission you can still view + * Manage Case for **closed** cases of yours. + */ + public function testCanViewClosedCaseAsNonAdmin() { + $loggedInUser = $this->createLoggedInUser(); + CRM_Core_Config::singleton()->userPermissionClass->permissions = [ + 'access CiviCRM', + 'view all contacts', + 'edit all contacts', + 'add cases', + // this is one important part we're testing + 'access my cases and activities', + ]; + $individual = $this->individualCreate(); + $caseObj = $this->createCase($individual, $loggedInUser); + $caseId = $caseObj->id; + + // This isn't everything needed to close a case but is good enough for + // our purposes. + $this->callAPISuccess('Case', 'create', [ + 'id' => $caseId, + 'status_id' => 'Closed', + ]); + + // Manage Case goes thru this tab even when not visiting from the tab. + $tab = new CRM_Case_Page_Tab(); + $tab->set('action', 'view'); + $tab->set('cid', $individual); + $tab->set('id', $caseId); + $tab->set('context', 'standalone'); + $tab->preProcess(); + // At this point it would have thrown PrematureExitException if we didn't have access. + // Let's assert something while we're here. This is also what would have + // failed, but by itself doesn't depend on permissions. + $this->assertArrayHasKey($caseId, CRM_Case_BAO_Case::getCases(FALSE, ['type' => 'any'])); + } + }