From 8e12938a18a2487a23bcc0906cf12deb891df153 Mon Sep 17 00:00:00 2001 From: eileen Date: Mon, 14 Jan 2019 22:04:45 +1300 Subject: [PATCH] Add unit test to cover granting everyone' group permission to access a group --- api/v3/Acl.php | 10 +++ api/v3/AclRole.php | 10 +++ .../phpunit/CRMTraits/ACL/PermissionTrait.php | 62 +++++++++++++++++++ tests/phpunit/api/v3/ACLPermissionTest.php | 11 ++++ 4 files changed, 93 insertions(+) diff --git a/api/v3/Acl.php b/api/v3/Acl.php index b7a81d4cac..ab252c694b 100644 --- a/api/v3/Acl.php +++ b/api/v3/Acl.php @@ -43,6 +43,16 @@ function civicrm_api3_acl_create($params) { return _civicrm_api3_basic_create(_civicrm_api3_get_BAO(__FUNCTION__), $params, 'Acl'); } +/** + * Acl create metadata. + * + * @param array $params + */ +function _civicrm_api3_acl_create_spec(&$params) { + $params['is_active']['api.default'] = 1; + $params['entity_table']['api.default'] = 'civicrm_acl_role'; +} + /** * Get an Acl. * diff --git a/api/v3/AclRole.php b/api/v3/AclRole.php index 3084962c66..5522845e21 100644 --- a/api/v3/AclRole.php +++ b/api/v3/AclRole.php @@ -43,6 +43,16 @@ function civicrm_api3_acl_role_create($params) { return _civicrm_api3_basic_create(_civicrm_api3_get_BAO(__FUNCTION__), $params, 'EntityRole'); } + +/** + * AclRole create metadata. + * + * @param array $params + */ +function _civicrm_api3_acl_role_create_spec(&$params) { + $params['is_active']['api.default'] = 1; +} + /** * Get an AclRole. * diff --git a/tests/phpunit/CRMTraits/ACL/PermissionTrait.php b/tests/phpunit/CRMTraits/ACL/PermissionTrait.php index 6d19f07789..4b37e4e229 100644 --- a/tests/phpunit/CRMTraits/ACL/PermissionTrait.php +++ b/tests/phpunit/CRMTraits/ACL/PermissionTrait.php @@ -35,6 +35,13 @@ trait CRMTraits_ACL_PermissionTrait { protected $allowedContactId = 0; protected $allowedContacts = []; + /** + * Ids created for the scenario in use. + * + * @var array + */ + protected $scenarioIDs = []; + /** * All results returned. * @@ -94,4 +101,59 @@ trait CRMTraits_ACL_PermissionTrait { $where = " contact_a.id = " . $this->allowedContactId; } + /** + * Set up a core ACL. + * + * It is recommended that this helper function is accessed through a scenario function. + * + * @param array $permissionedEntities Array of groups for whom ACLs enable access. + * @param string|int $groupAllowedAccess Group permitted to access the permissioned Group + * An ID of 0 means that 'Everyone' can access the group. + * @param string $operation View|Edit|Create|Delete|Search|All + * @param string $entity Group|CustomGroup|Profile|Event + * + * @throws CRM_Core_Exception + */ + public function setupCoreACLPermittedToGroup($permissionedEntities = [], $groupAllowedAccess = 'Everyone', $operation = 'View', $entity = 'Group') { + $tableMap = ['Group' => 'civicrm_saved_search', 'CustomGroup' => 'civicrm_custom_group', 'Profile' => 'civicrm_uf_match', 'Event' => 'civicrm_event']; + $entityTable = $tableMap[$entity]; + + $permittedRoleID = ($groupAllowedAccess === 'Everyone') ? 0 : $groupAllowedAccess; + if ($permittedRoleID !== 0) { + throw new CRM_Core_Exception('only handling everyone group as yet'); + } + + foreach ($permissionedEntities as $permissionedEntityID) { + $this->callAPISuccess('Acl', 'create', [ + 'name' => uniqid(), + 'operation' => $operation, + 'entity_id' => $permittedRoleID, + 'object_id' => $permissionedEntityID, + 'object_table' => $entityTable, + ]); + } + } + + /** + * Set up a scenario where everyone can access the permissioned group. + * + * A scenario in this class involves multiple defined assets. In this case we create + * - a group to which the everyone has permission + * - a contact in the group + * - a contact not in the group + * + * These are arrayed as follows + * $this->scenarioIDs['Contact'] = ['permitted_contact' => x, 'non_permitted_contact' => y] + * $this->scenarioIDs['Group'] = ['permitted_group' => x] + */ + public function setupScenarioCoreACLEveryonePermittedToGroup() { + $this->quickCleanup(['civicrm_acl_cache', 'civicrm_acl_contact_cache']); + $this->scenarioIDs['Group']['permitted_group'] = $this->groupCreate(); + $this->scenarioIDs['Contact']['permitted_contact'] = $this->individualCreate(); + $result = $this->callAPISuccess('GroupContact', 'create', ['group_id' => $this->scenarioIDs['Group']['permitted_group'], 'contact_id' => $this->scenarioIDs['Contact']['permitted_contact'], 'status' => 'Added']); + $this->scenarioIDs['Contact']['non_permitted_contact'] = $this->individualCreate(); + CRM_Core_Config::singleton()->userPermissionClass->permissions = []; + $this->setupCoreACLPermittedToGroup([$this->scenarioIDs['Group']['permitted_group']]); + } + } diff --git a/tests/phpunit/api/v3/ACLPermissionTest.php b/tests/phpunit/api/v3/ACLPermissionTest.php index 63a36a5411..3501d4d2f1 100644 --- a/tests/phpunit/api/v3/ACLPermissionTest.php +++ b/tests/phpunit/api/v3/ACLPermissionTest.php @@ -664,4 +664,15 @@ class api_v3_ACLPermissionTest extends CiviUnitTestCase { return $contacts; } + /** + * Test that the 'everyone' group can be given access to a contact. + */ + public function testGetACLEveryonePermittedEntity() { + $this->setupScenarioCoreACLEveryonePermittedToGroup(); + $this->callAPISuccess('Contact', 'getsingle', [ + 'id' => $this->scenarioIDs['Contact']['permitted_contact'], + 'check_permissions' => 1, + ]); + } + } -- 2.25.1