Add more unit tests for Event permissions

civicrm · Oct 24, 2018 · e96aa1d · e96aa1d
1 parent c4ca2b9
commit e96aa1d
Showing 1 changed file with 90 additions and 3 deletions.
diff --git a/tests/phpunit/CRM/Event/BAO/EventPermissionsTest.php b/tests/phpunit/CRM/Event/BAO/EventPermissionsTest.php
@@ -34,16 +34,103 @@ class CRM_Event_BAO_EventPermissionsTest extends CiviUnitTestCase {
   public function setUp() {
     parent::setUp();
     $this->_contactId = $this->createLoggedInUser();
+    $this->createOwnEvent();
+    $this->createOtherEvent();
+  }
+
+  public function createOwnEvent() {
     $event = $this->eventCreate(array(
       'created_id' => $this->_contactId,
     ));
-    $this->_eventId = $event['id'];
+    $this->_ownEventId = $event['id'];
+  }
+
+  public function createOtherEvent() {
+    $this->_otherContactId = $this->_contactId + 1;
+    $event = $this->eventCreate(array(
+      'created_id' => $this->_otherContactId,
+    ));
+    $this->_otherEventId = $event['id'];
+  }
+
+  private function setViewOwnEventPermissions() {
+    CRM_Core_Config::singleton()->userPermissionClass->permissions = ['access CiviCRM', 'access CiviEvent', 'view event info'];
+  }
+
+  private function setViewAllEventPermissions() {
+    CRM_Core_Config::singleton()->userPermissionClass->permissions = ['access CiviCRM', 'access CiviEvent', 'view event info', 'view event participants'];
+  }
+
+  private function setEditAllEventPermissions() {
+    CRM_Core_Config::singleton()->userPermissionClass->permissions = ['access CiviCRM', 'access CiviEvent', 'view event info', 'edit all events'];
+  }
+
+  private function setDeleteAllEventPermissions() {
+    CRM_Core_Config::singleton()->userPermissionClass->permissions = ['access CiviCRM', 'access CiviEvent', 'view event info', 'delete in CiviEvent'];
+  }
+
+  public function testViewOwnEvent() {
+    self::setViewOwnEventPermissions();
+    unset(\Civi::$statics['CRM_Event_BAO_Event']['permissions']);
+    $permissions = CRM_Event_BAO_Event::checkPermission($this->_ownEventId, CRM_Core_Permission::VIEW);
+    $this->assertTrue($permissions);
+    // Now check that caching is actually working
+    \Civi::$statics['CRM_Event_BAO_Event']['permission']['view'][$this->_ownEventId] = FALSE;
+    $permissions = CRM_Event_BAO_Event::checkPermission($this->_ownEventId, CRM_Core_Permission::VIEW);
+    $this->assertFalse($permissions);
   }
 
   public function testEditOwnEvent() {
-    CRM_Core_Config::singleton()->userPermissionTemp = ['access civievent', 'access CiviCRM', 'view event info'];
+    self::setViewOwnEventPermissions();
+    unset(\Civi::$statics['CRM_Event_BAO_Event']['permissions']);
+    $this->_loggedInUser = CRM_Core_Session::singleton()->get('userID');
+    $permissions = CRM_Event_BAO_Event::checkPermission($this->_ownEventId, CRM_Core_Permission::EDIT);
+    $this->assertTrue($permissions);
+  }
+
+  public function testDeleteOwnEvent() {
+    self::setViewOwnEventPermissions();
+    unset(\Civi::$statics['CRM_Event_BAO_Event']['permissions']);
+    $permissions = CRM_Event_BAO_Event::checkPermission($this->_ownEventId, CRM_Core_Permission::DELETE);
+    $this->assertTrue($permissions);
+  }
+
+  public function testViewOtherEventDenied() {
+    $this->_loggedInUser = CRM_Core_Session::singleton()->get('userID');
+    self::setViewOwnEventPermissions();
+    unset(\Civi::$statics['CRM_Event_BAO_Event']['permissions']);
+    $permissions = CRM_Event_BAO_Event::checkPermission($this->_otherEventId, CRM_Core_Permission::VIEW);
+    $this->assertFalse($permissions);
+  }
+
+  public function testViewOtherEventAllowed() {
+    $this->_loggedInUser = CRM_Core_Session::singleton()->get('userID');
+    self::setViewAllEventPermissions();
+    unset(\Civi::$statics['CRM_Event_BAO_Event']['permissions']);
+    $permissions = CRM_Event_BAO_Event::checkPermission($this->_otherEventId, CRM_Core_Permission::VIEW);
+    $this->assertTrue($permissions);
+  }
+
+  public function testEditOtherEventDenied() {
+    $this->_loggedInUser = CRM_Core_Session::singleton()->get('userID');
+    self::setViewAllEventPermissions();
+    unset(\Civi::$statics['CRM_Event_BAO_Event']['permissions']);
+    $permissions = CRM_Event_BAO_Event::checkPermission($this->_otherEventId, CRM_Core_Permission::EDIT);
+    $this->assertFalse($permissions);
+  }
+
+  public function testEditOtherEventAllowed() {
+    $this->_loggedInUser = CRM_Core_Session::singleton()->get('userID');
+    self::setEditAllEventPermissions();
+    unset(\Civi::$statics['CRM_Event_BAO_Event']['permissions']);
+    $permissions = CRM_Event_BAO_Event::checkPermission($this->_otherEventId, CRM_Core_Permission::EDIT);
+    $this->assertTrue($permissions);
+  }
+
+  public function testDeleteOtherEvent() {
+    self::setDeleteAllEventPermissions();
     unset(\Civi::$statics['CRM_Event_BAO_Event']['permissions']);
-    $permissions = CRM_Event_BAO_Event::checkPermission($this->_eventId, CRM_Core_Permission::EDIT);
+    $permissions = CRM_Event_BAO_Event::checkPermission($this->_otherEventId, CRM_Core_Permission::DELETE);
     $this->assertTrue($permissions);
   }