mirror of
https://github.com/EGroupware/egroupware.git
synced 2024-12-01 04:13:28 +01:00
f402561d7d
Found a problems when requesting 'all' custom fields, it would still use current user permissions
211 lines
5.1 KiB
PHP
211 lines
5.1 KiB
PHP
<?php
|
|
/**
|
|
* Tests for customfields
|
|
*
|
|
* @package api
|
|
* @subpackage tests
|
|
* @link http://www.egroupware.org
|
|
* @author Nathan Gray
|
|
* @copyright 2018 Nathan Gray
|
|
* @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License
|
|
*/
|
|
|
|
namespace EGroupware\Api\Storage;
|
|
|
|
use EGroupware\Api;
|
|
use EGroupware\Api\LoggedInTest as LoggedInTest;
|
|
|
|
class CustomfieldsTest extends LoggedInTest
|
|
{
|
|
const APP = 'test';
|
|
protected $customfields = null;
|
|
|
|
protected $simple_field = array(
|
|
'app' => self::APP,
|
|
'name' => 'test_field',
|
|
'label' => 'Custom field',
|
|
'type' => 'text',
|
|
'type2' => array(),
|
|
'help' => 'Custom field created for automated testing by CustomfieldsTest',
|
|
'values' => null,
|
|
'len' => null,
|
|
'rows' => null,
|
|
'order' => null,
|
|
'needed' => null,
|
|
'private' => array()
|
|
);
|
|
|
|
public function assertPreConditions()
|
|
{
|
|
parent::assertPreConditions();
|
|
$tables = $GLOBALS['egw']->db->table_names(true);
|
|
$this->assertContains('egw_test', $tables, 'Could not find DB table "egw_test", make sure test app is installed');
|
|
}
|
|
|
|
/**
|
|
* Check to make sure we can create a custom field
|
|
*/
|
|
public function testCreateField()
|
|
{
|
|
// Create
|
|
$field = $this->simple_field;
|
|
|
|
Customfields::update($field);
|
|
|
|
// Check
|
|
$fields = Customfields::get(self::APP);
|
|
|
|
$this->assertArrayHasKey($field['name'], $fields);
|
|
|
|
$saved_field = $fields[$field['name']];
|
|
|
|
foreach(array('app','label','type','type2','help','values','len','rows','needed','private') as $key)
|
|
{
|
|
$this->assertEquals($field[$key], $saved_field[$key], "Load of $key did not match save");
|
|
}
|
|
|
|
// Clean
|
|
unset($fields[$field['name']]);
|
|
Customfields::save(self::APP, $fields);
|
|
}
|
|
|
|
/**
|
|
* Test the access control on private custom fields
|
|
*/
|
|
public function testPrivateCannotBeReadWithoutPermission()
|
|
{
|
|
$field = $this->create_private_field();
|
|
|
|
// Get another user
|
|
$other_account = $this->get_another_user();
|
|
|
|
// Try to read - should not be there
|
|
$fields = Customfields::get(self::APP,$other_account);
|
|
$this->assertArrayNotHasKey($field['name'], $fields);
|
|
|
|
// Switch the users
|
|
$field['private'] = array($other_account);
|
|
Customfields::update($field);
|
|
|
|
// Try to read - should not be there
|
|
$fields = Customfields::get(self::APP,false);
|
|
$this->assertArrayNotHasKey($field['name'], $fields);
|
|
|
|
// Clean up
|
|
unset($fields[$field['name']]);
|
|
Customfields::save(self::APP, $fields);
|
|
}
|
|
|
|
/**
|
|
* Test that giving access allows access
|
|
*/
|
|
public function testGivingAccess()
|
|
{
|
|
$field = $this->create_private_field();
|
|
|
|
$fields = Customfields::get(self::APP);
|
|
|
|
// Get another user
|
|
$other_account = $this->get_another_user();
|
|
|
|
// Give access & check
|
|
$field['private'][] = $other_account;
|
|
Customfields::update($field);
|
|
|
|
$fields = Customfields::get(self::APP,$other_account);
|
|
$this->assertArrayHasKey($field['name'], $fields);
|
|
|
|
// Clean up
|
|
unset($fields[$field['name']]);
|
|
Customfields::save(self::APP, $fields);
|
|
}
|
|
|
|
/**
|
|
* Test that removing access disallows access
|
|
*/
|
|
public function testRemovingAccess()
|
|
{
|
|
$field = $this->create_private_field();
|
|
|
|
$fields = Customfields::get(self::APP);
|
|
|
|
// Get another user
|
|
$other_account = $this->get_another_user();
|
|
|
|
// Give access
|
|
$field['private'][] = $other_account;
|
|
Customfields::update($field);
|
|
$fields = Customfields::get(self::APP,$other_account);
|
|
$this->assertArrayHasKey($field['name'], $fields);
|
|
|
|
// Remove access, check its gone
|
|
$field['private'] = array($GLOBALS['egw_info']['user']['account_id']);
|
|
Customfields::update($field);
|
|
$fields = Customfields::get(self::APP,$other_account);
|
|
$this->assertArrayNotHasKey($field['name'], $fields);
|
|
|
|
// Clean up
|
|
unset($fields[$field['name']]);
|
|
Customfields::save(self::APP, $fields);
|
|
}
|
|
|
|
/**
|
|
* Test getting all fields ignores any access restrictions
|
|
*/
|
|
public function testGetAllFields()
|
|
{
|
|
$field = $this->create_private_field();
|
|
|
|
// Get another user
|
|
$other_account = $this->get_another_user();
|
|
|
|
// Change access so current user can't read it
|
|
$field['private'] = array($other_account);
|
|
Customfields::update($field);
|
|
|
|
$fields = Customfields::get(self::APP,true);
|
|
$this->assertEquals(1, count($fields));
|
|
$this->assertArrayHasKey($field['name'], $fields);
|
|
|
|
// Clean up
|
|
unset($fields[$field['name']]);
|
|
Customfields::save(self::APP, $fields);
|
|
}
|
|
|
|
protected function create_private_field()
|
|
{
|
|
// Create field
|
|
$field = array_merge(
|
|
$this->simple_field,
|
|
array(
|
|
'private' => array($GLOBALS['egw_info']['user']['account_id'])
|
|
)
|
|
);
|
|
Customfields::update($field);
|
|
|
|
return $field;
|
|
}
|
|
|
|
/**
|
|
* Get another user that we can use to test
|
|
*/
|
|
protected function get_another_user()
|
|
{
|
|
$accounts = $GLOBALS['egw']->accounts->search(array(
|
|
'type' => 'accounts'
|
|
));
|
|
unset($accounts[$GLOBALS['egw_info']['user']['account_id']]);
|
|
if(count($accounts) == 0)
|
|
{
|
|
$this->markTestSkipped('Need more than one user to check private');
|
|
}
|
|
$other_account = key($accounts);
|
|
|
|
if(!$other_account)
|
|
{
|
|
$this->markTestSkipped('Need more than one user to check private');
|
|
}
|
|
return $other_account;
|
|
}
|
|
}
|