protected function setUp() { parent::setUp(); \CRM_Core_DAO_AllCoreTables::init(TRUE); \CRM_Core_DAO_AllCoreTables::registerEntityType('FakeFile', 'CRM_Fake_DAO_FakeFile', 'fake_file'); $fileProvider = new \Civi\API\Provider\StaticProvider(3, 'FakeFile', array('id', 'entity_table', 'entity_id'), array(), array(array('id' => self::FILE_WIDGET_ID, 'entity_table' => 'fake_widget', 'entity_id' => self::WIDGET_ID), array('id' => self::FILE_FORBIDDEN_ID, 'entity_table' => 'fake_forbidden', 'entity_id' => self::FORBIDDEN_ID))); \CRM_Core_DAO_AllCoreTables::registerEntityType('Widget', 'CRM_Fake_DAO_Widget', 'fake_widget'); $widgetProvider = new \Civi\API\Provider\StaticProvider(3, 'Widget', array('id', 'title'), array(), array(array('id' => self::WIDGET_ID, 'title' => 'my widget'))); \CRM_Core_DAO_AllCoreTables::registerEntityType('Forbidden', 'CRM_Fake_DAO_Forbidden', 'fake_forbidden'); $forbiddenProvider = new \Civi\API\Provider\StaticProvider(3, 'Forbidden', array('id', 'label'), array('create' => \CRM_Core_Permission::ALWAYS_DENY_PERMISSION, 'get' => \CRM_Core_Permission::ALWAYS_DENY_PERMISSION, 'delete' => \CRM_Core_Permission::ALWAYS_DENY_PERMISSION), array(array('id' => self::FORBIDDEN_ID, 'label' => 'my forbidden'))); $this->dispatcher = new EventDispatcher(); $this->kernel = new Kernel($this->dispatcher); $this->kernel->registerApiProvider($fileProvider)->registerApiProvider($widgetProvider)->registerApiProvider($forbiddenProvider); $this->dispatcher->addSubscriber(new DynamicFKAuthorization($this->kernel, 'FakeFile', array('create', 'get'), "select\n case %1\n when " . self::FILE_WIDGET_ID . " then 1\n when " . self::FILE_FORBIDDEN_ID . " then 1\n else 0\n end as is_valid,\n case %1\n when " . self::FILE_WIDGET_ID . " then 'fake_widget'\n when " . self::FILE_FORBIDDEN_ID . " then 'fake_forbidden'\n else null\n end as entity_table,\n case %1\n when " . self::FILE_WIDGET_ID . " then " . self::WIDGET_ID . "\n when " . self::FILE_FORBIDDEN_ID . " then " . self::FORBIDDEN_ID . "\n else null\n end as entity_id\n ", "select", array('fake_widget', 'fake_forbidden'))); }
/** * @param array $apiRequest * Array(entity=>$,action=>$,params=>$,expectedResults=>$). * @param array $rules * Whitelist - list of allowed API calls/patterns. * @param bool $expectSuccess * TRUE if the call should succeed. * Success implies that the 'expectedResults' are returned. * Failure implies that the standard error message is returned. * @dataProvider restrictionCases */ public function testEach($apiRequest, $rules, $expectSuccess) { \CRM_Core_DAO_AllCoreTables::init(TRUE); $recs = $this->getFixtures(); \CRM_Core_DAO_AllCoreTables::registerEntityType('Widget', 'CRM_Fake_DAO_Widget', 'fake_widget'); $widgetProvider = new \Civi\API\Provider\StaticProvider(3, 'Widget', array('id', 'widget_type', 'provider', 'title'), array(), $recs['widget']); \CRM_Core_DAO_AllCoreTables::registerEntityType('Sprocket', 'CRM_Fake_DAO_Sprocket', 'fake_sprocket'); $sprocketProvider = new \Civi\API\Provider\StaticProvider(3, 'Sprocket', array('id', 'sprocket_type', 'widget_id', 'provider', 'title', 'comment'), array(), $recs['sprocket']); $whitelist = WhitelistRule::createAll($rules); $dispatcher = new EventDispatcher(); $kernel = new Kernel($dispatcher); $kernel->registerApiProvider($sprocketProvider); $kernel->registerApiProvider($widgetProvider); $dispatcher->addSubscriber(new WhitelistSubscriber($whitelist)); $dispatcher->addSubscriber(new ChainSubscriber()); $apiRequest['params']['debug'] = 1; $apiRequest['params']['check_permissions'] = 'whitelist'; $result = $kernel->run($apiRequest['entity'], $apiRequest['action'], $apiRequest['params']); if ($expectSuccess) { $this->assertAPISuccess($result); $this->assertTrue(is_array($apiRequest['expectedResults'])); $this->assertTreeEquals($apiRequest['expectedResults'], $result['values']); } else { $this->assertAPIFailure($result); $this->assertRegExp('/The request does not match any active API authorizations./', $result['error_message']); } }