Fixes #3543. Ported access collections fix to master.

1 files changed, 269 insertions, 0 deletions

diff --git a/engine/tests/api/access_collections.php b/engine/tests/api/access_collections.php
new file mode 100644
index 000000000..1e61c45bb
--- /dev/null
+++ b/engine/tests/api/access_collections.php
@@ -0,0 +1,269 @@
+<?php
+/**
+ * Access Collections tests
+ *
+ * @package Elgg
+ * @subpackage Test
+ */
+class ElggCoreAccessCollectionsTest extends ElggCoreUnitTest {
+
+	/**
+	 * Called before each test object.
+	 */
+	public function __construct() {
+		parent::__construct();
+
+		$this->dbPrefix = get_config("dbprefix");
+
+		$user = new ElggUser();
+		$user->username = 'test_user_' . rand();
+		$user->email = 'fake_email@fake.com' . rand();
+		$user->name = 'fake user';
+		$user->access_id = ACCESS_PUBLIC;
+		$user->salt = generate_random_cleartext_password();
+		$user->password = generate_user_password($user, rand());
+		$user->owner_guid = 0;
+		$user->container_guid = 0;
+		$user->save();
+
+		$this->user = $user;
+	}
+
+	/**
+	 * Called before each test method.
+	 */
+	public function setUp() {
+
+	}
+
+	/**
+	 * Called after each test method.
+	 */
+	public function tearDown() {
+		// do not allow SimpleTest to interpret Elgg notices as exceptions
+		$this->swallowErrors();
+	}
+
+	/**
+	 * Called after each test object.
+	 */
+	public function __destruct() {
+		// all __destruct() code should go above here
+		$this->user->delete();
+		parent::__destruct();
+	}
+
+	public function testCreateGetDeleteACL() {
+		global $DB_QUERY_CACHE;
+		
+		$acl_name = 'test access collection';
+		$acl_id = create_access_collection($acl_name);
+
+		$this->assertTrue(is_int($acl_id));
+
+		$q = "SELECT * FROM {$this->dbPrefix}access_collections WHERE id = $acl_id";
+		$acl = get_data_row($q);
+
+		$this->assertEqual($acl->id, $acl_id);
+
+		if ($acl) {
+			$DB_QUERY_CACHE = array();
+			
+			$this->assertEqual($acl->name, $acl_name);
+
+			$result = delete_access_collection($acl_id);
+			$this->assertTrue($result);
+
+			$q = "SELECT * FROM {$this->dbPrefix}access_collections WHERE id = $acl_id";
+			$data = get_data($q);
+			$this->assertFalse($data);
+		}
+	}
+
+	public function testAddRemoveUserToACL() {
+		$acl_id = create_access_collection('test acl');
+
+		$result = add_user_to_access_collection($this->user->guid, $acl_id);
+		$this->assertTrue($result);
+
+		if ($result) {
+			$result = remove_user_from_access_collection($this->user->guid, $acl_id);
+			$this->assertTrue($result);
+		}
+
+		delete_access_collection($acl_id);
+	}
+
+	public function testUpdateACL() {
+		// another fake user to test with
+		$user = new ElggUser();
+		$user->username = 'test_user_' . rand();
+		$user->email = 'fake_email@fake.com' . rand();
+		$user->name = 'fake user';
+		$user->access_id = ACCESS_PUBLIC;
+		$user->salt = generate_random_cleartext_password();
+		$user->password = generate_user_password($user, rand());
+		$user->owner_guid = 0;
+		$user->container_guid = 0;
+		$user->save();
+
+		$acl_id = create_access_collection('test acl');
+
+		$member_lists = array(
+			// adding
+			array(
+				$this->user->guid,
+				$user->guid
+			),
+			// removing one, keeping one.
+			array(
+				$user->guid
+			),
+			// removing one, adding one
+			array(
+				$this->user->guid,
+			),
+			// removing all.
+			array()
+		);
+
+		foreach ($member_lists as $members) {
+			$result = update_access_collection($acl_id, $members);
+			$this->assertTrue($result);
+
+			if ($result) {
+				$q = "SELECT * FROM {$this->dbPrefix}access_collection_membership
+					WHERE access_collection_id = $acl_id";
+				$data = get_data($q);
+
+				if (count($members) == 0) {
+					$this->assertFalse($data);
+				} else {
+					$this->assertEqual(count($members), count($data));
+				}
+				foreach ($data as $row) {
+					$this->assertTrue(in_array($row->user_guid, $members));
+				}
+			}
+		}
+
+		delete_access_collection($acl_id);
+		$user->delete();
+	}
+
+	public function testCanEditACL() {
+		$acl_id = create_access_collection('test acl', $this->user->guid);
+
+		// should be true since it's the owner
+		$result = can_edit_access_collection($acl_id, $this->user->guid);
+		$this->assertTrue($result);
+
+		// should be true since IA is on.
+		$ia = elgg_set_ignore_access(true);
+		$result = can_edit_access_collection($acl_id);
+		$this->assertTrue($result);
+		elgg_set_ignore_access($ia);
+
+		// should be false since IA is off
+		$ia = elgg_set_ignore_access(false);
+		$result = can_edit_access_collection($acl_id);
+		$this->assertFalse($result);
+		elgg_set_ignore_access($ia);
+
+		delete_access_collection($acl_id);
+	}
+
+	public function testCanEditACLHook() {
+		// if only we supported closures!
+		global $acl_test_info;
+
+		$acl_id = create_access_collection('test acl');
+
+		$acl_test_info = array(
+			'acl_id' => $acl_id,
+			'user' => $this->user
+		);
+		
+		function test_acl_access_hook($hook, $type, $value, $params) {
+			global $acl_test_info;
+			if ($params['user_id'] == $acl_test_info['user']->guid) {
+				$acl = get_access_collection($acl_test_info['acl_id']);
+				$value[$acl->id] = $acl->name;
+			}
+
+			return $value;
+		}
+
+		register_plugin_hook('access:collections:write', 'all', 'test_acl_access_hook');
+
+		// enable security since we usually run as admin
+		$ia = elgg_set_ignore_access(false);
+		$result = can_edit_access_collection($acl_id, $this->user->guid);
+		$this->assertTrue($result);
+		$ia = elgg_set_ignore_access($ia);
+
+		unregister_plugin_hook('access:collections:write', 'all', 'test_acl_access_hook');
+	}
+
+	// groups interface
+	// only runs if the groups plugin is enabled because implementation is split between
+	// core and the plugin.
+	public function testCreateDeleteGroupACL() {
+		if (!is_plugin_enabled('groups')) {
+			return;
+		}
+		
+		$group = new ElggGroup();
+		$group->name = 'Test group';
+		$group->save();
+		$acl = get_access_collection($group->group_acl);
+
+		// ACLs are owned by groups
+		$this->assertEqual($acl->owner_guid, $group->guid);
+
+		// removing group and acl
+		$this->assertTrue($group->delete());
+		
+		$acl = get_access_collection($group->group_acl);
+		$this->assertFalse($acl);
+
+		$group->delete();
+	}
+
+	public function testJoinLeaveGroupACL() {
+		if (!is_plugin_enabled('groups')) {
+			return;
+		}
+
+		$group = new ElggGroup();
+		$group->name = 'Test group';
+		$group->save();
+
+		$result = $group->join($this->user);
+		$this->assertTrue($result);
+
+		// disable security since we run as admin
+		$ia = elgg_set_ignore_access(false);
+
+		// need to set the page owner to emulate being in a group context.
+		// this is kinda hacky.
+		elgg_set_page_owner_guid($group->getGUID());
+
+		if ($result) {
+			$can_edit = can_edit_access_collection($group->group_acl, $this->user->guid);
+			$this->assertTrue($can_edit);
+		}
+
+		$result = $group->leave($this->user);
+		$this->assertTrue($result);
+
+		if ($result) {
+			$can_edit = can_edit_access_collection($group->group_acl, $this->user->guid);
+			$this->assertFalse($can_edit);
+		}
+
+		 elgg_set_ignore_access($ia);
+
+		$group->delete();
+	}
+}