ElggCoreAccessSQLTest.php 7.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214
  1. <?php
  2. /**
  3. * Access SQL tests
  4. *
  5. * @package Elgg
  6. * @subpackage Test
  7. */
  8. class ElggCoreAccessSQLTest extends \ElggCoreUnitTest {
  9. /** @var \ElggUser */
  10. protected $user;
  11. /**
  12. * Called before each test object.
  13. */
  14. public function __construct() {
  15. parent::__construct();
  16. $this->user = new \ElggUser();
  17. $this->user->username = 'fake_user_' . rand();
  18. $this->user->email = 'fake_email@fake.com' . rand();
  19. $this->user->name = 'fake user ' . rand();
  20. $this->user->access_id = ACCESS_PUBLIC;
  21. $this->user->setPassword(rand());
  22. $this->user->owner_guid = 0;
  23. $this->user->container_guid = 0;
  24. $this->user->save();
  25. }
  26. /**
  27. * Called before each test method.
  28. */
  29. public function setUp() {
  30. // Replace current hook service with new instance for each test
  31. $this->original_hooks = _elgg_services()->hooks;
  32. _elgg_services()->hooks = new \Elgg\PluginHooksService();
  33. }
  34. /**
  35. * Called after each test method.
  36. */
  37. public function tearDown() {
  38. // Restore original hook service
  39. _elgg_services()->hooks = $this->original_hooks;
  40. }
  41. /**
  42. * Called after each test object.
  43. */
  44. public function __destruct() {
  45. $this->user->delete();
  46. // all __destruct() code should go above here
  47. parent::__destruct();
  48. }
  49. public function testAdminAccess() {
  50. // we know an admin is logged in when running the tests
  51. $sql = _elgg_get_access_where_sql();
  52. $ans = "((1 = 1) AND (e.enabled = 'yes'))";
  53. $this->assertTrue($this->assertSqlEqual($ans, $sql), "$sql does not match $ans");
  54. }
  55. public function testTurningEnabledOff() {
  56. $sql = _elgg_get_access_where_sql(array('use_enabled_clause' => false));
  57. $ans = "((1 = 1))";
  58. $this->assertTrue($this->assertSqlEqual($ans, $sql), "$sql does not match $ans");
  59. }
  60. public function testNonAdminUser() {
  61. $sql = _elgg_get_access_where_sql(array('user_guid' => $this->user->guid));
  62. $friends_clause = $this->getFriendsClause($this->user->guid, 'e');
  63. $owner_clause = $this->getOwnerClause($this->user->guid, 'e');
  64. $access_clause = $this->getLoggedInAccessListClause('e');
  65. $ans = "(($friends_clause OR $owner_clause OR $access_clause) AND (e.enabled = 'yes'))";
  66. $this->assertTrue($this->assertSqlEqual($ans, $sql), "$sql does not match $ans");
  67. }
  68. public function testCustomTableAlias() {
  69. $sql = _elgg_get_access_where_sql(array(
  70. 'user_guid' => $this->user->guid,
  71. 'table_alias' => 'foo',
  72. ));
  73. $friends_clause = $this->getFriendsClause($this->user->guid, 'foo');
  74. $owner_clause = $this->getOwnerClause($this->user->guid, 'foo');
  75. $access_clause = $this->getLoggedInAccessListClause('foo');
  76. $ans = "(($friends_clause OR $owner_clause OR $access_clause) AND (foo.enabled = 'yes'))";
  77. $this->assertTrue($this->assertSqlEqual($ans, $sql), "$sql does not match $ans");
  78. // test with no alias
  79. $sql = _elgg_get_access_where_sql(array(
  80. 'user_guid' => $this->user->guid,
  81. 'table_alias' => '',
  82. ));
  83. $friends_clause = $this->getFriendsClause($this->user->guid, '');
  84. $owner_clause = $this->getOwnerClause($this->user->guid, '');
  85. $access_clause = $this->getLoggedInAccessListClause('');
  86. $ans = "(($friends_clause OR $owner_clause OR $access_clause) AND (enabled = 'yes'))";
  87. $this->assertTrue($this->assertSqlEqual($ans, $sql), "$sql does not match $ans");
  88. }
  89. public function testCustomOwnerGuidColumn() {
  90. $sql = _elgg_get_access_where_sql(array(
  91. 'user_guid' => $this->user->guid,
  92. 'owner_guid_column' => 'unit_test',
  93. ));
  94. $friends_clause = $this->getFriendsClause($this->user->guid, 'e', 'unit_test');
  95. $owner_clause = $this->getOwnerClause($this->user->guid, 'e', 'unit_test');
  96. $access_clause = $this->getLoggedInAccessListClause('e');
  97. $ans = "(($friends_clause OR $owner_clause OR $access_clause) AND (e.enabled = 'yes'))";
  98. $this->assertTrue($this->assertSqlEqual($ans, $sql), "$sql does not match $ans");
  99. }
  100. public function testLoggedOutUser() {
  101. $originalSession = _elgg_services()->session;
  102. _elgg_services()->setValue('session', \ElggSession::getMock());
  103. $sql = _elgg_get_access_where_sql();
  104. $access_clause = $this->getLoggedOutAccessListClause('e');
  105. $ans = "(($access_clause) AND (e.enabled = 'yes'))";
  106. $this->assertTrue($this->assertSqlEqual($ans, $sql), "$sql does not match $ans");
  107. _elgg_services()->setValue('session', $originalSession);
  108. }
  109. public function testAccessPluginHookRemoveEnabled() {
  110. elgg_register_plugin_hook_handler('get_sql', 'access', array($this, 'removeEnabledCallback'));
  111. $sql = _elgg_get_access_where_sql();
  112. $ans = "((1 = 1))";
  113. $this->assertTrue($this->assertSqlEqual($ans, $sql), "$sql does not match $ans");
  114. }
  115. public function removeEnabledCallback($hook, $type, $clauses, $params) {
  116. $clauses['ands'] = array();
  117. return $clauses;
  118. }
  119. public function testAccessPluginHookRemoveOrs() {
  120. elgg_register_plugin_hook_handler('get_sql', 'access', array($this, 'removeOrsCallback'));
  121. $sql = _elgg_get_access_where_sql();
  122. $ans = "((e.enabled = 'yes'))";
  123. $this->assertTrue($this->assertSqlEqual($ans, $sql), "$sql does not match $ans");
  124. }
  125. public function removeOrsCallback($hook, $type, $clauses, $params) {
  126. $clauses['ors'] = array();
  127. return $clauses;
  128. }
  129. public function testAccessPluginHookAddOr() {
  130. elgg_register_plugin_hook_handler('get_sql', 'access', array($this, 'addOrCallback'));
  131. $sql = _elgg_get_access_where_sql();
  132. $ans = "((1 = 1 OR 57 > 32) AND (e.enabled = 'yes'))";
  133. $this->assertTrue($this->assertSqlEqual($ans, $sql), "$sql does not match $ans");
  134. }
  135. public function addOrCallback($hook, $type, $clauses, $params) {
  136. $clauses['ors'][] = '57 > 32';
  137. return $clauses;
  138. }
  139. public function testAccessPluginHookAddAnd() {
  140. elgg_register_plugin_hook_handler('get_sql', 'access', array($this, 'addAndCallback'));
  141. $sql = _elgg_get_access_where_sql();
  142. $ans = "((1 = 1) AND (e.enabled = 'yes' AND 57 > 32))";
  143. $this->assertTrue($this->assertSqlEqual($ans, $sql), "$sql does not match $ans");
  144. }
  145. public function addAndCallback($hook, $type, $clauses, $params) {
  146. $clauses['ands'][] = '57 > 32';
  147. return $clauses;
  148. }
  149. protected function assertSqlEqual($sql1, $sql2) {
  150. $sql1 = preg_replace('/\s+/', '', $sql1);
  151. $sql2 = preg_replace('/\s+/', '', $sql2);
  152. return $sql1 === $sql2;
  153. }
  154. protected function getFriendsClause($user_guid, $table_alias, $owner_guid = 'owner_guid') {
  155. global $CONFIG;
  156. $table_alias = $table_alias ? $table_alias . '.' : '';
  157. return "{$table_alias}access_id = " . ACCESS_FRIENDS . "
  158. AND {$table_alias}{$owner_guid} IN (
  159. SELECT guid_one FROM {$CONFIG->dbprefix}entity_relationships
  160. WHERE relationship = 'friend' AND guid_two = $user_guid
  161. )";
  162. }
  163. protected function getOwnerClause($user_guid, $table_alias, $owner_guid = 'owner_guid') {
  164. $table_alias = $table_alias ? $table_alias . '.' : '';
  165. return "{$table_alias}{$owner_guid} = $user_guid";
  166. }
  167. protected function getLoggedInAccessListClause($table_alias) {
  168. $table_alias = $table_alias ? $table_alias . '.' : '';
  169. return "{$table_alias}access_id IN (2,1)";
  170. }
  171. protected function getLoggedOutAccessListClause($table_alias) {
  172. $table_alias = $table_alias ? $table_alias . '.' : '';
  173. return "{$table_alias}access_id IN (2)";
  174. }
  175. }