Merge pull request #10175 from hypeJunction/notif-access-test

chore(tests): test entity accessibility in the notifications flow
Elgg · Sep 8, 2016 · c1369cf · c1369cf
2 parents 353a1ef + e05d78f
commit c1369cf
Show file tree

Hide file tree

Showing 2 changed files with 49 additions and 4 deletions.
diff --git a/engine/classes/Elgg/Database/AccessCollections.php b/engine/classes/Elgg/Database/AccessCollections.php
@@ -317,8 +317,10 @@ function getWhereSql(array $options = array()) {
 	 * @return bool
 	 */
 	function hasAccessToEntity($entity, $user = null) {
-
-
+		if (!$entity instanceof \ElggEntity) {
+			return false;
+		}
+
 		// See #7159. Must not allow ignore access to affect query
 		$ia = elgg_set_ignore_access(false);
 

diff --git a/engine/tests/ElggCoreAccessSQLTest.php b/engine/tests/ElggCoreAccessSQLTest.php
@@ -33,15 +33,15 @@ public function __construct() {
 	public function setUp() {
 		// Replace current hook service with new instance for each test
 		$this->original_hooks = _elgg_services()->hooks;
-		_elgg_services()->hooks = new \Elgg\PluginHooksService();
+		_elgg_services()->setValue('hooks', new \Elgg\PluginHooksService());
 	}
 
 	/**
 	 * Called after each test method.
 	 */
 	public function tearDown() {
 		// Restore original hook service
-		_elgg_services()->hooks = $this->original_hooks;
+		_elgg_services()->setValue('hooks', $this->original_hooks);
 	}
 
 	/**
@@ -175,6 +175,49 @@ public function testAccessPluginHookAddAnd() {
 		$this->assertTrue($this->assertSqlEqual($ans, $sql), "$sql does not match $ans");
 	}
 
+	public function testHasAccessToEntity() {
+		$session = elgg_get_session();
+		$test_user = $session->getLoggedInUser();
+
+		$object = new ElggObject();
+		$object->access_id = ACCESS_PRIVATE;
+		$object->save();
+
+		$session->removeLoggedInUser();
+		$this->assertFalse(has_access_to_entity($object));
+		$this->assertFalse(has_access_to_entity($object, $this->user));
+		$session->setLoggedInUser($test_user);
+
+		$object->access_id = ACCESS_PUBLIC;
+		$object->save();
+
+		$session->removeLoggedInUser();
+		$this->assertTrue(has_access_to_entity($object));
+		$this->assertTrue(has_access_to_entity($object, $this->user));
+		$session->setLoggedInUser($test_user);
+
+		$object->access_id = ACCESS_LOGGED_IN;
+		$object->save();
+
+		$session->removeLoggedInUser();
+		$this->assertFalse(has_access_to_entity($object));
+		$this->assertTrue(has_access_to_entity($object, $this->user));
+		$session->setLoggedInUser($test_user);
+
+		$test_user->addFriend($this->user->guid);
+
+		$object->access_id = ACCESS_FRIENDS;
+		$object->save();
+
+		$session->removeLoggedInUser();
+		$this->assertFalse(has_access_to_entity($object));
+		$this->assertTrue(has_access_to_entity($object, $this->user));
+		$session->setLoggedInUser($test_user);
+
+		$test_user->removeFriend($this->user->guid);
+		$object->delete();
+	}
+
 	public function addAndCallback($hook, $type, $clauses, $params) {
 		$clauses['ands'][] = '57 > 32';
 		return $clauses;