Merge pull request #14315 from shinde-rahul/block-access-to-contact-i…

…nformation-updated Block access to contact information updated
mautic · Jan 23, 2025 · eb8cc8e · eb8cc8e
2 parents dd5f2f3 + 18f942d
commit eb8cc8e
Show file tree

Hide file tree

Showing 8 changed files with 417 additions and 7 deletions.
diff --git a/app/bundles/CampaignBundle/Controller/CampaignController.php b/app/bundles/CampaignBundle/Controller/CampaignController.php
@@ -164,12 +164,18 @@ public function contactsAction(
         $session = $request->getSession();
         $session->set('mautic.campaign.contact.page', $page);
 
+        $permissions = [
+            'campaign:campaigns:view',
+            'lead:leads:viewown',
+            'lead:leads:viewother',
+        ];
+
         return $this->generateContactsGrid(
             $request,
             $pageHelperFactory,
             $objectId,
             $page,
-            'campaign:campaigns:view',
+            $permissions,
             'campaign',
             'campaign_leads',
             null,

diff --git a/app/bundles/CampaignBundle/Tests/Functional/Controller/CampaignControllerTest.php b/app/bundles/CampaignBundle/Tests/Functional/Controller/CampaignControllerTest.php
@@ -0,0 +1,126 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Mautic\CampaignBundle\Tests\Functional\Controller;
+
+use Doctrine\ORM\Exception\NotSupported;
+use Doctrine\ORM\Exception\ORMException;
+use Doctrine\ORM\OptimisticLockException;
+use Doctrine\Persistence\Mapping\MappingException;
+use Mautic\CampaignBundle\Entity\Campaign;
+use Mautic\CoreBundle\Test\MauticMysqlTestCase;
+use Mautic\CoreBundle\Tests\Functional\CreateTestEntitiesTrait;
+use Mautic\CoreBundle\Tests\Functional\UserEntityTrait;
+use Mautic\LeadBundle\Entity\Lead;
+use Mautic\UserBundle\Entity\User;
+use Mautic\UserBundle\Entity\UserRepository;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\Response;
+
+class CampaignControllerTest extends MauticMysqlTestCase
+{
+    use CreateTestEntitiesTrait;
+    use UserEntityTrait;
+
+    private Lead $contactOne;
+    private Lead $contactTwo;
+    private Lead $contactThree;
+    private Campaign $campaign;
+
+    /**
+     * @throws NotSupported
+     * @throws ORMException
+     * @throws MappingException
+     */
+    public function testContactsGridForValidPermissions(): void
+    {
+        $nonAdminUser = $this->setupCampaignData(38);
+
+        $this->loginOtherUser($nonAdminUser->getUserIdentifier());
+
+        $this->client->request(Request::METHOD_GET, '/s/campaigns/view/'.$this->campaign->getId().'/contact/1');
+        $this->assertEquals(Response::HTTP_OK, $this->client->getResponse()->getStatusCode());
+
+        $content = $this->client->getResponse()->getContent();
+        $this->assertStringContainsString($this->contactOne->getName(), $content);
+        $this->assertStringContainsString($this->contactTwo->getName(), $content);
+        $this->assertStringContainsString($this->contactThree->getName(), $content);
+    }
+
+    /**
+     * @throws OptimisticLockException
+     * @throws MappingException
+     * @throws ORMException
+     * @throws NotSupported
+     */
+    public function testContactsGridWhenIncompleteValidPermissions(): void
+    {
+        $nonAdminUser = $this->setupCampaignData();
+
+        $this->loginOtherUser($nonAdminUser->getUserIdentifier());
+
+        $this->client->request(Request::METHOD_GET, '/s/campaigns/view/'.$this->campaign->getId().'/contact/1');
+        $this->assertEquals(Response::HTTP_OK, $this->client->getResponse()->getStatusCode());
+
+        $content = $this->client->getResponse()->getContent();
+        $this->assertStringContainsString('No Contacts Found', $content, $content);
+    }
+
+    /**
+     * @throws ORMException
+     * @throws MappingException
+     * @throws OptimisticLockException
+     * @throws NotSupported
+     */
+    private function setupCampaignData(int $bitwise = 2): User
+    {
+        /** @var UserRepository $userRepository */
+        $userRepository = $this->em->getRepository(User::class);
+        $adminUser      = $userRepository->findOneBy(['username' => 'admin']);
+
+        // create users
+        $nonAdminUser = $this->createUserWithPermission([
+            'user-name'  => 'non-admin',
+            'email'      => 'non-admin@mautic-test.com',
+            'first-name' => 'non-admin',
+            'last-name'  => 'non-admin',
+            'role'       => [
+                'name'        => 'perm_non_admin',
+                'permissions' => [
+                    'lead:leads'         => $bitwise,
+                    'campaign:campaigns' => 2,
+                ],
+            ],
+        ]);
+
+        // create contacts
+        $this->contactOne   = $this->createLead('John', '', '', $adminUser);
+        $this->contactTwo   = $this->createLead('Alex', '', '', $adminUser);
+        $this->contactThree = $this->createLead('Gemini', '', '', $nonAdminUser);
+
+        // Create Segment
+        $segment = $this->createSegment('seg1', []);
+
+        // Add contacts to segment
+        $this->createListLead($segment, $this->contactOne);
+        $this->createListLead($segment, $this->contactTwo);
+        $this->createListLead($segment, $this->contactThree);
+
+        $this->campaign = $this->createCampaign('Campaign');
+        $this->campaign->addList($segment);
+
+        $this->createEvent('Add 10 points', $this->campaign,
+            'lead.changepoints',
+            'action',
+            ['points' => 10]
+        );
+
+        $this->em->flush();
+        $this->em->clear();
+
+        $this->testSymfonyCommand('mautic:campaigns:update', ['--campaign-id' => $this->campaign->getId(), '-vv']);
+
+        return $nonAdminUser;
+    }
+}
diff --git a/app/bundles/CoreBundle/Tests/Functional/CreateTestEntitiesTrait.php b/app/bundles/CoreBundle/Tests/Functional/CreateTestEntitiesTrait.php
@@ -14,10 +14,11 @@
 use Mautic\LeadBundle\Entity\LeadEventLog;
 use Mautic\LeadBundle\Entity\LeadList;
 use Mautic\LeadBundle\Entity\ListLead;
+use Mautic\UserBundle\Entity\User;
 
 trait CreateTestEntitiesTrait
 {
-    private function createLead(string $firstName, string $lastName = '', string $emailId = ''): Lead
+    private function createLead(string $firstName, string $lastName = '', string $emailId = '', User $createdBy = null): Lead
     {
         $lead = new Lead();
         $lead->setFirstname($firstName);
@@ -30,6 +31,10 @@ private function createLead(string $firstName, string $lastName = '', string $em
             $lead->setEmail($emailId);
         }
 
+        if ($createdBy) {
+            $lead->setCreatedBy($createdBy);
+        }
+
         $this->em->persist($lead);
 
         return $lead;

diff --git a/app/bundles/CoreBundle/Tests/Functional/UserEntityTrait.php b/app/bundles/CoreBundle/Tests/Functional/UserEntityTrait.php
@@ -0,0 +1,84 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Mautic\CoreBundle\Tests\Functional;
+
+use Mautic\UserBundle\Entity\Permission;
+use Mautic\UserBundle\Entity\Role;
+use Mautic\UserBundle\Entity\User;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\PasswordHasher\PasswordHasherInterface;
+
+trait UserEntityTrait
+{
+    private function loginOtherUser(string $name): void
+    {
+        $this->client->request(Request::METHOD_GET, '/s/logout');
+        $this->loginUser($name);
+        $this->client->setServerParameter('PHP_AUTH_USER', $name);
+        $this->client->setServerParameter('PHP_AUTH_PW', 'mautic');
+    }
+
+    /**
+     * @param array<string, mixed> $userDetails
+     */
+    private function createUserWithPermission(array $userDetails): User
+    {
+        $role = $this->createRole($userDetails['role']['name']);
+
+        foreach ($userDetails['role']['permissions'] as $permission => $bitwise) {
+            $this->createPermission($role, $permission, $bitwise);
+        }
+
+        return $this->createUser($userDetails['email'], $userDetails['user-name'], $userDetails['first-name'], $userDetails['last-name'], $role);
+    }
+
+    private function createRole(string $name, bool $isAdmin = false): Role
+    {
+        $role = new Role();
+        $role->setName($name);
+        $role->setIsAdmin($isAdmin);
+
+        $this->em->persist($role);
+
+        return $role;
+    }
+
+    private function createUser(
+        string $email,
+        string $username,
+        string $firstName,
+        string $lastName,
+        ?Role $role,
+    ): User {
+        $user = new User();
+        $user->setEmail($email);
+        $user->setUsername($username);
+        $user->setFirstName($firstName);
+        $user->setLastName($lastName);
+
+        if ($role) {
+            $user->setRole($role);
+        }
+
+        /** @var PasswordHasherInterface $encoder */
+        $encoder = self::getContainer()->get('security.password_hasher_factory')->getPasswordHasher($user);
+        $user->setPassword($encoder->hash('mautic'));
+
+        $this->em->persist($user);
+
+        return $user;
+    }
+
+    private function createPermission(Role $role, string $rawPermission, int $bitwise): void
+    {
+        $parts      = explode(':', $rawPermission);
+        $permission = new Permission();
+        $permission->setBundle($parts[0]);
+        $permission->setName($parts[1]);
+        $permission->setRole($role);
+        $permission->setBitwise($bitwise);
+        $this->em->persist($permission);
+    }
+}
diff --git a/app/bundles/EmailBundle/Controller/EmailController.php b/app/bundles/EmailBundle/Controller/EmailController.php
@@ -1674,12 +1674,19 @@ public function contactsAction(
         $objectId,
         $page = 1
     ) {
+        $permissions = [
+            'lead:leads:viewown',
+            'lead:leads:viewother',
+            'email:emails:viewown',
+            'email:emails:viewother',
+        ];
+
         return $this->generateContactsGrid(
             $request,
             $pageHelperFactory,
             $objectId,
             $page,
-            ['email:emails:viewown', 'email:emails:viewother'],
+            $permissions,
             'email',
             'email_stats',
             'email',