Files
moodle/admin/tool/dataprivacy/tests/external_test.php
T
David Monllao 5efc1f9e64 MDL-61899 tool_dataprivacy: Subject access requests tool
This commit is composed of different issues, most of them under
MDL-61306:
- MDL-61888, MDL-61785, MDL-61830, MDL-61874, MDL-59720,
  MDL-61486, MDL-61697, MDL-61798, MDL-61685, MDL-61682,
  MDL-61684, MDL-61618, MDL-61681, MDL-61680, MDL-61487,
  MDL-61499, MDL-61500, MDL-61362 and MDL-59718

Contributions to this patch by:
- Jun Pataleta
- David Monllao
- Andrew Nicols
- Adrian B. Greeve
- Jake Dallimore
- Sara Arjona
2018-04-18 18:14:23 +02:00

286 lines
11 KiB
PHP

<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
/**
* External tests.
*
* @package tool_dataprivacy
* @copyright 2018 Jun Pataleta
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
defined('MOODLE_INTERNAL') || die();
global $CFG;
require_once($CFG->dirroot . '/webservice/tests/helpers.php');
use tool_dataprivacy\api;
use tool_dataprivacy\external;
/**
* External testcase.
*
* @package tool_dataprivacy
* @copyright 2018 Jun Pataleta
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
class tool_dataprivacy_external_testcase extends externallib_advanced_testcase {
/** @var stdClass The user making the request. */
protected $requester;
/** @var int The data request ID. */
protected $requestid;
/**
* Setup function- we will create a course and add an assign instance to it.
*/
protected function setUp() {
$this->resetAfterTest();
$generator = new testing_data_generator();
$requester = $generator->create_user();
$comment = 'sample comment';
// Login as user.
$this->setUser($requester->id);
// Test data request creation.
$datarequest = api::create_data_request($requester->id, api::DATAREQUEST_TYPE_EXPORT, $comment);
$this->requestid = $datarequest->get('id');
$this->requester = $requester;
// Log out the user and set force login to true.
$this->setUser();
}
/**
* Test for external::approve_data_request() with the user not logged in.
*/
public function test_approve_data_request_not_logged_in() {
$this->expectException(require_login_exception::class);
external::approve_data_request($this->requestid);
}
/**
* Test for external::approve_data_request() with the user not having a DPO role.
*/
public function test_approve_data_request_not_dpo() {
// Login as the requester.
$this->setUser($this->requester->id);
$this->expectException(required_capability_exception::class);
external::approve_data_request($this->requestid);
}
/**
* Test for external::approve_data_request() for request that's not ready for approval
*/
public function test_approve_data_request_not_waiting_for_approval() {
// Admin as DPO. (The default when no one's assigned as a DPO in the site).
$this->setAdminUser();
$this->expectException(moodle_exception::class);
external::approve_data_request($this->requestid);
}
/**
* Test for external::approve_data_request()
*/
public function test_approve_data_request() {
// Admin as DPO. (The default when no one's assigned as a DPO in the site).
$this->setAdminUser();
api::update_request_status($this->requestid, api::DATAREQUEST_STATUS_AWAITING_APPROVAL);
$result = external::approve_data_request($this->requestid);
$return = (object) external_api::clean_returnvalue(external::approve_data_request_returns(), $result);
$this->assertTrue($return->result);
$this->assertEmpty($return->warnings);
}
/**
* Test for external::approve_data_request() for a non-existent request ID.
*/
public function test_approve_data_request_non_existent() {
// Admin as DPO. (The default when no one's assigned as a DPO in the site).
$this->setAdminUser();
api::update_request_status($this->requestid, api::DATAREQUEST_STATUS_AWAITING_APPROVAL);
$result = external::approve_data_request($this->requestid + 1);
$return = (object) external_api::clean_returnvalue(external::approve_data_request_returns(), $result);
$this->assertFalse($return->result);
$this->assertCount(1, $return->warnings);
$warning = reset($return->warnings);
$this->assertEquals('errorrequestnotfound', $warning['warningcode']);
}
/**
* Test for external::cancel_data_request() of another user.
*/
public function test_cancel_data_request_other_user() {
$generator = $this->getDataGenerator();
$otheruser = $generator->create_user();
// Login as another user.
$this->setUser($otheruser);
$result = external::cancel_data_request($this->requestid);
$return = (object) external_api::clean_returnvalue(external::approve_data_request_returns(), $result);
$this->assertFalse($return->result);
$this->assertCount(1, $return->warnings);
$warning = reset($return->warnings);
$this->assertEquals('errorrequestnotfound', $warning['warningcode']);
}
/**
* Test for external::cancel_data_request()
*/
public function test_cancel_data_request() {
// Login as the requester.
$this->setUser($this->requester);
$result = external::cancel_data_request($this->requestid);
$return = (object) external_api::clean_returnvalue(external::approve_data_request_returns(), $result);
$this->assertTrue($return->result);
$this->assertEmpty($return->warnings);
}
/**
* Test contact DPO.
*/
public function test_contact_dpo() {
$generator = $this->getDataGenerator();
$user = $generator->create_user();
$this->setUser($user);
$message = 'Hello world!';
$result = external::contact_dpo($message);
$return = (object) external_api::clean_returnvalue(external::contact_dpo_returns(), $result);
$this->assertTrue($return->result);
$this->assertEmpty($return->warnings);
}
/**
* Test contact DPO with message containing invalid input.
*/
public function test_contact_dpo_with_nasty_input() {
$generator = $this->getDataGenerator();
$user = $generator->create_user();
$this->setUser($user);
$this->expectException('invalid_parameter_exception');
external::contact_dpo('de<>\\..scription');
}
/**
* Test for external::deny_data_request() with the user not logged in.
*/
public function test_deny_data_request_not_logged_in() {
$this->expectException(require_login_exception::class);
external::deny_data_request($this->requestid);
}
/**
* Test for external::deny_data_request() with the user not having a DPO role.
*/
public function test_deny_data_request_not_dpo() {
// Login as the requester.
$this->setUser($this->requester->id);
$this->expectException(required_capability_exception::class);
external::deny_data_request($this->requestid);
}
/**
* Test for external::deny_data_request() for request that's not ready for approval
*/
public function test_deny_data_request_not_waiting_for_approval() {
// Admin as DPO. (The default when no one's assigned as a DPO in the site).
$this->setAdminUser();
$this->expectException(moodle_exception::class);
external::deny_data_request($this->requestid);
}
/**
* Test for external::deny_data_request()
*/
public function test_deny_data_request() {
// Admin as DPO. (The default when no one's assigned as a DPO in the site).
$this->setAdminUser();
api::update_request_status($this->requestid, api::DATAREQUEST_STATUS_AWAITING_APPROVAL);
$result = external::approve_data_request($this->requestid);
$return = (object) external_api::clean_returnvalue(external::deny_data_request_returns(), $result);
$this->assertTrue($return->result);
$this->assertEmpty($return->warnings);
}
/**
* Test for external::deny_data_request() for a non-existent request ID.
*/
public function test_deny_data_request_non_existent() {
// Admin as DPO. (The default when no one's assigned as a DPO in the site).
$this->setAdminUser();
api::update_request_status($this->requestid, api::DATAREQUEST_STATUS_AWAITING_APPROVAL);
$result = external::deny_data_request($this->requestid + 1);
$return = (object) external_api::clean_returnvalue(external::deny_data_request_returns(), $result);
$this->assertFalse($return->result);
$this->assertCount(1, $return->warnings);
$warning = reset($return->warnings);
$this->assertEquals('errorrequestnotfound', $warning['warningcode']);
}
/**
* Test for external::get_data_request() with the user not logged in.
*/
public function test_get_data_request_not_logged_in() {
$this->expectException(require_login_exception::class);
external::get_data_request($this->requestid);
}
/**
* Test for external::get_data_request() with the user not having a DPO role.
*/
public function test_get_data_request_not_dpo() {
$generator = $this->getDataGenerator();
$otheruser = $generator->create_user();
// Login as the requester.
$this->setUser($otheruser);
$this->expectException(required_capability_exception::class);
external::get_data_request($this->requestid);
}
/**
* Test for external::get_data_request()
*/
public function test_get_data_request() {
// Admin as DPO. (The default when no one's assigned as a DPO in the site).
$this->setAdminUser();
$result = external::get_data_request($this->requestid);
$return = (object) external_api::clean_returnvalue(external::get_data_request_returns(), $result);
$this->assertEquals(api::DATAREQUEST_TYPE_EXPORT, $return->result['type']);
$this->assertEquals('sample comment', $return->result['comments']);
$this->assertEquals($this->requester->id, $return->result['userid']);
$this->assertEquals($this->requester->id, $return->result['requestedby']);
$this->assertEmpty($return->warnings);
}
/**
* Test for external::get_data_request() for a non-existent request ID.
*/
public function test_get_data_request_non_existent() {
// Admin as DPO. (The default when no one's assigned as a DPO in the site).
$this->setAdminUser();
$this->expectException(dml_missing_record_exception::class);
external::get_data_request($this->requestid + 1);
}
}