From 43977034ada69280c962cff0c4c43990c3716f60 Mon Sep 17 00:00:00 2001
From: Dominic Tubach <tubach@systopia.de>
Date: Tue, 10 Sep 2024 15:57:48 +0200
Subject: [PATCH] Remove default entity profile

The default profile might allow users to see cases they aren't allowed
to see.
---
 remote_case.php                                  |  9 +++------
 tests/phpunit/Civi/Api4/RemoteCaseTest.php       | 16 ++++++++--------
 .../RemoteCase/RemoteCaseTestEntityProfile.php   |  4 ++--
 tests/phpunit/bootstrap.php                      |  3 +++
 4 files changed, 16 insertions(+), 16 deletions(-)
 rename Civi/RemoteCase/RemoteCaseDefaultEntityProfile.php => tests/phpunit/Civi/RemoteCase/RemoteCaseTestEntityProfile.php (89%)

diff --git a/remote_case.php b/remote_case.php
index 20dfe84..4761a42 100644
--- a/remote_case.php
+++ b/remote_case.php
@@ -6,10 +6,8 @@
 // phpcs:enable
 
 use Civi\RemoteCase\Api4\Permissions;
-use Civi\RemoteCase\RemoteCaseDefaultEntityProfile;
-use Civi\RemoteTools\EntityProfile\ReadOnlyRemoteEntityProfile;
-use Symfony\Component\DependencyInjection\ContainerBuilder;
 use CRM_RemoteCase_ExtensionUtil as E;
+use Symfony\Component\DependencyInjection\ContainerBuilder;
 
 /**
  * Implements hook_civicrm_config().
@@ -24,9 +22,8 @@ function remote_case_civicrm_config(\CRM_Core_Config $config): void {
  * Implements hook_civicrm_container().
  */
 function remote_case_civicrm_container(ContainerBuilder $container): void {
-  if (class_exists(ReadOnlyRemoteEntityProfile::class)) {
-    $container->autowire(RemoteCaseDefaultEntityProfile::class)
-      ->addTag(RemoteCaseDefaultEntityProfile::SERVICE_TAG);
+  if (function_exists('_remote_case_test_civicrm_container')) {
+    _remote_case_test_civicrm_container($container);
   }
 }
 
diff --git a/tests/phpunit/Civi/Api4/RemoteCaseTest.php b/tests/phpunit/Civi/Api4/RemoteCaseTest.php
index 6e5ad17..517538e 100644
--- a/tests/phpunit/Civi/Api4/RemoteCaseTest.php
+++ b/tests/phpunit/Civi/Api4/RemoteCaseTest.php
@@ -26,7 +26,7 @@
 
 /**
  * @covers \Civi\Api4\RemoteCase
- * @covers \Civi\RemoteCase\RemoteCaseDefaultEntityProfile
+ * @covers \Civi\RemoteCase\RemoteCaseTestEntityProfile
  *
  * @group headless
  */
@@ -36,7 +36,7 @@ public function testDelete(): void {
     $contact = ContactFixture::addIndividual();
     $case = CaseFixture::addFixture($contact['id']);
     $result = RemoteCase::delete()
-      ->setProfile('default')
+      ->setProfile('test')
       ->addWhere('id', '=', $case['id'])
       ->execute();
 
@@ -45,7 +45,7 @@ public function testDelete(): void {
 
   public function testGet(): void {
     $result = RemoteCase::get()
-      ->setProfile('default')
+      ->setProfile('test')
       ->execute();
 
     static::assertCount(0, $result);
@@ -53,7 +53,7 @@ public function testGet(): void {
     $contact = ContactFixture::addIndividual();
     $case = CaseFixture::addFixture($contact['id']);
     $result = RemoteCase::get()
-      ->setProfile('default')
+      ->setProfile('test')
       ->addSelect('*', 'CAN_delete', 'CAN_update')
       ->execute();
 
@@ -63,7 +63,7 @@ public function testGet(): void {
     static::assertFalse($result->single()['CAN_update']);
 
     $result = RemoteCase::get()
-      ->setProfile('default')
+      ->setProfile('test')
       ->addWhere('id', '!=', $case['id'])
       ->execute();
 
@@ -79,13 +79,13 @@ public function testGetActions(): void {
   public function testGetCreateForm(): void {
     $this->expectException(UnauthorizedException::class);
     RemoteCase::getCreateForm()
-      ->setProfile('default')
+      ->setProfile('test')
       ->execute();
   }
 
   public function testGetFields(): void {
     $result = RemoteCase::getFields()
-      ->setProfile('default')
+      ->setProfile('test')
       ->addSelect('*', 'CAN_delete', 'CAN_update')
       ->execute();
 
@@ -100,7 +100,7 @@ public function testGetUpdateForm(): void {
     $case = CaseFixture::addFixture($contact['id']);
     $this->expectException(UnauthorizedException::class);
     RemoteCase::getUpdateForm()
-      ->setProfile('default')
+      ->setProfile('test')
       ->setId($case['id'])
       ->execute();
   }
diff --git a/Civi/RemoteCase/RemoteCaseDefaultEntityProfile.php b/tests/phpunit/Civi/RemoteCase/RemoteCaseTestEntityProfile.php
similarity index 89%
rename from Civi/RemoteCase/RemoteCaseDefaultEntityProfile.php
rename to tests/phpunit/Civi/RemoteCase/RemoteCaseTestEntityProfile.php
index 495e766..cd99378 100644
--- a/Civi/RemoteCase/RemoteCaseDefaultEntityProfile.php
+++ b/tests/phpunit/Civi/RemoteCase/RemoteCaseTestEntityProfile.php
@@ -21,9 +21,9 @@
 
 use Civi\RemoteTools\EntityProfile\ReadOnlyRemoteEntityProfile;
 
-final class RemoteCaseDefaultEntityProfile extends ReadOnlyRemoteEntityProfile {
+final class RemoteCaseTestEntityProfile extends ReadOnlyRemoteEntityProfile {
 
-  public const NAME = 'default';
+  public const NAME = 'test';
 
   public const ENTITY_NAME = 'Case';
 
diff --git a/tests/phpunit/bootstrap.php b/tests/phpunit/bootstrap.php
index 27604b7..946782a 100644
--- a/tests/phpunit/bootstrap.php
+++ b/tests/phpunit/bootstrap.php
@@ -1,6 +1,7 @@
 <?php
 declare(strict_types = 1);
 
+use Civi\RemoteCase\RemoteCaseTestEntityProfile;
 use Composer\Autoload\ClassLoader;
 use Symfony\Component\DependencyInjection\ContainerBuilder;
 
@@ -52,6 +53,8 @@
  * Modify DI container for tests.
  */
 function _remote_case_test_civicrm_container(ContainerBuilder $container): void {
+  $container->autowire(RemoteCaseTestEntityProfile::class)
+    ->addTag(RemoteCaseTestEntityProfile::SERVICE_TAG);
 }
 
 function addExtensionToClassLoader(string $extension): void {