Merge branch 'pr/3318'

* pr/3318: auth_ismanager: fix group check on PHP8 Simplify code for checking user groups Fix groups match in auth_ismanager and auth_isadmin
2021-05-06 09:32:50 +02:00 · 2021-05-06 09:32:50 +02:00 · ffe9e8ace2
parent 8180f91a44 6cf7b139ca
commit ffe9e8ace2
2 changed files with 80 additions and 2 deletions
--- a/_test/tests/inc/auth_admincheck.test.php
+++ b/_test/tests/inc/auth_admincheck.test.php
@ -27,6 +27,26 @@ class auth_admin_test extends DokuWikiTest
        $auth = new AuthCaseInsensitivePlugin();
    }

+    public function authenticateAdmin()
+    {
+        global $USERINFO;
+        $_SERVER['REMOTE_USER'] = 'testadmin';
+        $USERINFO['grps'] = ['admin', 'foo', 'bar'];
+
+        global $auth;
+        $auth = new \auth_plugin_authplain();
+    }
+
+    public function authenticateNonadmin()
+    {
+        global $USERINFO;
+        $_SERVER['REMOTE_USER'] = 'testuser';
+        $USERINFO['grps'] = ['foo', 'bar'];
+
+        global $auth;
+        $auth = new \auth_plugin_authplain();
+    }
+
    function tearDown() : void
    {
        global $auth;
@ -126,4 +146,56 @@ class auth_admin_test extends DokuWikiTest
        $this->assertTrue(auth_ismanager('Doe', array('admin'), true, true));
    }

+    public function test_ismanager_authenticated_admin()
+    {
+        $this->authenticateAdmin();
+
+        global $conf;
+        $conf['superuser'] = '@admin';
+        $conf['manager'] = '@managers';
+
+        global $auth;
+        $auth->createUser(
+            'alice',
+            '179ad45c6ce2cb97cf1029e212046e81',
+            'Alice',
+            'alice@example.com',
+            [
+                'foo'
+            ]
+        );
+        $auth->createUser(
+            'bob',
+            '179ad45c6ce2cb97cf1029e212046e81',
+            'Robert',
+            'bob@example.com',
+            [
+                'managers'
+            ]
+        );
+
+        $this->assertFalse(auth_ismanager('alice', null, false, true));
+        $this->assertTrue(auth_ismanager('bob', null, false, true));
+    }
+
+    public function test_isadmin_authenticated_nonadmin()
+    {
+        $this->authenticateNonadmin();
+
+        global $conf;
+        $conf['superuser'] = '@admin';
+
+        global $auth;
+        $auth->createUser(
+            'camilla',
+            '179ad45c6ce2cb97cf1029e212046e81',
+            'Camilla',
+            'camilla@example.com',
+            [
+                'admin'
+            ]
+        );
+
+        $this->assertTrue(auth_ismanager('camilla', null, true, true));
+    }
 }
--- a/inc/auth.php
+++ b/inc/auth.php
@ -469,8 +469,14 @@ function auth_ismanager($user = null, $groups = null, $adminonly = false, $recac
            $user = $INPUT->server->str('REMOTE_USER');
        }
    }
-    if(is_null($groups)) {
-        $groups = $USERINFO ? (array) $USERINFO['grps'] : array();
+    if (is_null($groups)) {
+        // checking the logged in user, or another one?
+        if ($USERINFO && $user === $INPUT->server->str('REMOTE_USER')) {
+            $groups =  (array) $USERINFO['grps'];
+        } else {
+            $groups = $auth->getUserData($user);
+            $groups = $groups ? $groups['grps'] : [];
+        }
    }

    // prefer cached result