125 lines
5.4 KiB
PHP
125 lines
5.4 KiB
PHP
<?php
|
|
|
|
use dokuwiki\test\mock\AuthCaseInsensitivePlugin;
|
|
|
|
class auth_acl_caseinsensitive_test extends DokuWikiTest {
|
|
protected $oldAuth;
|
|
protected $oldAuthAcl;
|
|
|
|
function setUp() {
|
|
parent::setUp();
|
|
global $auth;
|
|
global $AUTH_ACL;
|
|
|
|
$this->oldAuth = $auth;
|
|
$this->oldAuthAcl = $AUTH_ACL;
|
|
|
|
$auth = new AuthCaseInsensitivePlugin();
|
|
}
|
|
|
|
function tearDown() {
|
|
global $conf;
|
|
global $AUTH_ACL;
|
|
global $auth;
|
|
|
|
$auth = $this->oldAuth;
|
|
$AUTH_ACL = $this->oldAuthAcl;
|
|
}
|
|
|
|
function test_multiadmin_restricted_ropage() {
|
|
global $conf;
|
|
global $AUTH_ACL;
|
|
|
|
$conf['superuser'] = 'John,doe,@Admin1,@admin2';
|
|
$conf['useacl'] = 1;
|
|
|
|
$AUTH_ACL = array(
|
|
'* @ALL 0',
|
|
'* @Group1 8',
|
|
'* @group2 8',
|
|
'namespace:page @Group1 1',
|
|
'namespace:page @group2 1',
|
|
);
|
|
|
|
// anonymous user
|
|
$this->assertEquals(auth_aclcheck('page', '', array()), AUTH_NONE);
|
|
$this->assertEquals(auth_aclcheck('namespace:page', '', array()), AUTH_NONE);
|
|
$this->assertEquals(auth_aclcheck('namespace:*', '', array()), AUTH_NONE);
|
|
|
|
// user with no matching group
|
|
$this->assertEquals(auth_aclcheck('page', 'jill', array('foo')), AUTH_NONE);
|
|
$this->assertEquals(auth_aclcheck('namespace:page', 'jill', array('foo')), AUTH_NONE);
|
|
$this->assertEquals(auth_aclcheck('namespace:*', 'jill', array('foo')), AUTH_NONE);
|
|
|
|
// user with matching group 1
|
|
$this->assertEquals(auth_aclcheck('page', 'jill', array('foo', 'group1')), AUTH_UPLOAD);
|
|
$this->assertEquals(auth_aclcheck('namespace:page', 'jill', array('foo', 'group1')), AUTH_READ);
|
|
$this->assertEquals(auth_aclcheck('namespace:*', 'jill', array('foo', 'group1')), AUTH_UPLOAD);
|
|
|
|
// user with matching group 2
|
|
$this->assertEquals(auth_aclcheck('page', 'jill', array('foo', 'Group2')), AUTH_UPLOAD);
|
|
$this->assertEquals(auth_aclcheck('namespace:page', 'jill', array('foo', 'Group2')), AUTH_READ);
|
|
$this->assertEquals(auth_aclcheck('namespace:*', 'jill', array('foo', 'Group2')), AUTH_UPLOAD);
|
|
|
|
// super user John
|
|
$this->assertEquals(auth_aclcheck('page', 'john', array('foo')), AUTH_ADMIN);
|
|
$this->assertEquals(auth_aclcheck('namespace:page', 'john', array('foo')), AUTH_ADMIN);
|
|
$this->assertEquals(auth_aclcheck('namespace:*', 'john', array('foo')), AUTH_ADMIN);
|
|
|
|
// super user doe
|
|
$this->assertEquals(auth_aclcheck('page', 'Doe', array('foo')), AUTH_ADMIN);
|
|
$this->assertEquals(auth_aclcheck('namespace:page', 'Doe', array('foo')), AUTH_ADMIN);
|
|
$this->assertEquals(auth_aclcheck('namespace:*', 'Doe', array('foo')), AUTH_ADMIN);
|
|
|
|
// user with matching admin group 1
|
|
$this->assertEquals(auth_aclcheck('page', 'jill', array('foo', 'admin1')), AUTH_ADMIN);
|
|
$this->assertEquals(auth_aclcheck('namespace:page', 'jill', array('foo', 'admin1')), AUTH_ADMIN);
|
|
$this->assertEquals(auth_aclcheck('namespace:*', 'jill', array('foo', 'admin1')), AUTH_ADMIN);
|
|
|
|
// user with matching admin group 2
|
|
$this->assertEquals(auth_aclcheck('page', 'jill', array('foo', 'Admin2')), AUTH_ADMIN);
|
|
$this->assertEquals(auth_aclcheck('namespace:page', 'jill', array('foo', 'Admin2')), AUTH_ADMIN);
|
|
$this->assertEquals(auth_aclcheck('namespace:*', 'jill', array('foo', 'Admin2')), AUTH_ADMIN);
|
|
}
|
|
|
|
/*
|
|
* Test aclcheck on @ALL group
|
|
*
|
|
* The default permission for @ALL group is AUTH_NONE. So we use an
|
|
* ACL entry which grants @ALL group an AUTH_READ permission to see
|
|
* whether ACL matching is properly done or not.
|
|
*/
|
|
function test_restricted_allread() {
|
|
global $conf;
|
|
global $AUTH_ACL;
|
|
|
|
$conf['superuser'] = 'john';
|
|
$conf['useacl'] = 1;
|
|
|
|
$AUTH_ACL = array(
|
|
'* @ALL 1',
|
|
'* @group1 8',
|
|
);
|
|
|
|
// anonymous user
|
|
$this->assertEquals(auth_aclcheck('page', '', array()), AUTH_READ);
|
|
$this->assertEquals(auth_aclcheck('namespace:page', '', array()), AUTH_READ);
|
|
$this->assertEquals(auth_aclcheck('namespace:*', '', array()), AUTH_READ);
|
|
|
|
// user with no matching group
|
|
$this->assertEquals(auth_aclcheck('page', 'jill', array('foo')), AUTH_READ);
|
|
$this->assertEquals(auth_aclcheck('namespace:page', 'jill', array('foo')), AUTH_READ);
|
|
$this->assertEquals(auth_aclcheck('namespace:*', 'jill', array('foo')), AUTH_READ);
|
|
|
|
// user with matching group
|
|
$this->assertEquals(auth_aclcheck('page', 'jill', array('foo', 'Group1')), AUTH_UPLOAD);
|
|
$this->assertEquals(auth_aclcheck('namespace:page', 'jill', array('foo', 'Group1')), AUTH_UPLOAD);
|
|
$this->assertEquals(auth_aclcheck('namespace:*', 'jill', array('foo', 'Group1')), AUTH_UPLOAD);
|
|
|
|
// super user
|
|
$this->assertEquals(auth_aclcheck('page', 'John', array('foo')), AUTH_ADMIN);
|
|
$this->assertEquals(auth_aclcheck('namespace:page', 'John', array('foo')), AUTH_ADMIN);
|
|
$this->assertEquals(auth_aclcheck('namespace:*', 'John', array('foo')), AUTH_ADMIN);
|
|
}
|
|
}
|