[ Index ]

PHP Cross Reference of DokuWiki

title

Body

[close]

/_test/tests/inc/Action/ -> general.test.php (source)

   1  <?php
   2  
   3  use dokuwiki\Action\AbstractAclAction;
   4  use dokuwiki\Action\AbstractUserAction;
   5  use dokuwiki\Action\Exception\ActionAclRequiredException;
   6  use dokuwiki\Action\Exception\ActionDisabledException;
   7  use dokuwiki\Action\Exception\ActionUserRequiredException;
   8  
   9  class action_general extends DokuWikiTest {
  10  
  11      public function dataProvider() {
  12          return array(
  13              array('Login', AUTH_NONE, array('exists' => true, 'ismanager' => false)),
  14              array('Logout', AUTH_NONE, array('exists' => true, 'ismanager' => false)),
  15              array('Search', AUTH_NONE, array('exists' => true, 'ismanager' => false)),
  16              array('Recent', AUTH_NONE, array('exists' => true, 'ismanager' => false)),
  17              array('Profile', AUTH_NONE, array('exists' => true, 'ismanager' => false)),
  18              array('ProfileDelete', AUTH_NONE, array('exists' => true, 'ismanager' => false)),
  19              array('Index', AUTH_NONE, array('exists' => true, 'ismanager' => false)),
  20              array('Sitemap', AUTH_NONE, array('exists' => true, 'ismanager' => false)),
  21              array('Denied', AUTH_NONE, array('exists' => true, 'ismanager' => false)),
  22              array('Register', AUTH_NONE, array('exists' => true, 'ismanager' => false)),
  23              array('Resendpwd', AUTH_NONE, array('exists' => true, 'ismanager' => false)),
  24              array('Backlink', AUTH_NONE, array('exists' => true, 'ismanager' => false)),
  25  
  26              array('Revert', AUTH_ADMIN, array('exists' => true, 'ismanager' => false)),
  27              array('Revert', AUTH_EDIT, array('exists' => true, 'ismanager' => true)),
  28  
  29              array('Admin', AUTH_READ, array('exists' => true, 'ismanager' => false)), // let in, check later again
  30              array('Admin', AUTH_READ, array('exists' => true, 'ismanager' => true)), // let in, check later again
  31  
  32              array('Check', AUTH_READ, array('exists' => true, 'ismanager' => false)), // sensible?
  33              array('Diff', AUTH_READ, array('exists' => true, 'ismanager' => false)),
  34              array('Show', AUTH_READ, array('exists' => true, 'ismanager' => false)),
  35              array('Subscribe', AUTH_READ, array('exists' => true, 'ismanager' => false)),
  36              array('Locked', AUTH_READ, array('exists' => true, 'ismanager' => false)),
  37              array('Source', AUTH_READ, array('exists' => true, 'ismanager' => false)),
  38              array('Export', AUTH_READ, array('exists' => true, 'ismanager' => false)),
  39              array('Media', AUTH_READ, array('exists' => true, 'ismanager' => false)),
  40              array('Revisions', AUTH_READ, array('exists' => true, 'ismanager' => false)),
  41  
  42              array('Draftdel', AUTH_EDIT, array('exists' => true, 'ismanager' => false)),
  43  
  44              // aliases
  45              array('Cancel', AUTH_NONE, array('exists' => true, 'ismanager' => false)),
  46              array('Recover', AUTH_NONE, array('exists' => true, 'ismanager' => false)),
  47  
  48              // EDITING existing page
  49              array('Save', AUTH_EDIT, array('exists' => true, 'ismanager' => false)),
  50              array('Conflict', AUTH_EDIT, array('exists' => true, 'ismanager' => false)),
  51              array('Draft', AUTH_EDIT, array('exists' => true, 'ismanager' => false)),
  52              //the edit function will check again and do a source show
  53              //when no AUTH_EDIT available:
  54              array('Edit', AUTH_READ, array('exists' => true, 'ismanager' => false)),
  55              array('Preview', AUTH_READ, array('exists' => true, 'ismanager' => false)),
  56  
  57              // EDITING new page
  58              array('Save', AUTH_CREATE, array('exists' => false, 'ismanager' => false)),
  59              array('Conflict', AUTH_CREATE, array('exists' => false, 'ismanager' => false)),
  60              array('Draft', AUTH_CREATE, array('exists' => false, 'ismanager' => false)),
  61              array('Edit', AUTH_CREATE, array('exists' => false, 'ismanager' => false)),
  62              array('Preview', AUTH_CREATE, array('exists' => false, 'ismanager' => false)),
  63          );
  64      }
  65  
  66      /**
  67       * @dataProvider dataProvider
  68       * @param $name
  69       * @param $expected
  70       * @param $info
  71       */
  72      public function testMinimumPermissions($name, $expected, $info) {
  73          global $INFO;
  74          $INFO = $info;
  75  
  76          $classname = 'dokuwiki\\Action\\' . $name;
  77          /** @var \dokuwiki\Action\AbstractAction $class */
  78          $class = new $classname();
  79  
  80          $this->assertSame($expected, $class->minimumPermission());
  81      }
  82  
  83      /**
  84       * All actions should handle the disableactions setting
  85       *
  86       * @dataProvider dataProvider
  87       * @param $name
  88       */
  89      public function testBaseClassActionOkPermission($name) {
  90          $this->assertTrue(true); // mark as not risky
  91          if($name == 'Show') return; // disabling show does not work
  92  
  93          $classname = 'dokuwiki\\Action\\' . $name;
  94          /** @var \dokuwiki\Action\AbstractAction $class */
  95          $class = new $classname();
  96  
  97          global $conf;
  98          $conf['useacl'] = 1;
  99          $conf['subscribers'] = 1;
 100          $conf['disableactions'] = '';
 101          $_SERVER['REMOTE_USER'] = 'someone';
 102  
 103          try {
 104              \dokuwiki\ActionRouter::getInstance(true)->checkAction($class);
 105          } catch(\Exception $e) {
 106              $this->assertNotSame(ActionDisabledException::class, get_class($e));
 107          }
 108  
 109          $conf['disableactions'] = $class->getActionName();
 110  
 111          try {
 112              \dokuwiki\ActionRouter::getInstance(true)->checkAction($class);
 113          } catch(\Exception $e) {
 114              $this->assertSame(ActionDisabledException::class, get_class($e), $e);
 115          }
 116      }
 117  
 118      /**
 119       * Actions inheriting from AbstractAclAction should have an ACL enabled check
 120       *
 121       * @dataProvider dataProvider
 122       * @param $name
 123       */
 124      public function testBaseClassAclPermission($name) {
 125          $classname = 'dokuwiki\\Action\\' . $name;
 126          /** @var \dokuwiki\Action\AbstractAction $class */
 127          $class = new $classname();
 128          $this->assertTrue(true); // mark as not risky
 129          if(!is_a($class, AbstractAclAction::class)) return;
 130  
 131          global $conf;
 132          $conf['useacl'] = 1;
 133          $conf['subscribers'] = 1;
 134  
 135          try {
 136              $class->checkPreconditions();
 137          } catch(\Exception $e) {
 138              $this->assertNotSame(ActionAclRequiredException::class, get_class($e));
 139          }
 140  
 141          $conf['useacl'] = 0;
 142  
 143          try {
 144              $class->checkPreconditions();
 145          } catch(\Exception $e) {
 146              $this->assertSame(ActionAclRequiredException::class, get_class($e));
 147          }
 148      }
 149  
 150      /**
 151       * Actions inheriting from AbstractUserAction should have user check
 152       *
 153       * @dataProvider dataProvider
 154       * @param $name
 155       */
 156      public function testBaseClassUserPermission($name) {
 157          $classname = 'dokuwiki\\Action\\' . $name;
 158          /** @var \dokuwiki\Action\AbstractAction $class */
 159          $class = new $classname();
 160          $this->assertTrue(true); // mark as not risky
 161          if(!is_a($class, AbstractUserAction::class)) return;
 162  
 163          global $conf;
 164          $conf['useacl'] = 1;
 165          $conf['subscribers'] = 1;
 166          $_SERVER['REMOTE_USER'] = 'test';
 167  
 168          try {
 169              $class->checkPreconditions();
 170          } catch(\Exception $e) {
 171              $this->assertNotSame(ActionUserRequiredException::class, get_class($e));
 172          }
 173  
 174          unset($_SERVER['REMOTE_USER']);
 175  
 176          try {
 177              $class->checkPreconditions();
 178          } catch(\Exception $e) {
 179              $this->assertSame(ActionUserRequiredException::class, get_class($e));
 180          }
 181      }
 182  }