[ Index ]

PHP Cross Reference of DokuWiki

title

Body

[close]

/_test/tests/inc/ -> auth_aclcheck.test.php (source)

   1  <?php
   2  
   3  use dokuwiki\test\mock\AuthPlugin;
   4  
   5  class auth_acl_test extends DokuWikiTest {
   6  
   7      protected $oldAuthAcl;
   8  
   9      function setUp() {
  10          parent::setUp();
  11          global $AUTH_ACL;
  12          global $auth;
  13          $this->oldAuthAcl = $AUTH_ACL;
  14          $auth = new AuthPlugin();
  15      }
  16  
  17      function tearDown() {
  18          global $AUTH_ACL;
  19          $AUTH_ACL = $this->oldAuthAcl;
  20  
  21      }
  22  
  23      function test_restricted(){
  24          global $conf;
  25          global $AUTH_ACL;
  26          $conf['superuser'] = 'john';
  27          $conf['useacl']    = 1;
  28  
  29          $AUTH_ACL = array(
  30              '*           @ALL           0',
  31              '*           @user          8',
  32          );
  33  
  34          // anonymous user
  35          $this->assertEquals(auth_aclcheck('page',          '',array()), AUTH_NONE);
  36          $this->assertEquals(auth_aclcheck('namespace:page','',array()), AUTH_NONE);
  37          $this->assertEquals(auth_aclcheck('namespace:*',   '',array()), AUTH_NONE);
  38  
  39          // user with no matching group
  40          $this->assertEquals(auth_aclcheck('page',          'jill',array('foo')), AUTH_NONE);
  41          $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo')), AUTH_NONE);
  42          $this->assertEquals(auth_aclcheck('namespace:*',   'jill',array('foo')), AUTH_NONE);
  43  
  44          // user with matching group
  45          $this->assertEquals(auth_aclcheck('page',          'jill',array('foo','user')), AUTH_UPLOAD);
  46          $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo','user')), AUTH_UPLOAD);
  47          $this->assertEquals(auth_aclcheck('namespace:*',   'jill',array('foo','user')), AUTH_UPLOAD);
  48  
  49          // super user
  50          $this->assertEquals(auth_aclcheck('page',          'john',array('foo')), AUTH_ADMIN);
  51          $this->assertEquals(auth_aclcheck('namespace:page','john',array('foo')), AUTH_ADMIN);
  52          $this->assertEquals(auth_aclcheck('namespace:*',   'john',array('foo')), AUTH_ADMIN);
  53      }
  54  
  55      function test_restricted_ropage(){
  56          global $conf;
  57          global $AUTH_ACL;
  58          $conf['superuser'] = 'john';
  59          $conf['useacl']    = 1;
  60  
  61          $AUTH_ACL = array(
  62              '*                  @ALL           0',
  63              '*                  @user          8',
  64              'namespace:page     @user          1',
  65          );
  66  
  67          // anonymous user
  68          $this->assertEquals(auth_aclcheck('page',          '',array()), AUTH_NONE);
  69          $this->assertEquals(auth_aclcheck('namespace:page','',array()), AUTH_NONE);
  70          $this->assertEquals(auth_aclcheck('namespace:*',   '',array()), AUTH_NONE);
  71  
  72          // user with no matching group
  73          $this->assertEquals(auth_aclcheck('page',          'jill',array('foo')), AUTH_NONE);
  74          $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo')), AUTH_NONE);
  75          $this->assertEquals(auth_aclcheck('namespace:*',   'jill',array('foo')), AUTH_NONE);
  76  
  77          // user with matching group
  78          $this->assertEquals(auth_aclcheck('page',          'jill',array('foo','user')), AUTH_UPLOAD);
  79          $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo','user')), AUTH_READ);
  80          $this->assertEquals(auth_aclcheck('namespace:*',   'jill',array('foo','user')), AUTH_UPLOAD);
  81  
  82          // super user
  83          $this->assertEquals(auth_aclcheck('page',          'john',array('foo')), AUTH_ADMIN);
  84          $this->assertEquals(auth_aclcheck('namespace:page','john',array('foo')), AUTH_ADMIN);
  85          $this->assertEquals(auth_aclcheck('namespace:*',   'john',array('foo')), AUTH_ADMIN);
  86      }
  87  
  88      function test_aclexample(){
  89          global $conf;
  90          global $AUTH_ACL;
  91          $conf['superuser'] = 'john';
  92          $conf['useacl']    = 1;
  93  
  94          $AUTH_ACL = array(
  95              '*                     @ALL        4',
  96              '*                     bigboss    16',
  97              'start                 @ALL        1',
  98              'marketing:*           @marketing  8',
  99              'devel:*               @ALL        0',
 100              'devel:*               @devel      8',
 101              'devel:*               bigboss    16',
 102              'devel:funstuff        bigboss     0',
 103              'devel:*               @marketing  1',
 104              'devel:marketing       @marketing  2',
 105          );
 106  
 107  
 108          $this->assertEquals(auth_aclcheck('page', ''        ,array())            , AUTH_CREATE);
 109          $this->assertEquals(auth_aclcheck('page', 'bigboss' ,array('foo'))       , AUTH_DELETE);
 110          $this->assertEquals(auth_aclcheck('page', 'jill'    ,array('marketing')) , AUTH_CREATE);
 111          $this->assertEquals(auth_aclcheck('page', 'jane'    ,array('devel'))     , AUTH_CREATE);
 112  
 113          $this->assertEquals(auth_aclcheck('start', ''        ,array())            , AUTH_READ);
 114          $this->assertEquals(auth_aclcheck('start', 'bigboss' ,array('foo'))       , AUTH_READ);
 115          $this->assertEquals(auth_aclcheck('start', 'jill'    ,array('marketing')) , AUTH_READ);
 116          $this->assertEquals(auth_aclcheck('start', 'jane'    ,array('devel'))     , AUTH_READ);
 117  
 118          $this->assertEquals(auth_aclcheck('marketing:page', ''        ,array())            , AUTH_CREATE);
 119          $this->assertEquals(auth_aclcheck('marketing:page', 'bigboss' ,array('foo'))       , AUTH_DELETE);
 120          $this->assertEquals(auth_aclcheck('marketing:page', 'jill'    ,array('marketing')) , AUTH_UPLOAD);
 121          $this->assertEquals(auth_aclcheck('marketing:page', 'jane'    ,array('devel'))     , AUTH_CREATE);
 122  
 123  
 124          $this->assertEquals(auth_aclcheck('devel:page', ''        ,array())            , AUTH_NONE);
 125          $this->assertEquals(auth_aclcheck('devel:page', 'bigboss' ,array('foo'))       , AUTH_DELETE);
 126          $this->assertEquals(auth_aclcheck('devel:page', 'jill'    ,array('marketing')) , AUTH_READ);
 127          $this->assertEquals(auth_aclcheck('devel:page', 'jane'    ,array('devel'))     , AUTH_UPLOAD);
 128  
 129          $this->assertEquals(auth_aclcheck('devel:funstuff', ''        ,array())            , AUTH_NONE);
 130          $this->assertEquals(auth_aclcheck('devel:funstuff', 'bigboss' ,array('foo'))       , AUTH_NONE);
 131          $this->assertEquals(auth_aclcheck('devel:funstuff', 'jill'    ,array('marketing')) , AUTH_READ);
 132          $this->assertEquals(auth_aclcheck('devel:funstuff', 'jane'    ,array('devel'))     , AUTH_UPLOAD);
 133  
 134          $this->assertEquals(auth_aclcheck('devel:marketing', ''        ,array())            , AUTH_NONE);
 135          $this->assertEquals(auth_aclcheck('devel:marketing', 'bigboss' ,array('foo'))       , AUTH_DELETE);
 136          $this->assertEquals(auth_aclcheck('devel:marketing', 'jill'    ,array('marketing')) , AUTH_EDIT);
 137          $this->assertEquals(auth_aclcheck('devel:marketing', 'jane'    ,array('devel'))     , AUTH_UPLOAD);
 138  
 139      }
 140  
 141      function test_multiadmin_restricted(){
 142          global $conf;
 143          global $AUTH_ACL;
 144          $conf['superuser'] = 'john,@admin,doe,@roots';
 145          $conf['useacl']    = 1;
 146  
 147          $AUTH_ACL = array(
 148              '*           @ALL           0',
 149              '*           @user          8',
 150          );
 151  
 152          // anonymous user
 153          $this->assertEquals(auth_aclcheck('page',          '',array()), AUTH_NONE);
 154          $this->assertEquals(auth_aclcheck('namespace:page','',array()), AUTH_NONE);
 155          $this->assertEquals(auth_aclcheck('namespace:*',   '',array()), AUTH_NONE);
 156  
 157          // user with no matching group
 158          $this->assertEquals(auth_aclcheck('page',          'jill',array('foo')), AUTH_NONE);
 159          $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo')), AUTH_NONE);
 160          $this->assertEquals(auth_aclcheck('namespace:*',   'jill',array('foo')), AUTH_NONE);
 161  
 162          // user with matching group
 163          $this->assertEquals(auth_aclcheck('page',          'jill',array('foo','user')), AUTH_UPLOAD);
 164          $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo','user')), AUTH_UPLOAD);
 165          $this->assertEquals(auth_aclcheck('namespace:*',   'jill',array('foo','user')), AUTH_UPLOAD);
 166  
 167          // super user john
 168          $this->assertEquals(auth_aclcheck('page',          'john',array('foo')), AUTH_ADMIN);
 169          $this->assertEquals(auth_aclcheck('namespace:page','john',array('foo')), AUTH_ADMIN);
 170          $this->assertEquals(auth_aclcheck('namespace:*',   'john',array('foo')), AUTH_ADMIN);
 171  
 172          // super user doe
 173          $this->assertEquals(auth_aclcheck('page',          'doe',array('foo')), AUTH_ADMIN);
 174          $this->assertEquals(auth_aclcheck('namespace:page','doe',array('foo')), AUTH_ADMIN);
 175          $this->assertEquals(auth_aclcheck('namespace:*',   'doe',array('foo')), AUTH_ADMIN);
 176  
 177          // user with matching admin group
 178          $this->assertEquals(auth_aclcheck('page',          'jill',array('foo','admin')), AUTH_ADMIN);
 179          $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo','admin')), AUTH_ADMIN);
 180          $this->assertEquals(auth_aclcheck('namespace:*',   'jill',array('foo','admin')), AUTH_ADMIN);
 181  
 182          // user with matching another admin group
 183          $this->assertEquals(auth_aclcheck('page',          'jill',array('foo','roots')), AUTH_ADMIN);
 184          $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo','roots')), AUTH_ADMIN);
 185          $this->assertEquals(auth_aclcheck('namespace:*',   'jill',array('foo','roots')), AUTH_ADMIN);
 186      }
 187  
 188      function test_multiadmin_restricted_ropage(){
 189          global $conf;
 190          global $AUTH_ACL;
 191          $conf['superuser'] = 'john,@admin,doe,@roots';
 192          $conf['useacl']    = 1;
 193  
 194          $AUTH_ACL = array(
 195              '*                  @ALL           0',
 196              '*                  @user          8',
 197              'namespace:page     @user          1',
 198          );
 199  
 200          // anonymous user
 201          $this->assertEquals(auth_aclcheck('page',          '',array()), AUTH_NONE);
 202          $this->assertEquals(auth_aclcheck('namespace:page','',array()), AUTH_NONE);
 203          $this->assertEquals(auth_aclcheck('namespace:*',   '',array()), AUTH_NONE);
 204  
 205          // user with no matching group
 206          $this->assertEquals(auth_aclcheck('page',          'jill',array('foo')), AUTH_NONE);
 207          $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo')), AUTH_NONE);
 208          $this->assertEquals(auth_aclcheck('namespace:*',   'jill',array('foo')), AUTH_NONE);
 209  
 210          // user with matching group
 211          $this->assertEquals(auth_aclcheck('page',          'jill',array('foo','user')), AUTH_UPLOAD);
 212          $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo','user')), AUTH_READ);
 213          $this->assertEquals(auth_aclcheck('namespace:*',   'jill',array('foo','user')), AUTH_UPLOAD);
 214  
 215          // super user john
 216          $this->assertEquals(auth_aclcheck('page',          'john',array('foo')), AUTH_ADMIN);
 217          $this->assertEquals(auth_aclcheck('namespace:page','john',array('foo')), AUTH_ADMIN);
 218          $this->assertEquals(auth_aclcheck('namespace:*',   'john',array('foo')), AUTH_ADMIN);
 219  
 220          // super user doe
 221          $this->assertEquals(auth_aclcheck('page',          'doe',array('foo')), AUTH_ADMIN);
 222          $this->assertEquals(auth_aclcheck('namespace:page','doe',array('foo')), AUTH_ADMIN);
 223          $this->assertEquals(auth_aclcheck('namespace:*',   'doe',array('foo')), AUTH_ADMIN);
 224  
 225          // user with matching admin group
 226          $this->assertEquals(auth_aclcheck('page',          'jill',array('foo','admin')), AUTH_ADMIN);
 227          $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo','admin')), AUTH_ADMIN);
 228          $this->assertEquals(auth_aclcheck('namespace:*',   'jill',array('foo','admin')), AUTH_ADMIN);
 229  
 230          // user with matching another admin group
 231          $this->assertEquals(auth_aclcheck('page',          'jill',array('foo','roots')), AUTH_ADMIN);
 232          $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo','roots')), AUTH_ADMIN);
 233          $this->assertEquals(auth_aclcheck('namespace:*',   'jill',array('foo','roots')), AUTH_ADMIN);
 234      }
 235  
 236      function test_wildcards(){
 237          global $conf;
 238          global $AUTH_ACL;
 239          global $USERINFO;
 240          $conf['useacl']    = 1;
 241  
 242          $_SERVER['REMOTE_USER'] = 'john';
 243          $USERINFO['grps']       = array('test','töst','foo bar');
 244          $AUTH_ACL = auth_loadACL(); // default test file
 245  
 246          // default setting
 247          $this->assertEquals(AUTH_UPLOAD, auth_aclcheck('page', $_SERVER['REMOTE_USER'], $USERINFO['grps']));
 248  
 249          // user namespace
 250          $this->assertEquals(AUTH_DELETE, auth_aclcheck('users:john:foo', $_SERVER['REMOTE_USER'], $USERINFO['grps']));
 251          $this->assertEquals(AUTH_READ, auth_aclcheck('users:john:foo', 'schmock', array()));
 252  
 253          // group namespace
 254          $this->assertEquals(AUTH_DELETE, auth_aclcheck('groups:test:foo', $_SERVER['REMOTE_USER'], $USERINFO['grps']));
 255          $this->assertEquals(AUTH_READ, auth_aclcheck('groups:test:foo', 'schmock', array()));
 256          $this->assertEquals(AUTH_DELETE, auth_aclcheck('groups:toest:foo', $_SERVER['REMOTE_USER'], $USERINFO['grps']));
 257          $this->assertEquals(AUTH_READ, auth_aclcheck('groups:toest:foo', 'schmock', array()));
 258          $this->assertEquals(AUTH_DELETE, auth_aclcheck('groups:foo_bar:foo', $_SERVER['REMOTE_USER'], $USERINFO['grps']));
 259          $this->assertEquals(AUTH_READ, auth_aclcheck('groups:foo_bar:foo', 'schmock', array()));
 260  
 261      }
 262  
 263  }
 264  
 265  //Setup VIM: ex: et ts=4 :