[ Index ]

PHP Cross Reference of DokuWiki

title

Body

[close]

/_test/tests/inc/ -> auth_aclcheck.test.php (source)

   1  <?php
   2  
   3  class auth_acl_test extends DokuWikiTest {
   4  
   5      protected $oldAuthAcl;
   6  
   7      function setUp() {
   8          parent::setUp();
   9          global $AUTH_ACL;
  10          global $auth;
  11          $this->oldAuthAcl = $AUTH_ACL;
  12          $auth = new DokuWiki_Auth_Plugin();
  13      }
  14  
  15      function tearDown() {
  16          global $AUTH_ACL;
  17          $AUTH_ACL = $this->oldAuthAcl;
  18  
  19      }
  20  
  21      function test_restricted(){
  22          global $conf;
  23          global $AUTH_ACL;
  24          $conf['superuser'] = 'john';
  25          $conf['useacl']    = 1;
  26  
  27          $AUTH_ACL = array(
  28              '*           @ALL           0',
  29              '*           @user          8',
  30          );
  31  
  32          // anonymous user
  33          $this->assertEquals(auth_aclcheck('page',          '',array()), AUTH_NONE);
  34          $this->assertEquals(auth_aclcheck('namespace:page','',array()), AUTH_NONE);
  35          $this->assertEquals(auth_aclcheck('namespace:*',   '',array()), AUTH_NONE);
  36  
  37          // user with no matching group
  38          $this->assertEquals(auth_aclcheck('page',          'jill',array('foo')), AUTH_NONE);
  39          $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo')), AUTH_NONE);
  40          $this->assertEquals(auth_aclcheck('namespace:*',   'jill',array('foo')), AUTH_NONE);
  41  
  42          // user with matching group
  43          $this->assertEquals(auth_aclcheck('page',          'jill',array('foo','user')), AUTH_UPLOAD);
  44          $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo','user')), AUTH_UPLOAD);
  45          $this->assertEquals(auth_aclcheck('namespace:*',   'jill',array('foo','user')), AUTH_UPLOAD);
  46  
  47          // super user
  48          $this->assertEquals(auth_aclcheck('page',          'john',array('foo')), AUTH_ADMIN);
  49          $this->assertEquals(auth_aclcheck('namespace:page','john',array('foo')), AUTH_ADMIN);
  50          $this->assertEquals(auth_aclcheck('namespace:*',   'john',array('foo')), AUTH_ADMIN);
  51      }
  52  
  53      function test_restricted_ropage(){
  54          global $conf;
  55          global $AUTH_ACL;
  56          $conf['superuser'] = 'john';
  57          $conf['useacl']    = 1;
  58  
  59          $AUTH_ACL = array(
  60              '*                  @ALL           0',
  61              '*                  @user          8',
  62              'namespace:page     @user          1',
  63          );
  64  
  65          // anonymous user
  66          $this->assertEquals(auth_aclcheck('page',          '',array()), AUTH_NONE);
  67          $this->assertEquals(auth_aclcheck('namespace:page','',array()), AUTH_NONE);
  68          $this->assertEquals(auth_aclcheck('namespace:*',   '',array()), AUTH_NONE);
  69  
  70          // user with no matching group
  71          $this->assertEquals(auth_aclcheck('page',          'jill',array('foo')), AUTH_NONE);
  72          $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo')), AUTH_NONE);
  73          $this->assertEquals(auth_aclcheck('namespace:*',   'jill',array('foo')), AUTH_NONE);
  74  
  75          // user with matching group
  76          $this->assertEquals(auth_aclcheck('page',          'jill',array('foo','user')), AUTH_UPLOAD);
  77          $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo','user')), AUTH_READ);
  78          $this->assertEquals(auth_aclcheck('namespace:*',   'jill',array('foo','user')), AUTH_UPLOAD);
  79  
  80          // super user
  81          $this->assertEquals(auth_aclcheck('page',          'john',array('foo')), AUTH_ADMIN);
  82          $this->assertEquals(auth_aclcheck('namespace:page','john',array('foo')), AUTH_ADMIN);
  83          $this->assertEquals(auth_aclcheck('namespace:*',   'john',array('foo')), AUTH_ADMIN);
  84      }
  85  
  86      function test_aclexample(){
  87          global $conf;
  88          global $AUTH_ACL;
  89          $conf['superuser'] = 'john';
  90          $conf['useacl']    = 1;
  91  
  92          $AUTH_ACL = array(
  93              '*                     @ALL        4',
  94              '*                     bigboss    16',
  95              'start                 @ALL        1',
  96              'marketing:*           @marketing  8',
  97              'devel:*               @ALL        0',
  98              'devel:*               @devel      8',
  99              'devel:*               bigboss    16',
 100              'devel:funstuff        bigboss     0',
 101              'devel:*               @marketing  1',
 102              'devel:marketing       @marketing  2',
 103          );
 104  
 105  
 106          $this->assertEquals(auth_aclcheck('page', ''        ,array())            , AUTH_CREATE);
 107          $this->assertEquals(auth_aclcheck('page', 'bigboss' ,array('foo'))       , AUTH_DELETE);
 108          $this->assertEquals(auth_aclcheck('page', 'jill'    ,array('marketing')) , AUTH_CREATE);
 109          $this->assertEquals(auth_aclcheck('page', 'jane'    ,array('devel'))     , AUTH_CREATE);
 110  
 111          $this->assertEquals(auth_aclcheck('start', ''        ,array())            , AUTH_READ);
 112          $this->assertEquals(auth_aclcheck('start', 'bigboss' ,array('foo'))       , AUTH_READ);
 113          $this->assertEquals(auth_aclcheck('start', 'jill'    ,array('marketing')) , AUTH_READ);
 114          $this->assertEquals(auth_aclcheck('start', 'jane'    ,array('devel'))     , AUTH_READ);
 115  
 116          $this->assertEquals(auth_aclcheck('marketing:page', ''        ,array())            , AUTH_CREATE);
 117          $this->assertEquals(auth_aclcheck('marketing:page', 'bigboss' ,array('foo'))       , AUTH_DELETE);
 118          $this->assertEquals(auth_aclcheck('marketing:page', 'jill'    ,array('marketing')) , AUTH_UPLOAD);
 119          $this->assertEquals(auth_aclcheck('marketing:page', 'jane'    ,array('devel'))     , AUTH_CREATE);
 120  
 121  
 122          $this->assertEquals(auth_aclcheck('devel:page', ''        ,array())            , AUTH_NONE);
 123          $this->assertEquals(auth_aclcheck('devel:page', 'bigboss' ,array('foo'))       , AUTH_DELETE);
 124          $this->assertEquals(auth_aclcheck('devel:page', 'jill'    ,array('marketing')) , AUTH_READ);
 125          $this->assertEquals(auth_aclcheck('devel:page', 'jane'    ,array('devel'))     , AUTH_UPLOAD);
 126  
 127          $this->assertEquals(auth_aclcheck('devel:funstuff', ''        ,array())            , AUTH_NONE);
 128          $this->assertEquals(auth_aclcheck('devel:funstuff', 'bigboss' ,array('foo'))       , AUTH_NONE);
 129          $this->assertEquals(auth_aclcheck('devel:funstuff', 'jill'    ,array('marketing')) , AUTH_READ);
 130          $this->assertEquals(auth_aclcheck('devel:funstuff', 'jane'    ,array('devel'))     , AUTH_UPLOAD);
 131  
 132          $this->assertEquals(auth_aclcheck('devel:marketing', ''        ,array())            , AUTH_NONE);
 133          $this->assertEquals(auth_aclcheck('devel:marketing', 'bigboss' ,array('foo'))       , AUTH_DELETE);
 134          $this->assertEquals(auth_aclcheck('devel:marketing', 'jill'    ,array('marketing')) , AUTH_EDIT);
 135          $this->assertEquals(auth_aclcheck('devel:marketing', 'jane'    ,array('devel'))     , AUTH_UPLOAD);
 136  
 137      }
 138  
 139      function test_multiadmin_restricted(){
 140          global $conf;
 141          global $AUTH_ACL;
 142          $conf['superuser'] = 'john,@admin,doe,@roots';
 143          $conf['useacl']    = 1;
 144  
 145          $AUTH_ACL = array(
 146              '*           @ALL           0',
 147              '*           @user          8',
 148          );
 149  
 150          // anonymous user
 151          $this->assertEquals(auth_aclcheck('page',          '',array()), AUTH_NONE);
 152          $this->assertEquals(auth_aclcheck('namespace:page','',array()), AUTH_NONE);
 153          $this->assertEquals(auth_aclcheck('namespace:*',   '',array()), AUTH_NONE);
 154  
 155          // user with no matching group
 156          $this->assertEquals(auth_aclcheck('page',          'jill',array('foo')), AUTH_NONE);
 157          $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo')), AUTH_NONE);
 158          $this->assertEquals(auth_aclcheck('namespace:*',   'jill',array('foo')), AUTH_NONE);
 159  
 160          // user with matching group
 161          $this->assertEquals(auth_aclcheck('page',          'jill',array('foo','user')), AUTH_UPLOAD);
 162          $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo','user')), AUTH_UPLOAD);
 163          $this->assertEquals(auth_aclcheck('namespace:*',   'jill',array('foo','user')), AUTH_UPLOAD);
 164  
 165          // super user john
 166          $this->assertEquals(auth_aclcheck('page',          'john',array('foo')), AUTH_ADMIN);
 167          $this->assertEquals(auth_aclcheck('namespace:page','john',array('foo')), AUTH_ADMIN);
 168          $this->assertEquals(auth_aclcheck('namespace:*',   'john',array('foo')), AUTH_ADMIN);
 169  
 170          // super user doe
 171          $this->assertEquals(auth_aclcheck('page',          'doe',array('foo')), AUTH_ADMIN);
 172          $this->assertEquals(auth_aclcheck('namespace:page','doe',array('foo')), AUTH_ADMIN);
 173          $this->assertEquals(auth_aclcheck('namespace:*',   'doe',array('foo')), AUTH_ADMIN);
 174  
 175          // user with matching admin group
 176          $this->assertEquals(auth_aclcheck('page',          'jill',array('foo','admin')), AUTH_ADMIN);
 177          $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo','admin')), AUTH_ADMIN);
 178          $this->assertEquals(auth_aclcheck('namespace:*',   'jill',array('foo','admin')), AUTH_ADMIN);
 179  
 180          // user with matching another admin group
 181          $this->assertEquals(auth_aclcheck('page',          'jill',array('foo','roots')), AUTH_ADMIN);
 182          $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo','roots')), AUTH_ADMIN);
 183          $this->assertEquals(auth_aclcheck('namespace:*',   'jill',array('foo','roots')), AUTH_ADMIN);
 184      }
 185  
 186      function test_multiadmin_restricted_ropage(){
 187          global $conf;
 188          global $AUTH_ACL;
 189          $conf['superuser'] = 'john,@admin,doe,@roots';
 190          $conf['useacl']    = 1;
 191  
 192          $AUTH_ACL = array(
 193              '*                  @ALL           0',
 194              '*                  @user          8',
 195              'namespace:page     @user          1',
 196          );
 197  
 198          // anonymous user
 199          $this->assertEquals(auth_aclcheck('page',          '',array()), AUTH_NONE);
 200          $this->assertEquals(auth_aclcheck('namespace:page','',array()), AUTH_NONE);
 201          $this->assertEquals(auth_aclcheck('namespace:*',   '',array()), AUTH_NONE);
 202  
 203          // user with no matching group
 204          $this->assertEquals(auth_aclcheck('page',          'jill',array('foo')), AUTH_NONE);
 205          $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo')), AUTH_NONE);
 206          $this->assertEquals(auth_aclcheck('namespace:*',   'jill',array('foo')), AUTH_NONE);
 207  
 208          // user with matching group
 209          $this->assertEquals(auth_aclcheck('page',          'jill',array('foo','user')), AUTH_UPLOAD);
 210          $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo','user')), AUTH_READ);
 211          $this->assertEquals(auth_aclcheck('namespace:*',   'jill',array('foo','user')), AUTH_UPLOAD);
 212  
 213          // super user john
 214          $this->assertEquals(auth_aclcheck('page',          'john',array('foo')), AUTH_ADMIN);
 215          $this->assertEquals(auth_aclcheck('namespace:page','john',array('foo')), AUTH_ADMIN);
 216          $this->assertEquals(auth_aclcheck('namespace:*',   'john',array('foo')), AUTH_ADMIN);
 217  
 218          // super user doe
 219          $this->assertEquals(auth_aclcheck('page',          'doe',array('foo')), AUTH_ADMIN);
 220          $this->assertEquals(auth_aclcheck('namespace:page','doe',array('foo')), AUTH_ADMIN);
 221          $this->assertEquals(auth_aclcheck('namespace:*',   'doe',array('foo')), AUTH_ADMIN);
 222  
 223          // user with matching admin group
 224          $this->assertEquals(auth_aclcheck('page',          'jill',array('foo','admin')), AUTH_ADMIN);
 225          $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo','admin')), AUTH_ADMIN);
 226          $this->assertEquals(auth_aclcheck('namespace:*',   'jill',array('foo','admin')), AUTH_ADMIN);
 227  
 228          // user with matching another admin group
 229          $this->assertEquals(auth_aclcheck('page',          'jill',array('foo','roots')), AUTH_ADMIN);
 230          $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo','roots')), AUTH_ADMIN);
 231          $this->assertEquals(auth_aclcheck('namespace:*',   'jill',array('foo','roots')), AUTH_ADMIN);
 232      }
 233  
 234      function test_wildcards(){
 235          global $conf;
 236          global $AUTH_ACL;
 237          global $USERINFO;
 238          $conf['useacl']    = 1;
 239  
 240          $_SERVER['REMOTE_USER'] = 'john';
 241          $USERINFO['grps']       = array('test','töst','foo bar');
 242          $AUTH_ACL = auth_loadACL(); // default test file
 243  
 244          // default setting
 245          $this->assertEquals(AUTH_UPLOAD, auth_aclcheck('page', $_SERVER['REMOTE_USER'], $USERINFO['grps']));
 246  
 247          // user namespace
 248          $this->assertEquals(AUTH_DELETE, auth_aclcheck('users:john:foo', $_SERVER['REMOTE_USER'], $USERINFO['grps']));
 249          $this->assertEquals(AUTH_READ, auth_aclcheck('users:john:foo', 'schmock', array()));
 250  
 251          // group namespace
 252          $this->assertEquals(AUTH_DELETE, auth_aclcheck('groups:test:foo', $_SERVER['REMOTE_USER'], $USERINFO['grps']));
 253          $this->assertEquals(AUTH_READ, auth_aclcheck('groups:test:foo', 'schmock', array()));
 254          $this->assertEquals(AUTH_DELETE, auth_aclcheck('groups:toest:foo', $_SERVER['REMOTE_USER'], $USERINFO['grps']));
 255          $this->assertEquals(AUTH_READ, auth_aclcheck('groups:toest:foo', 'schmock', array()));
 256          $this->assertEquals(AUTH_DELETE, auth_aclcheck('groups:foo_bar:foo', $_SERVER['REMOTE_USER'], $USERINFO['grps']));
 257          $this->assertEquals(AUTH_READ, auth_aclcheck('groups:foo_bar:foo', 'schmock', array()));
 258  
 259      }
 260  
 261  }
 262  
 263  //Setup VIM: ex: et ts=4 :