oldAuth = $auth; $this->oldAuthAcl = $AUTH_ACL; $auth = new AuthCaseInsensitivePlugin(); } function tearDown() : void { global $conf; global $AUTH_ACL; global $auth; $auth = $this->oldAuth; $AUTH_ACL = $this->oldAuthAcl; } function test_multiadmin_restricted_ropage() { global $conf; global $AUTH_ACL; $conf['superuser'] = 'John,doe,@Admin1,@admin2'; $conf['useacl'] = 1; $AUTH_ACL = array( '* @ALL 0', '* @Group1 8', '* @group2 8', 'namespace:page @Group1 1', 'namespace:page @group2 1', ); // anonymous user $this->assertEquals(auth_aclcheck('page', '', array()), AUTH_NONE); $this->assertEquals(auth_aclcheck('namespace:page', '', array()), AUTH_NONE); $this->assertEquals(auth_aclcheck('namespace:*', '', array()), AUTH_NONE); // user with no matching group $this->assertEquals(auth_aclcheck('page', 'jill', array('foo')), AUTH_NONE); $this->assertEquals(auth_aclcheck('namespace:page', 'jill', array('foo')), AUTH_NONE); $this->assertEquals(auth_aclcheck('namespace:*', 'jill', array('foo')), AUTH_NONE); // user with matching group 1 $this->assertEquals(auth_aclcheck('page', 'jill', array('foo', 'group1')), AUTH_UPLOAD); $this->assertEquals(auth_aclcheck('namespace:page', 'jill', array('foo', 'group1')), AUTH_READ); $this->assertEquals(auth_aclcheck('namespace:*', 'jill', array('foo', 'group1')), AUTH_UPLOAD); // user with matching group 2 $this->assertEquals(auth_aclcheck('page', 'jill', array('foo', 'Group2')), AUTH_UPLOAD); $this->assertEquals(auth_aclcheck('namespace:page', 'jill', array('foo', 'Group2')), AUTH_READ); $this->assertEquals(auth_aclcheck('namespace:*', 'jill', array('foo', 'Group2')), AUTH_UPLOAD); // super user John $this->assertEquals(auth_aclcheck('page', 'john', array('foo')), AUTH_ADMIN); $this->assertEquals(auth_aclcheck('namespace:page', 'john', array('foo')), AUTH_ADMIN); $this->assertEquals(auth_aclcheck('namespace:*', 'john', array('foo')), AUTH_ADMIN); // super user doe $this->assertEquals(auth_aclcheck('page', 'Doe', array('foo')), AUTH_ADMIN); $this->assertEquals(auth_aclcheck('namespace:page', 'Doe', array('foo')), AUTH_ADMIN); $this->assertEquals(auth_aclcheck('namespace:*', 'Doe', array('foo')), AUTH_ADMIN); // user with matching admin group 1 $this->assertEquals(auth_aclcheck('page', 'jill', array('foo', 'admin1')), AUTH_ADMIN); $this->assertEquals(auth_aclcheck('namespace:page', 'jill', array('foo', 'admin1')), AUTH_ADMIN); $this->assertEquals(auth_aclcheck('namespace:*', 'jill', array('foo', 'admin1')), AUTH_ADMIN); // user with matching admin group 2 $this->assertEquals(auth_aclcheck('page', 'jill', array('foo', 'Admin2')), AUTH_ADMIN); $this->assertEquals(auth_aclcheck('namespace:page', 'jill', array('foo', 'Admin2')), AUTH_ADMIN); $this->assertEquals(auth_aclcheck('namespace:*', 'jill', array('foo', 'Admin2')), AUTH_ADMIN); } /* * Test aclcheck on @ALL group * * The default permission for @ALL group is AUTH_NONE. So we use an * ACL entry which grants @ALL group an AUTH_READ permission to see * whether ACL matching is properly done or not. */ function test_restricted_allread() { global $conf; global $AUTH_ACL; $conf['superuser'] = 'john'; $conf['useacl'] = 1; $AUTH_ACL = array( '* @ALL 1', '* @group1 8', ); // anonymous user $this->assertEquals(auth_aclcheck('page', '', array()), AUTH_READ); $this->assertEquals(auth_aclcheck('namespace:page', '', array()), AUTH_READ); $this->assertEquals(auth_aclcheck('namespace:*', '', array()), AUTH_READ); // user with no matching group $this->assertEquals(auth_aclcheck('page', 'jill', array('foo')), AUTH_READ); $this->assertEquals(auth_aclcheck('namespace:page', 'jill', array('foo')), AUTH_READ); $this->assertEquals(auth_aclcheck('namespace:*', 'jill', array('foo')), AUTH_READ); // user with matching group $this->assertEquals(auth_aclcheck('page', 'jill', array('foo', 'Group1')), AUTH_UPLOAD); $this->assertEquals(auth_aclcheck('namespace:page', 'jill', array('foo', 'Group1')), AUTH_UPLOAD); $this->assertEquals(auth_aclcheck('namespace:*', 'jill', array('foo', 'Group1')), AUTH_UPLOAD); // super user $this->assertEquals(auth_aclcheck('page', 'John', array('foo')), AUTH_ADMIN); $this->assertEquals(auth_aclcheck('namespace:page', 'John', array('foo')), AUTH_ADMIN); $this->assertEquals(auth_aclcheck('namespace:*', 'John', array('foo')), AUTH_ADMIN); } }