1<?php
2
3namespace Sabre\DAVACL;
4
5use Sabre\DAV;
6use Sabre\HTTP;
7
8
9require_once 'Sabre/DAVACL/MockPrincipal.php';
10require_once 'Sabre/DAVACL/MockACLNode.php';
11
12class SimplePluginTest extends \PHPUnit_Framework_TestCase {
13
14    function testValues() {
15
16        $aclPlugin = new Plugin();
17        $this->assertEquals('acl',$aclPlugin->getPluginName());
18        $this->assertEquals(
19            array('access-control', 'calendarserver-principal-property-search'),
20            $aclPlugin->getFeatures()
21        );
22
23        $this->assertEquals(
24            array(
25                '{DAV:}expand-property',
26                '{DAV:}principal-property-search',
27                '{DAV:}principal-search-property-set'
28            ),
29            $aclPlugin->getSupportedReportSet(''));
30
31        $this->assertEquals(array('ACL'), $aclPlugin->getMethods(''));
32
33
34        $this->assertEquals(
35            'acl',
36            $aclPlugin->getPluginInfo()['name']
37        );
38    }
39
40    function testGetFlatPrivilegeSet() {
41
42        $expected = array(
43            '{DAV:}all' => array(
44                'privilege' => '{DAV:}all',
45                'abstract' => true,
46                'aggregates' => array(
47                    '{DAV:}read',
48                    '{DAV:}write',
49                ),
50                'concrete' => null,
51            ),
52            '{DAV:}read' => array(
53                'privilege' => '{DAV:}read',
54                'abstract' => false,
55                'aggregates' => array(
56                    '{DAV:}read-acl',
57                    '{DAV:}read-current-user-privilege-set',
58                ),
59                'concrete' => '{DAV:}read',
60            ),
61            '{DAV:}read-acl' => array(
62                'privilege' => '{DAV:}read-acl',
63                'abstract' => false,
64                'aggregates' => array(),
65                'concrete' => '{DAV:}read-acl',
66            ),
67            '{DAV:}read-current-user-privilege-set' => array(
68                'privilege' => '{DAV:}read-current-user-privilege-set',
69                'abstract' => false,
70                'aggregates' => array(),
71                'concrete' => '{DAV:}read-current-user-privilege-set',
72            ),
73            '{DAV:}write' => array(
74                'privilege' => '{DAV:}write',
75                'abstract' => false,
76                'aggregates' => array(
77                    '{DAV:}write-acl',
78                    '{DAV:}write-properties',
79                    '{DAV:}write-content',
80                    '{DAV:}bind',
81                    '{DAV:}unbind',
82                    '{DAV:}unlock',
83                ),
84                'concrete' => '{DAV:}write',
85            ),
86            '{DAV:}write-acl' => array(
87                'privilege' => '{DAV:}write-acl',
88                'abstract' => false,
89                'aggregates' => array(),
90                'concrete' => '{DAV:}write-acl',
91            ),
92            '{DAV:}write-properties' => array(
93                'privilege' => '{DAV:}write-properties',
94                'abstract' => false,
95                'aggregates' => array(),
96                'concrete' => '{DAV:}write-properties',
97            ),
98            '{DAV:}write-content' => array(
99                'privilege' => '{DAV:}write-content',
100                'abstract' => false,
101                'aggregates' => array(),
102                'concrete' => '{DAV:}write-content',
103            ),
104            '{DAV:}unlock' => array(
105                'privilege' => '{DAV:}unlock',
106                'abstract' => false,
107                'aggregates' => array(),
108                'concrete' => '{DAV:}unlock',
109            ),
110            '{DAV:}bind' => array(
111                'privilege' => '{DAV:}bind',
112                'abstract' => false,
113                'aggregates' => array(),
114                'concrete' => '{DAV:}bind',
115            ),
116            '{DAV:}unbind' => array(
117                'privilege' => '{DAV:}unbind',
118                'abstract' => false,
119                'aggregates' => array(),
120                'concrete' => '{DAV:}unbind',
121            ),
122
123        );
124
125        $plugin = new Plugin();
126        $server = new DAV\Server();
127        $server->addPlugin($plugin);
128        $this->assertEquals($expected, $plugin->getFlatPrivilegeSet(''));
129
130    }
131
132    function testCurrentUserPrincipalsNotLoggedIn() {
133
134        $acl = new Plugin();
135        $server = new DAV\Server();
136        $server->addPlugin($acl);
137
138        $this->assertEquals(array(),$acl->getCurrentUserPrincipals());
139
140    }
141
142    function testCurrentUserPrincipalsSimple() {
143
144        $tree = array(
145
146            new DAV\SimpleCollection('principals', array(
147                new MockPrincipal('admin','principals/admin'),
148            ))
149
150        );
151
152        $acl = new Plugin();
153        $server = new DAV\Server($tree);
154        $server->addPlugin($acl);
155
156        $auth = new DAV\Auth\Plugin(new DAV\Auth\Backend\Mock(),'SabreDAV');
157        $server->addPlugin($auth);
158
159        //forcing login
160        $auth->beforeMethod(new HTTP\Request(), new HTTP\Response());
161
162        $this->assertEquals(array('principals/admin'),$acl->getCurrentUserPrincipals());
163
164    }
165
166    function testCurrentUserPrincipalsGroups() {
167
168        $tree = array(
169
170            new DAV\SimpleCollection('principals', array(
171                new MockPrincipal('admin','principals/admin',array('principals/administrators', 'principals/everyone')),
172                new MockPrincipal('administrators','principals/administrators',array('principals/groups'), array('principals/admin')),
173                new MockPrincipal('everyone','principals/everyone',array(), array('principals/admin')),
174                new MockPrincipal('groups','principals/groups',array(), array('principals/administrators')),
175            ))
176
177        );
178
179        $acl = new Plugin();
180        $server = new DAV\Server($tree);
181        $server->addPlugin($acl);
182
183        $auth = new DAV\Auth\Plugin(new DAV\Auth\Backend\Mock(),'SabreDAV');
184        $server->addPlugin($auth);
185
186        //forcing login
187        $auth->beforeMethod(new HTTP\Request(), new HTTP\Response());
188
189        $expected = array(
190            'principals/admin',
191            'principals/administrators',
192            'principals/everyone',
193            'principals/groups',
194        );
195
196        $this->assertEquals($expected,$acl->getCurrentUserPrincipals());
197
198        // The second one should trigger the cache and be identical
199        $this->assertEquals($expected,$acl->getCurrentUserPrincipals());
200
201    }
202
203    function testGetACL() {
204
205        $acl = array(
206            array(
207                'principal' => 'principals/admin',
208                'privilege' => '{DAV:}read',
209            ),
210            array(
211                'principal' => 'principals/admin',
212                'privilege' => '{DAV:}write',
213            ),
214        );
215
216
217        $tree = array(
218            new MockACLNode('foo',$acl),
219        );
220
221        $server = new DAV\Server($tree);
222        $aclPlugin = new Plugin();
223        $server->addPlugin($aclPlugin);
224
225        $this->assertEquals($acl,$aclPlugin->getACL('foo'));
226
227    }
228
229    function testGetCurrentUserPrivilegeSet() {
230
231        $acl = array(
232            array(
233                'principal' => 'principals/admin',
234                'privilege' => '{DAV:}read',
235            ),
236            array(
237                'principal' => 'principals/user1',
238                'privilege' => '{DAV:}read',
239            ),
240            array(
241                'principal' => 'principals/admin',
242                'privilege' => '{DAV:}write',
243            ),
244        );
245
246
247        $tree = array(
248            new MockACLNode('foo',$acl),
249
250            new DAV\SimpleCollection('principals', array(
251                new MockPrincipal('admin','principals/admin'),
252            )),
253
254        );
255
256        $server = new DAV\Server($tree);
257        $aclPlugin = new Plugin();
258        $server->addPlugin($aclPlugin);
259
260        $auth = new DAV\Auth\Plugin(new DAV\Auth\Backend\Mock(),'SabreDAV');
261        $server->addPlugin($auth);
262
263        //forcing login
264        $auth->beforeMethod(new HTTP\Request(), new HTTP\Response());
265
266        $expected = array(
267            '{DAV:}write',
268            '{DAV:}write-acl',
269            '{DAV:}write-properties',
270            '{DAV:}write-content',
271            '{DAV:}bind',
272            '{DAV:}unbind',
273            '{DAV:}unlock',
274            '{DAV:}read',
275            '{DAV:}read-acl',
276            '{DAV:}read-current-user-privilege-set',
277        );
278
279        $this->assertEquals($expected,$aclPlugin->getCurrentUserPrivilegeSet('foo'));
280
281    }
282
283    function testCheckPrivileges() {
284
285        $acl = array(
286            array(
287                'principal' => 'principals/admin',
288                'privilege' => '{DAV:}read',
289            ),
290            array(
291                'principal' => 'principals/user1',
292                'privilege' => '{DAV:}read',
293            ),
294            array(
295                'principal' => 'principals/admin',
296                'privilege' => '{DAV:}write',
297            ),
298        );
299
300
301        $tree = array(
302            new MockACLNode('foo',$acl),
303
304            new DAV\SimpleCollection('principals', array(
305                new MockPrincipal('admin','principals/admin'),
306            )),
307
308        );
309
310        $server = new DAV\Server($tree);
311        $aclPlugin = new Plugin();
312        $server->addPlugin($aclPlugin);
313
314        $auth = new DAV\Auth\Plugin(new DAV\Auth\Backend\Mock(),'SabreDAV');
315        $server->addPlugin($auth);
316
317        //forcing login
318        //$auth->beforeMethod('GET','/');
319
320        $this->assertFalse($aclPlugin->checkPrivileges('foo', array('{DAV:}read'), Plugin::R_PARENT, false));
321
322    }
323}
324
325
326
327
328