1f8369d7dSTobias Sarnowski<?php 2f8369d7dSTobias Sarnowski 3e1d9dcc8SAndreas Gohruse dokuwiki\test\mock\AuthPlugin; 4a087da71SAndreas Gohr 5f8369d7dSTobias Sarnowskiclass auth_acl_test extends DokuWikiTest { 6f8369d7dSTobias Sarnowski 79c9753d6SAndreas Gohr protected $oldAuthAcl; 8f8369d7dSTobias Sarnowski 9*1c33cec3SAndreas Gohr function setUp() : void { 10ff576d93SDominik Eckelmann parent::setUp(); 11f8369d7dSTobias Sarnowski global $AUTH_ACL; 12f8369d7dSTobias Sarnowski global $auth; 13f8369d7dSTobias Sarnowski $this->oldAuthAcl = $AUTH_ACL; 14e1d9dcc8SAndreas Gohr $auth = new AuthPlugin(); 15f8369d7dSTobias Sarnowski } 16f8369d7dSTobias Sarnowski 17*1c33cec3SAndreas Gohr function tearDown() : void { 18f8369d7dSTobias Sarnowski global $AUTH_ACL; 19f8369d7dSTobias Sarnowski $AUTH_ACL = $this->oldAuthAcl; 20f8369d7dSTobias Sarnowski 21f8369d7dSTobias Sarnowski } 22f8369d7dSTobias Sarnowski 23f8369d7dSTobias Sarnowski function test_restricted(){ 24f8369d7dSTobias Sarnowski global $conf; 25f8369d7dSTobias Sarnowski global $AUTH_ACL; 26f8369d7dSTobias Sarnowski $conf['superuser'] = 'john'; 27f8369d7dSTobias Sarnowski $conf['useacl'] = 1; 28f8369d7dSTobias Sarnowski 29f8369d7dSTobias Sarnowski $AUTH_ACL = array( 30f8369d7dSTobias Sarnowski '* @ALL 0', 31f8369d7dSTobias Sarnowski '* @user 8', 32f8369d7dSTobias Sarnowski ); 33f8369d7dSTobias Sarnowski 34f8369d7dSTobias Sarnowski // anonymous user 35f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('page', '',array()), AUTH_NONE); 36f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:page','',array()), AUTH_NONE); 37f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:*', '',array()), AUTH_NONE); 38f8369d7dSTobias Sarnowski 39f8369d7dSTobias Sarnowski // user with no matching group 40f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('page', 'jill',array('foo')), AUTH_NONE); 41f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo')), AUTH_NONE); 42f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:*', 'jill',array('foo')), AUTH_NONE); 43f8369d7dSTobias Sarnowski 44f8369d7dSTobias Sarnowski // user with matching group 45f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('page', 'jill',array('foo','user')), AUTH_UPLOAD); 46f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo','user')), AUTH_UPLOAD); 47f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:*', 'jill',array('foo','user')), AUTH_UPLOAD); 48f8369d7dSTobias Sarnowski 49f8369d7dSTobias Sarnowski // super user 50f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('page', 'john',array('foo')), AUTH_ADMIN); 51f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:page','john',array('foo')), AUTH_ADMIN); 52f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:*', 'john',array('foo')), AUTH_ADMIN); 53f8369d7dSTobias Sarnowski } 54f8369d7dSTobias Sarnowski 55f8369d7dSTobias Sarnowski function test_restricted_ropage(){ 56f8369d7dSTobias Sarnowski global $conf; 57f8369d7dSTobias Sarnowski global $AUTH_ACL; 58f8369d7dSTobias Sarnowski $conf['superuser'] = 'john'; 59f8369d7dSTobias Sarnowski $conf['useacl'] = 1; 60f8369d7dSTobias Sarnowski 61f8369d7dSTobias Sarnowski $AUTH_ACL = array( 62f8369d7dSTobias Sarnowski '* @ALL 0', 63f8369d7dSTobias Sarnowski '* @user 8', 64f8369d7dSTobias Sarnowski 'namespace:page @user 1', 65f8369d7dSTobias Sarnowski ); 66f8369d7dSTobias Sarnowski 67f8369d7dSTobias Sarnowski // anonymous user 68f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('page', '',array()), AUTH_NONE); 69f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:page','',array()), AUTH_NONE); 70f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:*', '',array()), AUTH_NONE); 71f8369d7dSTobias Sarnowski 72f8369d7dSTobias Sarnowski // user with no matching group 73f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('page', 'jill',array('foo')), AUTH_NONE); 74f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo')), AUTH_NONE); 75f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:*', 'jill',array('foo')), AUTH_NONE); 76f8369d7dSTobias Sarnowski 77f8369d7dSTobias Sarnowski // user with matching group 78f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('page', 'jill',array('foo','user')), AUTH_UPLOAD); 79f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo','user')), AUTH_READ); 80f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:*', 'jill',array('foo','user')), AUTH_UPLOAD); 81f8369d7dSTobias Sarnowski 82f8369d7dSTobias Sarnowski // super user 83f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('page', 'john',array('foo')), AUTH_ADMIN); 84f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:page','john',array('foo')), AUTH_ADMIN); 85f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:*', 'john',array('foo')), AUTH_ADMIN); 86f8369d7dSTobias Sarnowski } 87f8369d7dSTobias Sarnowski 88f8369d7dSTobias Sarnowski function test_aclexample(){ 89f8369d7dSTobias Sarnowski global $conf; 90f8369d7dSTobias Sarnowski global $AUTH_ACL; 91f8369d7dSTobias Sarnowski $conf['superuser'] = 'john'; 92f8369d7dSTobias Sarnowski $conf['useacl'] = 1; 93f8369d7dSTobias Sarnowski 94f8369d7dSTobias Sarnowski $AUTH_ACL = array( 95f8369d7dSTobias Sarnowski '* @ALL 4', 96f8369d7dSTobias Sarnowski '* bigboss 16', 97f8369d7dSTobias Sarnowski 'start @ALL 1', 98f8369d7dSTobias Sarnowski 'marketing:* @marketing 8', 99f8369d7dSTobias Sarnowski 'devel:* @ALL 0', 100f8369d7dSTobias Sarnowski 'devel:* @devel 8', 101f8369d7dSTobias Sarnowski 'devel:* bigboss 16', 102f8369d7dSTobias Sarnowski 'devel:funstuff bigboss 0', 103f8369d7dSTobias Sarnowski 'devel:* @marketing 1', 104f8369d7dSTobias Sarnowski 'devel:marketing @marketing 2', 105f8369d7dSTobias Sarnowski ); 106f8369d7dSTobias Sarnowski 107f8369d7dSTobias Sarnowski 108f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('page', '' ,array()) , AUTH_CREATE); 109f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('page', 'bigboss' ,array('foo')) , AUTH_DELETE); 110f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('page', 'jill' ,array('marketing')) , AUTH_CREATE); 111f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('page', 'jane' ,array('devel')) , AUTH_CREATE); 112f8369d7dSTobias Sarnowski 113f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('start', '' ,array()) , AUTH_READ); 114f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('start', 'bigboss' ,array('foo')) , AUTH_READ); 115f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('start', 'jill' ,array('marketing')) , AUTH_READ); 116f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('start', 'jane' ,array('devel')) , AUTH_READ); 117f8369d7dSTobias Sarnowski 118f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('marketing:page', '' ,array()) , AUTH_CREATE); 119f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('marketing:page', 'bigboss' ,array('foo')) , AUTH_DELETE); 120f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('marketing:page', 'jill' ,array('marketing')) , AUTH_UPLOAD); 121f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('marketing:page', 'jane' ,array('devel')) , AUTH_CREATE); 122f8369d7dSTobias Sarnowski 123f8369d7dSTobias Sarnowski 124f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('devel:page', '' ,array()) , AUTH_NONE); 125f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('devel:page', 'bigboss' ,array('foo')) , AUTH_DELETE); 126f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('devel:page', 'jill' ,array('marketing')) , AUTH_READ); 127f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('devel:page', 'jane' ,array('devel')) , AUTH_UPLOAD); 128f8369d7dSTobias Sarnowski 129f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('devel:funstuff', '' ,array()) , AUTH_NONE); 130f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('devel:funstuff', 'bigboss' ,array('foo')) , AUTH_NONE); 131f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('devel:funstuff', 'jill' ,array('marketing')) , AUTH_READ); 132f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('devel:funstuff', 'jane' ,array('devel')) , AUTH_UPLOAD); 133f8369d7dSTobias Sarnowski 134f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('devel:marketing', '' ,array()) , AUTH_NONE); 135f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('devel:marketing', 'bigboss' ,array('foo')) , AUTH_DELETE); 136f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('devel:marketing', 'jill' ,array('marketing')) , AUTH_EDIT); 137f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('devel:marketing', 'jane' ,array('devel')) , AUTH_UPLOAD); 138f8369d7dSTobias Sarnowski 139f8369d7dSTobias Sarnowski } 140f8369d7dSTobias Sarnowski 141f8369d7dSTobias Sarnowski function test_multiadmin_restricted(){ 142f8369d7dSTobias Sarnowski global $conf; 143f8369d7dSTobias Sarnowski global $AUTH_ACL; 144f8369d7dSTobias Sarnowski $conf['superuser'] = 'john,@admin,doe,@roots'; 145f8369d7dSTobias Sarnowski $conf['useacl'] = 1; 146f8369d7dSTobias Sarnowski 147f8369d7dSTobias Sarnowski $AUTH_ACL = array( 148f8369d7dSTobias Sarnowski '* @ALL 0', 149f8369d7dSTobias Sarnowski '* @user 8', 150f8369d7dSTobias Sarnowski ); 151f8369d7dSTobias Sarnowski 152f8369d7dSTobias Sarnowski // anonymous user 153f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('page', '',array()), AUTH_NONE); 154f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:page','',array()), AUTH_NONE); 155f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:*', '',array()), AUTH_NONE); 156f8369d7dSTobias Sarnowski 157f8369d7dSTobias Sarnowski // user with no matching group 158f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('page', 'jill',array('foo')), AUTH_NONE); 159f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo')), AUTH_NONE); 160f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:*', 'jill',array('foo')), AUTH_NONE); 161f8369d7dSTobias Sarnowski 162f8369d7dSTobias Sarnowski // user with matching group 163f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('page', 'jill',array('foo','user')), AUTH_UPLOAD); 164f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo','user')), AUTH_UPLOAD); 165f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:*', 'jill',array('foo','user')), AUTH_UPLOAD); 166f8369d7dSTobias Sarnowski 167f8369d7dSTobias Sarnowski // super user john 168f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('page', 'john',array('foo')), AUTH_ADMIN); 169f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:page','john',array('foo')), AUTH_ADMIN); 170f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:*', 'john',array('foo')), AUTH_ADMIN); 171f8369d7dSTobias Sarnowski 172f8369d7dSTobias Sarnowski // super user doe 173f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('page', 'doe',array('foo')), AUTH_ADMIN); 174f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:page','doe',array('foo')), AUTH_ADMIN); 175f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:*', 'doe',array('foo')), AUTH_ADMIN); 176f8369d7dSTobias Sarnowski 177f8369d7dSTobias Sarnowski // user with matching admin group 178f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('page', 'jill',array('foo','admin')), AUTH_ADMIN); 179f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo','admin')), AUTH_ADMIN); 180f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:*', 'jill',array('foo','admin')), AUTH_ADMIN); 181f8369d7dSTobias Sarnowski 182f8369d7dSTobias Sarnowski // user with matching another admin group 183f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('page', 'jill',array('foo','roots')), AUTH_ADMIN); 184f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo','roots')), AUTH_ADMIN); 185f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:*', 'jill',array('foo','roots')), AUTH_ADMIN); 186f8369d7dSTobias Sarnowski } 187f8369d7dSTobias Sarnowski 188f8369d7dSTobias Sarnowski function test_multiadmin_restricted_ropage(){ 189f8369d7dSTobias Sarnowski global $conf; 190f8369d7dSTobias Sarnowski global $AUTH_ACL; 191f8369d7dSTobias Sarnowski $conf['superuser'] = 'john,@admin,doe,@roots'; 192f8369d7dSTobias Sarnowski $conf['useacl'] = 1; 193f8369d7dSTobias Sarnowski 194f8369d7dSTobias Sarnowski $AUTH_ACL = array( 195f8369d7dSTobias Sarnowski '* @ALL 0', 196f8369d7dSTobias Sarnowski '* @user 8', 197f8369d7dSTobias Sarnowski 'namespace:page @user 1', 198f8369d7dSTobias Sarnowski ); 199f8369d7dSTobias Sarnowski 200f8369d7dSTobias Sarnowski // anonymous user 201f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('page', '',array()), AUTH_NONE); 202f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:page','',array()), AUTH_NONE); 203f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:*', '',array()), AUTH_NONE); 204f8369d7dSTobias Sarnowski 205f8369d7dSTobias Sarnowski // user with no matching group 206f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('page', 'jill',array('foo')), AUTH_NONE); 207f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo')), AUTH_NONE); 208f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:*', 'jill',array('foo')), AUTH_NONE); 209f8369d7dSTobias Sarnowski 210f8369d7dSTobias Sarnowski // user with matching group 211f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('page', 'jill',array('foo','user')), AUTH_UPLOAD); 212f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo','user')), AUTH_READ); 213f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:*', 'jill',array('foo','user')), AUTH_UPLOAD); 214f8369d7dSTobias Sarnowski 215f8369d7dSTobias Sarnowski // super user john 216f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('page', 'john',array('foo')), AUTH_ADMIN); 217f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:page','john',array('foo')), AUTH_ADMIN); 218f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:*', 'john',array('foo')), AUTH_ADMIN); 219f8369d7dSTobias Sarnowski 220f8369d7dSTobias Sarnowski // super user doe 221f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('page', 'doe',array('foo')), AUTH_ADMIN); 222f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:page','doe',array('foo')), AUTH_ADMIN); 223f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:*', 'doe',array('foo')), AUTH_ADMIN); 224f8369d7dSTobias Sarnowski 225f8369d7dSTobias Sarnowski // user with matching admin group 226f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('page', 'jill',array('foo','admin')), AUTH_ADMIN); 227f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo','admin')), AUTH_ADMIN); 228f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:*', 'jill',array('foo','admin')), AUTH_ADMIN); 229f8369d7dSTobias Sarnowski 230f8369d7dSTobias Sarnowski // user with matching another admin group 231f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('page', 'jill',array('foo','roots')), AUTH_ADMIN); 232f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo','roots')), AUTH_ADMIN); 233f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:*', 'jill',array('foo','roots')), AUTH_ADMIN); 234f8369d7dSTobias Sarnowski } 235f8369d7dSTobias Sarnowski 23632e82180SAndreas Gohr function test_wildcards(){ 23732e82180SAndreas Gohr global $conf; 23832e82180SAndreas Gohr global $AUTH_ACL; 23932e82180SAndreas Gohr global $USERINFO; 24032e82180SAndreas Gohr $conf['useacl'] = 1; 24132e82180SAndreas Gohr 24232e82180SAndreas Gohr $_SERVER['REMOTE_USER'] = 'john'; 24332e82180SAndreas Gohr $USERINFO['grps'] = array('test','töst','foo bar'); 24432e82180SAndreas Gohr $AUTH_ACL = auth_loadACL(); // default test file 24532e82180SAndreas Gohr 24632e82180SAndreas Gohr // default setting 24732e82180SAndreas Gohr $this->assertEquals(AUTH_UPLOAD, auth_aclcheck('page', $_SERVER['REMOTE_USER'], $USERINFO['grps'])); 24832e82180SAndreas Gohr 24932e82180SAndreas Gohr // user namespace 25032e82180SAndreas Gohr $this->assertEquals(AUTH_DELETE, auth_aclcheck('users:john:foo', $_SERVER['REMOTE_USER'], $USERINFO['grps'])); 25132e82180SAndreas Gohr $this->assertEquals(AUTH_READ, auth_aclcheck('users:john:foo', 'schmock', array())); 25232e82180SAndreas Gohr 25332e82180SAndreas Gohr // group namespace 25432e82180SAndreas Gohr $this->assertEquals(AUTH_DELETE, auth_aclcheck('groups:test:foo', $_SERVER['REMOTE_USER'], $USERINFO['grps'])); 25532e82180SAndreas Gohr $this->assertEquals(AUTH_READ, auth_aclcheck('groups:test:foo', 'schmock', array())); 25632e82180SAndreas Gohr $this->assertEquals(AUTH_DELETE, auth_aclcheck('groups:toest:foo', $_SERVER['REMOTE_USER'], $USERINFO['grps'])); 25732e82180SAndreas Gohr $this->assertEquals(AUTH_READ, auth_aclcheck('groups:toest:foo', 'schmock', array())); 25832e82180SAndreas Gohr $this->assertEquals(AUTH_DELETE, auth_aclcheck('groups:foo_bar:foo', $_SERVER['REMOTE_USER'], $USERINFO['grps'])); 25932e82180SAndreas Gohr $this->assertEquals(AUTH_READ, auth_aclcheck('groups:foo_bar:foo', 'schmock', array())); 26032e82180SAndreas Gohr 26132e82180SAndreas Gohr } 26232e82180SAndreas Gohr 263f8369d7dSTobias Sarnowski} 264f8369d7dSTobias Sarnowski 265f8369d7dSTobias Sarnowski//Setup VIM: ex: et ts=4 : 266