1*f8369d7dSTobias Sarnowski<?php 2*f8369d7dSTobias Sarnowski 3*f8369d7dSTobias Sarnowskirequire_once DOKU_INC.'inc/init.php'; 4*f8369d7dSTobias Sarnowskirequire_once DOKU_INC.'inc/auth.php'; 5*f8369d7dSTobias Sarnowskirequire_once DOKU_INC.'inc/auth/basic.class.php'; 6*f8369d7dSTobias Sarnowski 7*f8369d7dSTobias Sarnowskiclass auth_acl_test extends DokuWikiTest { 8*f8369d7dSTobias Sarnowski 9*f8369d7dSTobias Sarnowski var $oldConf; 10*f8369d7dSTobias Sarnowski var $oldAuthAcl; 11*f8369d7dSTobias Sarnowski 12*f8369d7dSTobias Sarnowski function setup() { 13*f8369d7dSTobias Sarnowski global $conf; 14*f8369d7dSTobias Sarnowski global $AUTH_ACL; 15*f8369d7dSTobias Sarnowski global $auth; 16*f8369d7dSTobias Sarnowski $this->oldConf = $conf; 17*f8369d7dSTobias Sarnowski $this->oldAuthAcl = $AUTH_ACL; 18*f8369d7dSTobias Sarnowski $auth = new auth_basic(); 19*f8369d7dSTobias Sarnowski } 20*f8369d7dSTobias Sarnowski 21*f8369d7dSTobias Sarnowski function teardown() { 22*f8369d7dSTobias Sarnowski global $conf; 23*f8369d7dSTobias Sarnowski global $AUTH_ACL; 24*f8369d7dSTobias Sarnowski $conf = $this->oldConf; 25*f8369d7dSTobias Sarnowski $AUTH_ACL = $this->oldAuthAcl; 26*f8369d7dSTobias Sarnowski 27*f8369d7dSTobias Sarnowski } 28*f8369d7dSTobias Sarnowski 29*f8369d7dSTobias Sarnowski function test_restricted(){ 30*f8369d7dSTobias Sarnowski global $conf; 31*f8369d7dSTobias Sarnowski global $AUTH_ACL; 32*f8369d7dSTobias Sarnowski $conf['superuser'] = 'john'; 33*f8369d7dSTobias Sarnowski $conf['useacl'] = 1; 34*f8369d7dSTobias Sarnowski 35*f8369d7dSTobias Sarnowski $AUTH_ACL = array( 36*f8369d7dSTobias Sarnowski '* @ALL 0', 37*f8369d7dSTobias Sarnowski '* @user 8', 38*f8369d7dSTobias Sarnowski ); 39*f8369d7dSTobias Sarnowski 40*f8369d7dSTobias Sarnowski // anonymous user 41*f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('page', '',array()), AUTH_NONE); 42*f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:page','',array()), AUTH_NONE); 43*f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:*', '',array()), AUTH_NONE); 44*f8369d7dSTobias Sarnowski 45*f8369d7dSTobias Sarnowski // user with no matching group 46*f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('page', 'jill',array('foo')), AUTH_NONE); 47*f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo')), AUTH_NONE); 48*f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:*', 'jill',array('foo')), AUTH_NONE); 49*f8369d7dSTobias Sarnowski 50*f8369d7dSTobias Sarnowski // user with matching group 51*f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('page', 'jill',array('foo','user')), AUTH_UPLOAD); 52*f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo','user')), AUTH_UPLOAD); 53*f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:*', 'jill',array('foo','user')), AUTH_UPLOAD); 54*f8369d7dSTobias Sarnowski 55*f8369d7dSTobias Sarnowski // super user 56*f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('page', 'john',array('foo')), AUTH_ADMIN); 57*f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:page','john',array('foo')), AUTH_ADMIN); 58*f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:*', 'john',array('foo')), AUTH_ADMIN); 59*f8369d7dSTobias Sarnowski } 60*f8369d7dSTobias Sarnowski 61*f8369d7dSTobias Sarnowski function test_restricted_ropage(){ 62*f8369d7dSTobias Sarnowski global $conf; 63*f8369d7dSTobias Sarnowski global $AUTH_ACL; 64*f8369d7dSTobias Sarnowski $conf['superuser'] = 'john'; 65*f8369d7dSTobias Sarnowski $conf['useacl'] = 1; 66*f8369d7dSTobias Sarnowski 67*f8369d7dSTobias Sarnowski $AUTH_ACL = array( 68*f8369d7dSTobias Sarnowski '* @ALL 0', 69*f8369d7dSTobias Sarnowski '* @user 8', 70*f8369d7dSTobias Sarnowski 'namespace:page @user 1', 71*f8369d7dSTobias Sarnowski ); 72*f8369d7dSTobias Sarnowski 73*f8369d7dSTobias Sarnowski // anonymous user 74*f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('page', '',array()), AUTH_NONE); 75*f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:page','',array()), AUTH_NONE); 76*f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:*', '',array()), AUTH_NONE); 77*f8369d7dSTobias Sarnowski 78*f8369d7dSTobias Sarnowski // user with no matching group 79*f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('page', 'jill',array('foo')), AUTH_NONE); 80*f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo')), AUTH_NONE); 81*f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:*', 'jill',array('foo')), AUTH_NONE); 82*f8369d7dSTobias Sarnowski 83*f8369d7dSTobias Sarnowski // user with matching group 84*f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('page', 'jill',array('foo','user')), AUTH_UPLOAD); 85*f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo','user')), AUTH_READ); 86*f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:*', 'jill',array('foo','user')), AUTH_UPLOAD); 87*f8369d7dSTobias Sarnowski 88*f8369d7dSTobias Sarnowski // super user 89*f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('page', 'john',array('foo')), AUTH_ADMIN); 90*f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:page','john',array('foo')), AUTH_ADMIN); 91*f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:*', 'john',array('foo')), AUTH_ADMIN); 92*f8369d7dSTobias Sarnowski } 93*f8369d7dSTobias Sarnowski 94*f8369d7dSTobias Sarnowski function test_aclexample(){ 95*f8369d7dSTobias Sarnowski global $conf; 96*f8369d7dSTobias Sarnowski global $AUTH_ACL; 97*f8369d7dSTobias Sarnowski $conf['superuser'] = 'john'; 98*f8369d7dSTobias Sarnowski $conf['useacl'] = 1; 99*f8369d7dSTobias Sarnowski 100*f8369d7dSTobias Sarnowski $AUTH_ACL = array( 101*f8369d7dSTobias Sarnowski '* @ALL 4', 102*f8369d7dSTobias Sarnowski '* bigboss 16', 103*f8369d7dSTobias Sarnowski 'start @ALL 1', 104*f8369d7dSTobias Sarnowski 'marketing:* @marketing 8', 105*f8369d7dSTobias Sarnowski 'devel:* @ALL 0', 106*f8369d7dSTobias Sarnowski 'devel:* @devel 8', 107*f8369d7dSTobias Sarnowski 'devel:* bigboss 16', 108*f8369d7dSTobias Sarnowski 'devel:funstuff bigboss 0', 109*f8369d7dSTobias Sarnowski 'devel:* @marketing 1', 110*f8369d7dSTobias Sarnowski 'devel:marketing @marketing 2', 111*f8369d7dSTobias Sarnowski ); 112*f8369d7dSTobias Sarnowski 113*f8369d7dSTobias Sarnowski 114*f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('page', '' ,array()) , AUTH_CREATE); 115*f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('page', 'bigboss' ,array('foo')) , AUTH_DELETE); 116*f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('page', 'jill' ,array('marketing')) , AUTH_CREATE); 117*f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('page', 'jane' ,array('devel')) , AUTH_CREATE); 118*f8369d7dSTobias Sarnowski 119*f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('start', '' ,array()) , AUTH_READ); 120*f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('start', 'bigboss' ,array('foo')) , AUTH_READ); 121*f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('start', 'jill' ,array('marketing')) , AUTH_READ); 122*f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('start', 'jane' ,array('devel')) , AUTH_READ); 123*f8369d7dSTobias Sarnowski 124*f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('marketing:page', '' ,array()) , AUTH_CREATE); 125*f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('marketing:page', 'bigboss' ,array('foo')) , AUTH_DELETE); 126*f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('marketing:page', 'jill' ,array('marketing')) , AUTH_UPLOAD); 127*f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('marketing:page', 'jane' ,array('devel')) , AUTH_CREATE); 128*f8369d7dSTobias Sarnowski 129*f8369d7dSTobias Sarnowski 130*f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('devel:page', '' ,array()) , AUTH_NONE); 131*f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('devel:page', 'bigboss' ,array('foo')) , AUTH_DELETE); 132*f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('devel:page', 'jill' ,array('marketing')) , AUTH_READ); 133*f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('devel:page', 'jane' ,array('devel')) , AUTH_UPLOAD); 134*f8369d7dSTobias Sarnowski 135*f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('devel:funstuff', '' ,array()) , AUTH_NONE); 136*f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('devel:funstuff', 'bigboss' ,array('foo')) , AUTH_NONE); 137*f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('devel:funstuff', 'jill' ,array('marketing')) , AUTH_READ); 138*f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('devel:funstuff', 'jane' ,array('devel')) , AUTH_UPLOAD); 139*f8369d7dSTobias Sarnowski 140*f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('devel:marketing', '' ,array()) , AUTH_NONE); 141*f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('devel:marketing', 'bigboss' ,array('foo')) , AUTH_DELETE); 142*f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('devel:marketing', 'jill' ,array('marketing')) , AUTH_EDIT); 143*f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('devel:marketing', 'jane' ,array('devel')) , AUTH_UPLOAD); 144*f8369d7dSTobias Sarnowski 145*f8369d7dSTobias Sarnowski } 146*f8369d7dSTobias Sarnowski 147*f8369d7dSTobias Sarnowski function test_multiadmin_restricted(){ 148*f8369d7dSTobias Sarnowski global $conf; 149*f8369d7dSTobias Sarnowski global $AUTH_ACL; 150*f8369d7dSTobias Sarnowski $conf['superuser'] = 'john,@admin,doe,@roots'; 151*f8369d7dSTobias Sarnowski $conf['useacl'] = 1; 152*f8369d7dSTobias Sarnowski 153*f8369d7dSTobias Sarnowski $AUTH_ACL = array( 154*f8369d7dSTobias Sarnowski '* @ALL 0', 155*f8369d7dSTobias Sarnowski '* @user 8', 156*f8369d7dSTobias Sarnowski ); 157*f8369d7dSTobias Sarnowski 158*f8369d7dSTobias Sarnowski // anonymous user 159*f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('page', '',array()), AUTH_NONE); 160*f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:page','',array()), AUTH_NONE); 161*f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:*', '',array()), AUTH_NONE); 162*f8369d7dSTobias Sarnowski 163*f8369d7dSTobias Sarnowski // user with no matching group 164*f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('page', 'jill',array('foo')), AUTH_NONE); 165*f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo')), AUTH_NONE); 166*f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:*', 'jill',array('foo')), AUTH_NONE); 167*f8369d7dSTobias Sarnowski 168*f8369d7dSTobias Sarnowski // user with matching group 169*f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('page', 'jill',array('foo','user')), AUTH_UPLOAD); 170*f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo','user')), AUTH_UPLOAD); 171*f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:*', 'jill',array('foo','user')), AUTH_UPLOAD); 172*f8369d7dSTobias Sarnowski 173*f8369d7dSTobias Sarnowski // super user john 174*f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('page', 'john',array('foo')), AUTH_ADMIN); 175*f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:page','john',array('foo')), AUTH_ADMIN); 176*f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:*', 'john',array('foo')), AUTH_ADMIN); 177*f8369d7dSTobias Sarnowski 178*f8369d7dSTobias Sarnowski // super user doe 179*f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('page', 'doe',array('foo')), AUTH_ADMIN); 180*f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:page','doe',array('foo')), AUTH_ADMIN); 181*f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:*', 'doe',array('foo')), AUTH_ADMIN); 182*f8369d7dSTobias Sarnowski 183*f8369d7dSTobias Sarnowski // user with matching admin group 184*f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('page', 'jill',array('foo','admin')), AUTH_ADMIN); 185*f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo','admin')), AUTH_ADMIN); 186*f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:*', 'jill',array('foo','admin')), AUTH_ADMIN); 187*f8369d7dSTobias Sarnowski 188*f8369d7dSTobias Sarnowski // user with matching another admin group 189*f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('page', 'jill',array('foo','roots')), AUTH_ADMIN); 190*f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo','roots')), AUTH_ADMIN); 191*f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:*', 'jill',array('foo','roots')), AUTH_ADMIN); 192*f8369d7dSTobias Sarnowski } 193*f8369d7dSTobias Sarnowski 194*f8369d7dSTobias Sarnowski function test_multiadmin_restricted_ropage(){ 195*f8369d7dSTobias Sarnowski global $conf; 196*f8369d7dSTobias Sarnowski global $AUTH_ACL; 197*f8369d7dSTobias Sarnowski $conf['superuser'] = 'john,@admin,doe,@roots'; 198*f8369d7dSTobias Sarnowski $conf['useacl'] = 1; 199*f8369d7dSTobias Sarnowski 200*f8369d7dSTobias Sarnowski $AUTH_ACL = array( 201*f8369d7dSTobias Sarnowski '* @ALL 0', 202*f8369d7dSTobias Sarnowski '* @user 8', 203*f8369d7dSTobias Sarnowski 'namespace:page @user 1', 204*f8369d7dSTobias Sarnowski ); 205*f8369d7dSTobias Sarnowski 206*f8369d7dSTobias Sarnowski // anonymous user 207*f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('page', '',array()), AUTH_NONE); 208*f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:page','',array()), AUTH_NONE); 209*f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:*', '',array()), AUTH_NONE); 210*f8369d7dSTobias Sarnowski 211*f8369d7dSTobias Sarnowski // user with no matching group 212*f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('page', 'jill',array('foo')), AUTH_NONE); 213*f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo')), AUTH_NONE); 214*f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:*', 'jill',array('foo')), AUTH_NONE); 215*f8369d7dSTobias Sarnowski 216*f8369d7dSTobias Sarnowski // user with matching group 217*f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('page', 'jill',array('foo','user')), AUTH_UPLOAD); 218*f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo','user')), AUTH_READ); 219*f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:*', 'jill',array('foo','user')), AUTH_UPLOAD); 220*f8369d7dSTobias Sarnowski 221*f8369d7dSTobias Sarnowski // super user john 222*f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('page', 'john',array('foo')), AUTH_ADMIN); 223*f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:page','john',array('foo')), AUTH_ADMIN); 224*f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:*', 'john',array('foo')), AUTH_ADMIN); 225*f8369d7dSTobias Sarnowski 226*f8369d7dSTobias Sarnowski // super user doe 227*f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('page', 'doe',array('foo')), AUTH_ADMIN); 228*f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:page','doe',array('foo')), AUTH_ADMIN); 229*f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:*', 'doe',array('foo')), AUTH_ADMIN); 230*f8369d7dSTobias Sarnowski 231*f8369d7dSTobias Sarnowski // user with matching admin group 232*f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('page', 'jill',array('foo','admin')), AUTH_ADMIN); 233*f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo','admin')), AUTH_ADMIN); 234*f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:*', 'jill',array('foo','admin')), AUTH_ADMIN); 235*f8369d7dSTobias Sarnowski 236*f8369d7dSTobias Sarnowski // user with matching another admin group 237*f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('page', 'jill',array('foo','roots')), AUTH_ADMIN); 238*f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo','roots')), AUTH_ADMIN); 239*f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:*', 'jill',array('foo','roots')), AUTH_ADMIN); 240*f8369d7dSTobias Sarnowski } 241*f8369d7dSTobias Sarnowski 242*f8369d7dSTobias Sarnowski} 243*f8369d7dSTobias Sarnowski 244*f8369d7dSTobias Sarnowski//Setup VIM: ex: et ts=4 : 245