1f8369d7dSTobias Sarnowski<?php 2f8369d7dSTobias Sarnowski 3f8369d7dSTobias Sarnowskiclass auth_acl_test extends DokuWikiTest { 4f8369d7dSTobias Sarnowski 5f8369d7dSTobias Sarnowski var $oldAuthAcl; 6f8369d7dSTobias Sarnowski 7*ff576d93SDominik Eckelmann function setUp() { 8*ff576d93SDominik Eckelmann parent::setUp(); 9f8369d7dSTobias Sarnowski global $AUTH_ACL; 10f8369d7dSTobias Sarnowski global $auth; 11f8369d7dSTobias Sarnowski $this->oldAuthAcl = $AUTH_ACL; 12f8369d7dSTobias Sarnowski $auth = new auth_basic(); 13f8369d7dSTobias Sarnowski } 14f8369d7dSTobias Sarnowski 15*ff576d93SDominik Eckelmann function tearDown() { 16f8369d7dSTobias Sarnowski global $AUTH_ACL; 17f8369d7dSTobias Sarnowski $AUTH_ACL = $this->oldAuthAcl; 18f8369d7dSTobias Sarnowski 19f8369d7dSTobias Sarnowski } 20f8369d7dSTobias Sarnowski 21f8369d7dSTobias Sarnowski function test_restricted(){ 22f8369d7dSTobias Sarnowski global $conf; 23f8369d7dSTobias Sarnowski global $AUTH_ACL; 24f8369d7dSTobias Sarnowski $conf['superuser'] = 'john'; 25f8369d7dSTobias Sarnowski $conf['useacl'] = 1; 26f8369d7dSTobias Sarnowski 27f8369d7dSTobias Sarnowski $AUTH_ACL = array( 28f8369d7dSTobias Sarnowski '* @ALL 0', 29f8369d7dSTobias Sarnowski '* @user 8', 30f8369d7dSTobias Sarnowski ); 31f8369d7dSTobias Sarnowski 32f8369d7dSTobias Sarnowski // anonymous user 33f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('page', '',array()), AUTH_NONE); 34f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:page','',array()), AUTH_NONE); 35f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:*', '',array()), AUTH_NONE); 36f8369d7dSTobias Sarnowski 37f8369d7dSTobias Sarnowski // user with no matching group 38f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('page', 'jill',array('foo')), AUTH_NONE); 39f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo')), AUTH_NONE); 40f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:*', 'jill',array('foo')), AUTH_NONE); 41f8369d7dSTobias Sarnowski 42f8369d7dSTobias Sarnowski // user with matching group 43f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('page', 'jill',array('foo','user')), AUTH_UPLOAD); 44f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo','user')), AUTH_UPLOAD); 45f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:*', 'jill',array('foo','user')), AUTH_UPLOAD); 46f8369d7dSTobias Sarnowski 47f8369d7dSTobias Sarnowski // super user 48f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('page', 'john',array('foo')), AUTH_ADMIN); 49f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:page','john',array('foo')), AUTH_ADMIN); 50f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:*', 'john',array('foo')), AUTH_ADMIN); 51f8369d7dSTobias Sarnowski } 52f8369d7dSTobias Sarnowski 53f8369d7dSTobias Sarnowski function test_restricted_ropage(){ 54f8369d7dSTobias Sarnowski global $conf; 55f8369d7dSTobias Sarnowski global $AUTH_ACL; 56f8369d7dSTobias Sarnowski $conf['superuser'] = 'john'; 57f8369d7dSTobias Sarnowski $conf['useacl'] = 1; 58f8369d7dSTobias Sarnowski 59f8369d7dSTobias Sarnowski $AUTH_ACL = array( 60f8369d7dSTobias Sarnowski '* @ALL 0', 61f8369d7dSTobias Sarnowski '* @user 8', 62f8369d7dSTobias Sarnowski 'namespace:page @user 1', 63f8369d7dSTobias Sarnowski ); 64f8369d7dSTobias Sarnowski 65f8369d7dSTobias Sarnowski // anonymous user 66f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('page', '',array()), AUTH_NONE); 67f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:page','',array()), AUTH_NONE); 68f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:*', '',array()), AUTH_NONE); 69f8369d7dSTobias Sarnowski 70f8369d7dSTobias Sarnowski // user with no matching group 71f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('page', 'jill',array('foo')), AUTH_NONE); 72f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo')), AUTH_NONE); 73f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:*', 'jill',array('foo')), AUTH_NONE); 74f8369d7dSTobias Sarnowski 75f8369d7dSTobias Sarnowski // user with matching group 76f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('page', 'jill',array('foo','user')), AUTH_UPLOAD); 77f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo','user')), AUTH_READ); 78f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:*', 'jill',array('foo','user')), AUTH_UPLOAD); 79f8369d7dSTobias Sarnowski 80f8369d7dSTobias Sarnowski // super user 81f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('page', 'john',array('foo')), AUTH_ADMIN); 82f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:page','john',array('foo')), AUTH_ADMIN); 83f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:*', 'john',array('foo')), AUTH_ADMIN); 84f8369d7dSTobias Sarnowski } 85f8369d7dSTobias Sarnowski 86f8369d7dSTobias Sarnowski function test_aclexample(){ 87f8369d7dSTobias Sarnowski global $conf; 88f8369d7dSTobias Sarnowski global $AUTH_ACL; 89f8369d7dSTobias Sarnowski $conf['superuser'] = 'john'; 90f8369d7dSTobias Sarnowski $conf['useacl'] = 1; 91f8369d7dSTobias Sarnowski 92f8369d7dSTobias Sarnowski $AUTH_ACL = array( 93f8369d7dSTobias Sarnowski '* @ALL 4', 94f8369d7dSTobias Sarnowski '* bigboss 16', 95f8369d7dSTobias Sarnowski 'start @ALL 1', 96f8369d7dSTobias Sarnowski 'marketing:* @marketing 8', 97f8369d7dSTobias Sarnowski 'devel:* @ALL 0', 98f8369d7dSTobias Sarnowski 'devel:* @devel 8', 99f8369d7dSTobias Sarnowski 'devel:* bigboss 16', 100f8369d7dSTobias Sarnowski 'devel:funstuff bigboss 0', 101f8369d7dSTobias Sarnowski 'devel:* @marketing 1', 102f8369d7dSTobias Sarnowski 'devel:marketing @marketing 2', 103f8369d7dSTobias Sarnowski ); 104f8369d7dSTobias Sarnowski 105f8369d7dSTobias Sarnowski 106f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('page', '' ,array()) , AUTH_CREATE); 107f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('page', 'bigboss' ,array('foo')) , AUTH_DELETE); 108f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('page', 'jill' ,array('marketing')) , AUTH_CREATE); 109f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('page', 'jane' ,array('devel')) , AUTH_CREATE); 110f8369d7dSTobias Sarnowski 111f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('start', '' ,array()) , AUTH_READ); 112f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('start', 'bigboss' ,array('foo')) , AUTH_READ); 113f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('start', 'jill' ,array('marketing')) , AUTH_READ); 114f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('start', 'jane' ,array('devel')) , AUTH_READ); 115f8369d7dSTobias Sarnowski 116f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('marketing:page', '' ,array()) , AUTH_CREATE); 117f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('marketing:page', 'bigboss' ,array('foo')) , AUTH_DELETE); 118f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('marketing:page', 'jill' ,array('marketing')) , AUTH_UPLOAD); 119f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('marketing:page', 'jane' ,array('devel')) , AUTH_CREATE); 120f8369d7dSTobias Sarnowski 121f8369d7dSTobias Sarnowski 122f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('devel:page', '' ,array()) , AUTH_NONE); 123f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('devel:page', 'bigboss' ,array('foo')) , AUTH_DELETE); 124f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('devel:page', 'jill' ,array('marketing')) , AUTH_READ); 125f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('devel:page', 'jane' ,array('devel')) , AUTH_UPLOAD); 126f8369d7dSTobias Sarnowski 127f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('devel:funstuff', '' ,array()) , AUTH_NONE); 128f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('devel:funstuff', 'bigboss' ,array('foo')) , AUTH_NONE); 129f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('devel:funstuff', 'jill' ,array('marketing')) , AUTH_READ); 130f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('devel:funstuff', 'jane' ,array('devel')) , AUTH_UPLOAD); 131f8369d7dSTobias Sarnowski 132f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('devel:marketing', '' ,array()) , AUTH_NONE); 133f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('devel:marketing', 'bigboss' ,array('foo')) , AUTH_DELETE); 134f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('devel:marketing', 'jill' ,array('marketing')) , AUTH_EDIT); 135f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('devel:marketing', 'jane' ,array('devel')) , AUTH_UPLOAD); 136f8369d7dSTobias Sarnowski 137f8369d7dSTobias Sarnowski } 138f8369d7dSTobias Sarnowski 139f8369d7dSTobias Sarnowski function test_multiadmin_restricted(){ 140f8369d7dSTobias Sarnowski global $conf; 141f8369d7dSTobias Sarnowski global $AUTH_ACL; 142f8369d7dSTobias Sarnowski $conf['superuser'] = 'john,@admin,doe,@roots'; 143f8369d7dSTobias Sarnowski $conf['useacl'] = 1; 144f8369d7dSTobias Sarnowski 145f8369d7dSTobias Sarnowski $AUTH_ACL = array( 146f8369d7dSTobias Sarnowski '* @ALL 0', 147f8369d7dSTobias Sarnowski '* @user 8', 148f8369d7dSTobias Sarnowski ); 149f8369d7dSTobias Sarnowski 150f8369d7dSTobias Sarnowski // anonymous user 151f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('page', '',array()), AUTH_NONE); 152f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:page','',array()), AUTH_NONE); 153f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:*', '',array()), AUTH_NONE); 154f8369d7dSTobias Sarnowski 155f8369d7dSTobias Sarnowski // user with no matching group 156f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('page', 'jill',array('foo')), AUTH_NONE); 157f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo')), AUTH_NONE); 158f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:*', 'jill',array('foo')), AUTH_NONE); 159f8369d7dSTobias Sarnowski 160f8369d7dSTobias Sarnowski // user with matching group 161f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('page', 'jill',array('foo','user')), AUTH_UPLOAD); 162f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo','user')), AUTH_UPLOAD); 163f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:*', 'jill',array('foo','user')), AUTH_UPLOAD); 164f8369d7dSTobias Sarnowski 165f8369d7dSTobias Sarnowski // super user john 166f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('page', 'john',array('foo')), AUTH_ADMIN); 167f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:page','john',array('foo')), AUTH_ADMIN); 168f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:*', 'john',array('foo')), AUTH_ADMIN); 169f8369d7dSTobias Sarnowski 170f8369d7dSTobias Sarnowski // super user doe 171f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('page', 'doe',array('foo')), AUTH_ADMIN); 172f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:page','doe',array('foo')), AUTH_ADMIN); 173f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:*', 'doe',array('foo')), AUTH_ADMIN); 174f8369d7dSTobias Sarnowski 175f8369d7dSTobias Sarnowski // user with matching admin group 176f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('page', 'jill',array('foo','admin')), AUTH_ADMIN); 177f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo','admin')), AUTH_ADMIN); 178f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:*', 'jill',array('foo','admin')), AUTH_ADMIN); 179f8369d7dSTobias Sarnowski 180f8369d7dSTobias Sarnowski // user with matching another admin group 181f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('page', 'jill',array('foo','roots')), AUTH_ADMIN); 182f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo','roots')), AUTH_ADMIN); 183f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:*', 'jill',array('foo','roots')), AUTH_ADMIN); 184f8369d7dSTobias Sarnowski } 185f8369d7dSTobias Sarnowski 186f8369d7dSTobias Sarnowski function test_multiadmin_restricted_ropage(){ 187f8369d7dSTobias Sarnowski global $conf; 188f8369d7dSTobias Sarnowski global $AUTH_ACL; 189f8369d7dSTobias Sarnowski $conf['superuser'] = 'john,@admin,doe,@roots'; 190f8369d7dSTobias Sarnowski $conf['useacl'] = 1; 191f8369d7dSTobias Sarnowski 192f8369d7dSTobias Sarnowski $AUTH_ACL = array( 193f8369d7dSTobias Sarnowski '* @ALL 0', 194f8369d7dSTobias Sarnowski '* @user 8', 195f8369d7dSTobias Sarnowski 'namespace:page @user 1', 196f8369d7dSTobias Sarnowski ); 197f8369d7dSTobias Sarnowski 198f8369d7dSTobias Sarnowski // anonymous user 199f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('page', '',array()), AUTH_NONE); 200f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:page','',array()), AUTH_NONE); 201f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:*', '',array()), AUTH_NONE); 202f8369d7dSTobias Sarnowski 203f8369d7dSTobias Sarnowski // user with no matching group 204f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('page', 'jill',array('foo')), AUTH_NONE); 205f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo')), AUTH_NONE); 206f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:*', 'jill',array('foo')), AUTH_NONE); 207f8369d7dSTobias Sarnowski 208f8369d7dSTobias Sarnowski // user with matching group 209f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('page', 'jill',array('foo','user')), AUTH_UPLOAD); 210f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo','user')), AUTH_READ); 211f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:*', 'jill',array('foo','user')), AUTH_UPLOAD); 212f8369d7dSTobias Sarnowski 213f8369d7dSTobias Sarnowski // super user john 214f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('page', 'john',array('foo')), AUTH_ADMIN); 215f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:page','john',array('foo')), AUTH_ADMIN); 216f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:*', 'john',array('foo')), AUTH_ADMIN); 217f8369d7dSTobias Sarnowski 218f8369d7dSTobias Sarnowski // super user doe 219f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('page', 'doe',array('foo')), AUTH_ADMIN); 220f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:page','doe',array('foo')), AUTH_ADMIN); 221f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:*', 'doe',array('foo')), AUTH_ADMIN); 222f8369d7dSTobias Sarnowski 223f8369d7dSTobias Sarnowski // user with matching admin group 224f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('page', 'jill',array('foo','admin')), AUTH_ADMIN); 225f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo','admin')), AUTH_ADMIN); 226f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:*', 'jill',array('foo','admin')), AUTH_ADMIN); 227f8369d7dSTobias Sarnowski 228f8369d7dSTobias Sarnowski // user with matching another admin group 229f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('page', 'jill',array('foo','roots')), AUTH_ADMIN); 230f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo','roots')), AUTH_ADMIN); 231f8369d7dSTobias Sarnowski $this->assertEquals(auth_aclcheck('namespace:*', 'jill',array('foo','roots')), AUTH_ADMIN); 232f8369d7dSTobias Sarnowski } 233f8369d7dSTobias Sarnowski 23432e82180SAndreas Gohr function test_wildcards(){ 23532e82180SAndreas Gohr global $conf; 23632e82180SAndreas Gohr global $AUTH_ACL; 23732e82180SAndreas Gohr global $USERINFO; 23832e82180SAndreas Gohr $conf['useacl'] = 1; 23932e82180SAndreas Gohr 24032e82180SAndreas Gohr $_SERVER['REMOTE_USER'] = 'john'; 24132e82180SAndreas Gohr $USERINFO['grps'] = array('test','töst','foo bar'); 24232e82180SAndreas Gohr $AUTH_ACL = auth_loadACL(); // default test file 24332e82180SAndreas Gohr 24432e82180SAndreas Gohr // default setting 24532e82180SAndreas Gohr $this->assertEquals(AUTH_UPLOAD, auth_aclcheck('page', $_SERVER['REMOTE_USER'], $USERINFO['grps'])); 24632e82180SAndreas Gohr 24732e82180SAndreas Gohr // user namespace 24832e82180SAndreas Gohr $this->assertEquals(AUTH_DELETE, auth_aclcheck('users:john:foo', $_SERVER['REMOTE_USER'], $USERINFO['grps'])); 24932e82180SAndreas Gohr $this->assertEquals(AUTH_READ, auth_aclcheck('users:john:foo', 'schmock', array())); 25032e82180SAndreas Gohr 25132e82180SAndreas Gohr // group namespace 25232e82180SAndreas Gohr $this->assertEquals(AUTH_DELETE, auth_aclcheck('groups:test:foo', $_SERVER['REMOTE_USER'], $USERINFO['grps'])); 25332e82180SAndreas Gohr $this->assertEquals(AUTH_READ, auth_aclcheck('groups:test:foo', 'schmock', array())); 25432e82180SAndreas Gohr $this->assertEquals(AUTH_DELETE, auth_aclcheck('groups:toest:foo', $_SERVER['REMOTE_USER'], $USERINFO['grps'])); 25532e82180SAndreas Gohr $this->assertEquals(AUTH_READ, auth_aclcheck('groups:toest:foo', 'schmock', array())); 25632e82180SAndreas Gohr $this->assertEquals(AUTH_DELETE, auth_aclcheck('groups:foo_bar:foo', $_SERVER['REMOTE_USER'], $USERINFO['grps'])); 25732e82180SAndreas Gohr $this->assertEquals(AUTH_READ, auth_aclcheck('groups:foo_bar:foo', 'schmock', array())); 25832e82180SAndreas Gohr 25932e82180SAndreas Gohr } 26032e82180SAndreas Gohr 261f8369d7dSTobias Sarnowski} 262f8369d7dSTobias Sarnowski 263f8369d7dSTobias Sarnowski//Setup VIM: ex: et ts=4 : 264