1<?php 2 3class auth_acl_test extends DokuWikiTest { 4 5 var $oldConf; 6 var $oldAuthAcl; 7 8 function setup() { 9 global $conf; 10 global $AUTH_ACL; 11 global $auth; 12 $this->oldConf = $conf; 13 $this->oldAuthAcl = $AUTH_ACL; 14 $auth = new auth_basic(); 15 } 16 17 function teardown() { 18 global $conf; 19 global $AUTH_ACL; 20 $conf = $this->oldConf; 21 $AUTH_ACL = $this->oldAuthAcl; 22 23 } 24 25 function test_restricted(){ 26 global $conf; 27 global $AUTH_ACL; 28 $conf['superuser'] = 'john'; 29 $conf['useacl'] = 1; 30 31 $AUTH_ACL = array( 32 '* @ALL 0', 33 '* @user 8', 34 ); 35 36 // anonymous user 37 $this->assertEquals(auth_aclcheck('page', '',array()), AUTH_NONE); 38 $this->assertEquals(auth_aclcheck('namespace:page','',array()), AUTH_NONE); 39 $this->assertEquals(auth_aclcheck('namespace:*', '',array()), AUTH_NONE); 40 41 // user with no matching group 42 $this->assertEquals(auth_aclcheck('page', 'jill',array('foo')), AUTH_NONE); 43 $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo')), AUTH_NONE); 44 $this->assertEquals(auth_aclcheck('namespace:*', 'jill',array('foo')), AUTH_NONE); 45 46 // user with matching group 47 $this->assertEquals(auth_aclcheck('page', 'jill',array('foo','user')), AUTH_UPLOAD); 48 $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo','user')), AUTH_UPLOAD); 49 $this->assertEquals(auth_aclcheck('namespace:*', 'jill',array('foo','user')), AUTH_UPLOAD); 50 51 // super user 52 $this->assertEquals(auth_aclcheck('page', 'john',array('foo')), AUTH_ADMIN); 53 $this->assertEquals(auth_aclcheck('namespace:page','john',array('foo')), AUTH_ADMIN); 54 $this->assertEquals(auth_aclcheck('namespace:*', 'john',array('foo')), AUTH_ADMIN); 55 } 56 57 function test_restricted_ropage(){ 58 global $conf; 59 global $AUTH_ACL; 60 $conf['superuser'] = 'john'; 61 $conf['useacl'] = 1; 62 63 $AUTH_ACL = array( 64 '* @ALL 0', 65 '* @user 8', 66 'namespace:page @user 1', 67 ); 68 69 // anonymous user 70 $this->assertEquals(auth_aclcheck('page', '',array()), AUTH_NONE); 71 $this->assertEquals(auth_aclcheck('namespace:page','',array()), AUTH_NONE); 72 $this->assertEquals(auth_aclcheck('namespace:*', '',array()), AUTH_NONE); 73 74 // user with no matching group 75 $this->assertEquals(auth_aclcheck('page', 'jill',array('foo')), AUTH_NONE); 76 $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo')), AUTH_NONE); 77 $this->assertEquals(auth_aclcheck('namespace:*', 'jill',array('foo')), AUTH_NONE); 78 79 // user with matching group 80 $this->assertEquals(auth_aclcheck('page', 'jill',array('foo','user')), AUTH_UPLOAD); 81 $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo','user')), AUTH_READ); 82 $this->assertEquals(auth_aclcheck('namespace:*', 'jill',array('foo','user')), AUTH_UPLOAD); 83 84 // super user 85 $this->assertEquals(auth_aclcheck('page', 'john',array('foo')), AUTH_ADMIN); 86 $this->assertEquals(auth_aclcheck('namespace:page','john',array('foo')), AUTH_ADMIN); 87 $this->assertEquals(auth_aclcheck('namespace:*', 'john',array('foo')), AUTH_ADMIN); 88 } 89 90 function test_aclexample(){ 91 global $conf; 92 global $AUTH_ACL; 93 $conf['superuser'] = 'john'; 94 $conf['useacl'] = 1; 95 96 $AUTH_ACL = array( 97 '* @ALL 4', 98 '* bigboss 16', 99 'start @ALL 1', 100 'marketing:* @marketing 8', 101 'devel:* @ALL 0', 102 'devel:* @devel 8', 103 'devel:* bigboss 16', 104 'devel:funstuff bigboss 0', 105 'devel:* @marketing 1', 106 'devel:marketing @marketing 2', 107 ); 108 109 110 $this->assertEquals(auth_aclcheck('page', '' ,array()) , AUTH_CREATE); 111 $this->assertEquals(auth_aclcheck('page', 'bigboss' ,array('foo')) , AUTH_DELETE); 112 $this->assertEquals(auth_aclcheck('page', 'jill' ,array('marketing')) , AUTH_CREATE); 113 $this->assertEquals(auth_aclcheck('page', 'jane' ,array('devel')) , AUTH_CREATE); 114 115 $this->assertEquals(auth_aclcheck('start', '' ,array()) , AUTH_READ); 116 $this->assertEquals(auth_aclcheck('start', 'bigboss' ,array('foo')) , AUTH_READ); 117 $this->assertEquals(auth_aclcheck('start', 'jill' ,array('marketing')) , AUTH_READ); 118 $this->assertEquals(auth_aclcheck('start', 'jane' ,array('devel')) , AUTH_READ); 119 120 $this->assertEquals(auth_aclcheck('marketing:page', '' ,array()) , AUTH_CREATE); 121 $this->assertEquals(auth_aclcheck('marketing:page', 'bigboss' ,array('foo')) , AUTH_DELETE); 122 $this->assertEquals(auth_aclcheck('marketing:page', 'jill' ,array('marketing')) , AUTH_UPLOAD); 123 $this->assertEquals(auth_aclcheck('marketing:page', 'jane' ,array('devel')) , AUTH_CREATE); 124 125 126 $this->assertEquals(auth_aclcheck('devel:page', '' ,array()) , AUTH_NONE); 127 $this->assertEquals(auth_aclcheck('devel:page', 'bigboss' ,array('foo')) , AUTH_DELETE); 128 $this->assertEquals(auth_aclcheck('devel:page', 'jill' ,array('marketing')) , AUTH_READ); 129 $this->assertEquals(auth_aclcheck('devel:page', 'jane' ,array('devel')) , AUTH_UPLOAD); 130 131 $this->assertEquals(auth_aclcheck('devel:funstuff', '' ,array()) , AUTH_NONE); 132 $this->assertEquals(auth_aclcheck('devel:funstuff', 'bigboss' ,array('foo')) , AUTH_NONE); 133 $this->assertEquals(auth_aclcheck('devel:funstuff', 'jill' ,array('marketing')) , AUTH_READ); 134 $this->assertEquals(auth_aclcheck('devel:funstuff', 'jane' ,array('devel')) , AUTH_UPLOAD); 135 136 $this->assertEquals(auth_aclcheck('devel:marketing', '' ,array()) , AUTH_NONE); 137 $this->assertEquals(auth_aclcheck('devel:marketing', 'bigboss' ,array('foo')) , AUTH_DELETE); 138 $this->assertEquals(auth_aclcheck('devel:marketing', 'jill' ,array('marketing')) , AUTH_EDIT); 139 $this->assertEquals(auth_aclcheck('devel:marketing', 'jane' ,array('devel')) , AUTH_UPLOAD); 140 141 } 142 143 function test_multiadmin_restricted(){ 144 global $conf; 145 global $AUTH_ACL; 146 $conf['superuser'] = 'john,@admin,doe,@roots'; 147 $conf['useacl'] = 1; 148 149 $AUTH_ACL = array( 150 '* @ALL 0', 151 '* @user 8', 152 ); 153 154 // anonymous user 155 $this->assertEquals(auth_aclcheck('page', '',array()), AUTH_NONE); 156 $this->assertEquals(auth_aclcheck('namespace:page','',array()), AUTH_NONE); 157 $this->assertEquals(auth_aclcheck('namespace:*', '',array()), AUTH_NONE); 158 159 // user with no matching group 160 $this->assertEquals(auth_aclcheck('page', 'jill',array('foo')), AUTH_NONE); 161 $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo')), AUTH_NONE); 162 $this->assertEquals(auth_aclcheck('namespace:*', 'jill',array('foo')), AUTH_NONE); 163 164 // user with matching group 165 $this->assertEquals(auth_aclcheck('page', 'jill',array('foo','user')), AUTH_UPLOAD); 166 $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo','user')), AUTH_UPLOAD); 167 $this->assertEquals(auth_aclcheck('namespace:*', 'jill',array('foo','user')), AUTH_UPLOAD); 168 169 // super user john 170 $this->assertEquals(auth_aclcheck('page', 'john',array('foo')), AUTH_ADMIN); 171 $this->assertEquals(auth_aclcheck('namespace:page','john',array('foo')), AUTH_ADMIN); 172 $this->assertEquals(auth_aclcheck('namespace:*', 'john',array('foo')), AUTH_ADMIN); 173 174 // super user doe 175 $this->assertEquals(auth_aclcheck('page', 'doe',array('foo')), AUTH_ADMIN); 176 $this->assertEquals(auth_aclcheck('namespace:page','doe',array('foo')), AUTH_ADMIN); 177 $this->assertEquals(auth_aclcheck('namespace:*', 'doe',array('foo')), AUTH_ADMIN); 178 179 // user with matching admin group 180 $this->assertEquals(auth_aclcheck('page', 'jill',array('foo','admin')), AUTH_ADMIN); 181 $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo','admin')), AUTH_ADMIN); 182 $this->assertEquals(auth_aclcheck('namespace:*', 'jill',array('foo','admin')), AUTH_ADMIN); 183 184 // user with matching another admin group 185 $this->assertEquals(auth_aclcheck('page', 'jill',array('foo','roots')), AUTH_ADMIN); 186 $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo','roots')), AUTH_ADMIN); 187 $this->assertEquals(auth_aclcheck('namespace:*', 'jill',array('foo','roots')), AUTH_ADMIN); 188 } 189 190 function test_multiadmin_restricted_ropage(){ 191 global $conf; 192 global $AUTH_ACL; 193 $conf['superuser'] = 'john,@admin,doe,@roots'; 194 $conf['useacl'] = 1; 195 196 $AUTH_ACL = array( 197 '* @ALL 0', 198 '* @user 8', 199 'namespace:page @user 1', 200 ); 201 202 // anonymous user 203 $this->assertEquals(auth_aclcheck('page', '',array()), AUTH_NONE); 204 $this->assertEquals(auth_aclcheck('namespace:page','',array()), AUTH_NONE); 205 $this->assertEquals(auth_aclcheck('namespace:*', '',array()), AUTH_NONE); 206 207 // user with no matching group 208 $this->assertEquals(auth_aclcheck('page', 'jill',array('foo')), AUTH_NONE); 209 $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo')), AUTH_NONE); 210 $this->assertEquals(auth_aclcheck('namespace:*', 'jill',array('foo')), AUTH_NONE); 211 212 // user with matching group 213 $this->assertEquals(auth_aclcheck('page', 'jill',array('foo','user')), AUTH_UPLOAD); 214 $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo','user')), AUTH_READ); 215 $this->assertEquals(auth_aclcheck('namespace:*', 'jill',array('foo','user')), AUTH_UPLOAD); 216 217 // super user john 218 $this->assertEquals(auth_aclcheck('page', 'john',array('foo')), AUTH_ADMIN); 219 $this->assertEquals(auth_aclcheck('namespace:page','john',array('foo')), AUTH_ADMIN); 220 $this->assertEquals(auth_aclcheck('namespace:*', 'john',array('foo')), AUTH_ADMIN); 221 222 // super user doe 223 $this->assertEquals(auth_aclcheck('page', 'doe',array('foo')), AUTH_ADMIN); 224 $this->assertEquals(auth_aclcheck('namespace:page','doe',array('foo')), AUTH_ADMIN); 225 $this->assertEquals(auth_aclcheck('namespace:*', 'doe',array('foo')), AUTH_ADMIN); 226 227 // user with matching admin group 228 $this->assertEquals(auth_aclcheck('page', 'jill',array('foo','admin')), AUTH_ADMIN); 229 $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo','admin')), AUTH_ADMIN); 230 $this->assertEquals(auth_aclcheck('namespace:*', 'jill',array('foo','admin')), AUTH_ADMIN); 231 232 // user with matching another admin group 233 $this->assertEquals(auth_aclcheck('page', 'jill',array('foo','roots')), AUTH_ADMIN); 234 $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo','roots')), AUTH_ADMIN); 235 $this->assertEquals(auth_aclcheck('namespace:*', 'jill',array('foo','roots')), AUTH_ADMIN); 236 } 237 238 function test_wildcards(){ 239 global $conf; 240 global $AUTH_ACL; 241 global $USERINFO; 242 $conf['useacl'] = 1; 243 244 $_SERVER['REMOTE_USER'] = 'john'; 245 $USERINFO['grps'] = array('test','töst','foo bar'); 246 $AUTH_ACL = auth_loadACL(); // default test file 247 248 // default setting 249 $this->assertEquals(AUTH_UPLOAD, auth_aclcheck('page', $_SERVER['REMOTE_USER'], $USERINFO['grps'])); 250 251 // user namespace 252 $this->assertEquals(AUTH_DELETE, auth_aclcheck('users:john:foo', $_SERVER['REMOTE_USER'], $USERINFO['grps'])); 253 $this->assertEquals(AUTH_READ, auth_aclcheck('users:john:foo', 'schmock', array())); 254 255 // group namespace 256 $this->assertEquals(AUTH_DELETE, auth_aclcheck('groups:test:foo', $_SERVER['REMOTE_USER'], $USERINFO['grps'])); 257 $this->assertEquals(AUTH_READ, auth_aclcheck('groups:test:foo', 'schmock', array())); 258 $this->assertEquals(AUTH_DELETE, auth_aclcheck('groups:toest:foo', $_SERVER['REMOTE_USER'], $USERINFO['grps'])); 259 $this->assertEquals(AUTH_READ, auth_aclcheck('groups:toest:foo', 'schmock', array())); 260 $this->assertEquals(AUTH_DELETE, auth_aclcheck('groups:foo_bar:foo', $_SERVER['REMOTE_USER'], $USERINFO['grps'])); 261 $this->assertEquals(AUTH_READ, auth_aclcheck('groups:foo_bar:foo', 'schmock', array())); 262 263 } 264 265} 266 267//Setup VIM: ex: et ts=4 : 268