1<?php 2 3require_once DOKU_INC.'inc/init.php'; 4require_once DOKU_INC.'inc/auth.php'; 5require_once DOKU_INC.'inc/auth/basic.class.php'; 6 7class auth_acl_test extends DokuWikiTest { 8 9 var $oldConf; 10 var $oldAuthAcl; 11 12 function setup() { 13 global $conf; 14 global $AUTH_ACL; 15 global $auth; 16 $this->oldConf = $conf; 17 $this->oldAuthAcl = $AUTH_ACL; 18 $auth = new auth_basic(); 19 } 20 21 function teardown() { 22 global $conf; 23 global $AUTH_ACL; 24 $conf = $this->oldConf; 25 $AUTH_ACL = $this->oldAuthAcl; 26 27 } 28 29 function test_restricted(){ 30 global $conf; 31 global $AUTH_ACL; 32 $conf['superuser'] = 'john'; 33 $conf['useacl'] = 1; 34 35 $AUTH_ACL = array( 36 '* @ALL 0', 37 '* @user 8', 38 ); 39 40 // anonymous user 41 $this->assertEquals(auth_aclcheck('page', '',array()), AUTH_NONE); 42 $this->assertEquals(auth_aclcheck('namespace:page','',array()), AUTH_NONE); 43 $this->assertEquals(auth_aclcheck('namespace:*', '',array()), AUTH_NONE); 44 45 // user with no matching group 46 $this->assertEquals(auth_aclcheck('page', 'jill',array('foo')), AUTH_NONE); 47 $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo')), AUTH_NONE); 48 $this->assertEquals(auth_aclcheck('namespace:*', 'jill',array('foo')), AUTH_NONE); 49 50 // user with matching group 51 $this->assertEquals(auth_aclcheck('page', 'jill',array('foo','user')), AUTH_UPLOAD); 52 $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo','user')), AUTH_UPLOAD); 53 $this->assertEquals(auth_aclcheck('namespace:*', 'jill',array('foo','user')), AUTH_UPLOAD); 54 55 // super user 56 $this->assertEquals(auth_aclcheck('page', 'john',array('foo')), AUTH_ADMIN); 57 $this->assertEquals(auth_aclcheck('namespace:page','john',array('foo')), AUTH_ADMIN); 58 $this->assertEquals(auth_aclcheck('namespace:*', 'john',array('foo')), AUTH_ADMIN); 59 } 60 61 function test_restricted_ropage(){ 62 global $conf; 63 global $AUTH_ACL; 64 $conf['superuser'] = 'john'; 65 $conf['useacl'] = 1; 66 67 $AUTH_ACL = array( 68 '* @ALL 0', 69 '* @user 8', 70 'namespace:page @user 1', 71 ); 72 73 // anonymous user 74 $this->assertEquals(auth_aclcheck('page', '',array()), AUTH_NONE); 75 $this->assertEquals(auth_aclcheck('namespace:page','',array()), AUTH_NONE); 76 $this->assertEquals(auth_aclcheck('namespace:*', '',array()), AUTH_NONE); 77 78 // user with no matching group 79 $this->assertEquals(auth_aclcheck('page', 'jill',array('foo')), AUTH_NONE); 80 $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo')), AUTH_NONE); 81 $this->assertEquals(auth_aclcheck('namespace:*', 'jill',array('foo')), AUTH_NONE); 82 83 // user with matching group 84 $this->assertEquals(auth_aclcheck('page', 'jill',array('foo','user')), AUTH_UPLOAD); 85 $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo','user')), AUTH_READ); 86 $this->assertEquals(auth_aclcheck('namespace:*', 'jill',array('foo','user')), AUTH_UPLOAD); 87 88 // super user 89 $this->assertEquals(auth_aclcheck('page', 'john',array('foo')), AUTH_ADMIN); 90 $this->assertEquals(auth_aclcheck('namespace:page','john',array('foo')), AUTH_ADMIN); 91 $this->assertEquals(auth_aclcheck('namespace:*', 'john',array('foo')), AUTH_ADMIN); 92 } 93 94 function test_aclexample(){ 95 global $conf; 96 global $AUTH_ACL; 97 $conf['superuser'] = 'john'; 98 $conf['useacl'] = 1; 99 100 $AUTH_ACL = array( 101 '* @ALL 4', 102 '* bigboss 16', 103 'start @ALL 1', 104 'marketing:* @marketing 8', 105 'devel:* @ALL 0', 106 'devel:* @devel 8', 107 'devel:* bigboss 16', 108 'devel:funstuff bigboss 0', 109 'devel:* @marketing 1', 110 'devel:marketing @marketing 2', 111 ); 112 113 114 $this->assertEquals(auth_aclcheck('page', '' ,array()) , AUTH_CREATE); 115 $this->assertEquals(auth_aclcheck('page', 'bigboss' ,array('foo')) , AUTH_DELETE); 116 $this->assertEquals(auth_aclcheck('page', 'jill' ,array('marketing')) , AUTH_CREATE); 117 $this->assertEquals(auth_aclcheck('page', 'jane' ,array('devel')) , AUTH_CREATE); 118 119 $this->assertEquals(auth_aclcheck('start', '' ,array()) , AUTH_READ); 120 $this->assertEquals(auth_aclcheck('start', 'bigboss' ,array('foo')) , AUTH_READ); 121 $this->assertEquals(auth_aclcheck('start', 'jill' ,array('marketing')) , AUTH_READ); 122 $this->assertEquals(auth_aclcheck('start', 'jane' ,array('devel')) , AUTH_READ); 123 124 $this->assertEquals(auth_aclcheck('marketing:page', '' ,array()) , AUTH_CREATE); 125 $this->assertEquals(auth_aclcheck('marketing:page', 'bigboss' ,array('foo')) , AUTH_DELETE); 126 $this->assertEquals(auth_aclcheck('marketing:page', 'jill' ,array('marketing')) , AUTH_UPLOAD); 127 $this->assertEquals(auth_aclcheck('marketing:page', 'jane' ,array('devel')) , AUTH_CREATE); 128 129 130 $this->assertEquals(auth_aclcheck('devel:page', '' ,array()) , AUTH_NONE); 131 $this->assertEquals(auth_aclcheck('devel:page', 'bigboss' ,array('foo')) , AUTH_DELETE); 132 $this->assertEquals(auth_aclcheck('devel:page', 'jill' ,array('marketing')) , AUTH_READ); 133 $this->assertEquals(auth_aclcheck('devel:page', 'jane' ,array('devel')) , AUTH_UPLOAD); 134 135 $this->assertEquals(auth_aclcheck('devel:funstuff', '' ,array()) , AUTH_NONE); 136 $this->assertEquals(auth_aclcheck('devel:funstuff', 'bigboss' ,array('foo')) , AUTH_NONE); 137 $this->assertEquals(auth_aclcheck('devel:funstuff', 'jill' ,array('marketing')) , AUTH_READ); 138 $this->assertEquals(auth_aclcheck('devel:funstuff', 'jane' ,array('devel')) , AUTH_UPLOAD); 139 140 $this->assertEquals(auth_aclcheck('devel:marketing', '' ,array()) , AUTH_NONE); 141 $this->assertEquals(auth_aclcheck('devel:marketing', 'bigboss' ,array('foo')) , AUTH_DELETE); 142 $this->assertEquals(auth_aclcheck('devel:marketing', 'jill' ,array('marketing')) , AUTH_EDIT); 143 $this->assertEquals(auth_aclcheck('devel:marketing', 'jane' ,array('devel')) , AUTH_UPLOAD); 144 145 } 146 147 function test_multiadmin_restricted(){ 148 global $conf; 149 global $AUTH_ACL; 150 $conf['superuser'] = 'john,@admin,doe,@roots'; 151 $conf['useacl'] = 1; 152 153 $AUTH_ACL = array( 154 '* @ALL 0', 155 '* @user 8', 156 ); 157 158 // anonymous user 159 $this->assertEquals(auth_aclcheck('page', '',array()), AUTH_NONE); 160 $this->assertEquals(auth_aclcheck('namespace:page','',array()), AUTH_NONE); 161 $this->assertEquals(auth_aclcheck('namespace:*', '',array()), AUTH_NONE); 162 163 // user with no matching group 164 $this->assertEquals(auth_aclcheck('page', 'jill',array('foo')), AUTH_NONE); 165 $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo')), AUTH_NONE); 166 $this->assertEquals(auth_aclcheck('namespace:*', 'jill',array('foo')), AUTH_NONE); 167 168 // user with matching group 169 $this->assertEquals(auth_aclcheck('page', 'jill',array('foo','user')), AUTH_UPLOAD); 170 $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo','user')), AUTH_UPLOAD); 171 $this->assertEquals(auth_aclcheck('namespace:*', 'jill',array('foo','user')), AUTH_UPLOAD); 172 173 // super user john 174 $this->assertEquals(auth_aclcheck('page', 'john',array('foo')), AUTH_ADMIN); 175 $this->assertEquals(auth_aclcheck('namespace:page','john',array('foo')), AUTH_ADMIN); 176 $this->assertEquals(auth_aclcheck('namespace:*', 'john',array('foo')), AUTH_ADMIN); 177 178 // super user doe 179 $this->assertEquals(auth_aclcheck('page', 'doe',array('foo')), AUTH_ADMIN); 180 $this->assertEquals(auth_aclcheck('namespace:page','doe',array('foo')), AUTH_ADMIN); 181 $this->assertEquals(auth_aclcheck('namespace:*', 'doe',array('foo')), AUTH_ADMIN); 182 183 // user with matching admin group 184 $this->assertEquals(auth_aclcheck('page', 'jill',array('foo','admin')), AUTH_ADMIN); 185 $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo','admin')), AUTH_ADMIN); 186 $this->assertEquals(auth_aclcheck('namespace:*', 'jill',array('foo','admin')), AUTH_ADMIN); 187 188 // user with matching another admin group 189 $this->assertEquals(auth_aclcheck('page', 'jill',array('foo','roots')), AUTH_ADMIN); 190 $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo','roots')), AUTH_ADMIN); 191 $this->assertEquals(auth_aclcheck('namespace:*', 'jill',array('foo','roots')), AUTH_ADMIN); 192 } 193 194 function test_multiadmin_restricted_ropage(){ 195 global $conf; 196 global $AUTH_ACL; 197 $conf['superuser'] = 'john,@admin,doe,@roots'; 198 $conf['useacl'] = 1; 199 200 $AUTH_ACL = array( 201 '* @ALL 0', 202 '* @user 8', 203 'namespace:page @user 1', 204 ); 205 206 // anonymous user 207 $this->assertEquals(auth_aclcheck('page', '',array()), AUTH_NONE); 208 $this->assertEquals(auth_aclcheck('namespace:page','',array()), AUTH_NONE); 209 $this->assertEquals(auth_aclcheck('namespace:*', '',array()), AUTH_NONE); 210 211 // user with no matching group 212 $this->assertEquals(auth_aclcheck('page', 'jill',array('foo')), AUTH_NONE); 213 $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo')), AUTH_NONE); 214 $this->assertEquals(auth_aclcheck('namespace:*', 'jill',array('foo')), AUTH_NONE); 215 216 // user with matching group 217 $this->assertEquals(auth_aclcheck('page', 'jill',array('foo','user')), AUTH_UPLOAD); 218 $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo','user')), AUTH_READ); 219 $this->assertEquals(auth_aclcheck('namespace:*', 'jill',array('foo','user')), AUTH_UPLOAD); 220 221 // super user john 222 $this->assertEquals(auth_aclcheck('page', 'john',array('foo')), AUTH_ADMIN); 223 $this->assertEquals(auth_aclcheck('namespace:page','john',array('foo')), AUTH_ADMIN); 224 $this->assertEquals(auth_aclcheck('namespace:*', 'john',array('foo')), AUTH_ADMIN); 225 226 // super user doe 227 $this->assertEquals(auth_aclcheck('page', 'doe',array('foo')), AUTH_ADMIN); 228 $this->assertEquals(auth_aclcheck('namespace:page','doe',array('foo')), AUTH_ADMIN); 229 $this->assertEquals(auth_aclcheck('namespace:*', 'doe',array('foo')), AUTH_ADMIN); 230 231 // user with matching admin group 232 $this->assertEquals(auth_aclcheck('page', 'jill',array('foo','admin')), AUTH_ADMIN); 233 $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo','admin')), AUTH_ADMIN); 234 $this->assertEquals(auth_aclcheck('namespace:*', 'jill',array('foo','admin')), AUTH_ADMIN); 235 236 // user with matching another admin group 237 $this->assertEquals(auth_aclcheck('page', 'jill',array('foo','roots')), AUTH_ADMIN); 238 $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo','roots')), AUTH_ADMIN); 239 $this->assertEquals(auth_aclcheck('namespace:*', 'jill',array('foo','roots')), AUTH_ADMIN); 240 } 241 242} 243 244//Setup VIM: ex: et ts=4 : 245