1<?php 2 3class auth_acl_test extends DokuWikiTest { 4 5 var $oldAuthAcl; 6 7 function setUp() { 8 parent::setUp(); 9 global $AUTH_ACL; 10 global $auth; 11 $this->oldAuthAcl = $AUTH_ACL; 12 $auth = new auth_basic(); 13 } 14 15 function tearDown() { 16 global $AUTH_ACL; 17 $AUTH_ACL = $this->oldAuthAcl; 18 19 } 20 21 function test_restricted(){ 22 global $conf; 23 global $AUTH_ACL; 24 $conf['superuser'] = 'john'; 25 $conf['useacl'] = 1; 26 27 $AUTH_ACL = array( 28 '* @ALL 0', 29 '* @user 8', 30 ); 31 32 // anonymous user 33 $this->assertEquals(auth_aclcheck('page', '',array()), AUTH_NONE); 34 $this->assertEquals(auth_aclcheck('namespace:page','',array()), AUTH_NONE); 35 $this->assertEquals(auth_aclcheck('namespace:*', '',array()), AUTH_NONE); 36 37 // user with no matching group 38 $this->assertEquals(auth_aclcheck('page', 'jill',array('foo')), AUTH_NONE); 39 $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo')), AUTH_NONE); 40 $this->assertEquals(auth_aclcheck('namespace:*', 'jill',array('foo')), AUTH_NONE); 41 42 // user with matching group 43 $this->assertEquals(auth_aclcheck('page', 'jill',array('foo','user')), AUTH_UPLOAD); 44 $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo','user')), AUTH_UPLOAD); 45 $this->assertEquals(auth_aclcheck('namespace:*', 'jill',array('foo','user')), AUTH_UPLOAD); 46 47 // super user 48 $this->assertEquals(auth_aclcheck('page', 'john',array('foo')), AUTH_ADMIN); 49 $this->assertEquals(auth_aclcheck('namespace:page','john',array('foo')), AUTH_ADMIN); 50 $this->assertEquals(auth_aclcheck('namespace:*', 'john',array('foo')), AUTH_ADMIN); 51 } 52 53 function test_restricted_ropage(){ 54 global $conf; 55 global $AUTH_ACL; 56 $conf['superuser'] = 'john'; 57 $conf['useacl'] = 1; 58 59 $AUTH_ACL = array( 60 '* @ALL 0', 61 '* @user 8', 62 'namespace:page @user 1', 63 ); 64 65 // anonymous user 66 $this->assertEquals(auth_aclcheck('page', '',array()), AUTH_NONE); 67 $this->assertEquals(auth_aclcheck('namespace:page','',array()), AUTH_NONE); 68 $this->assertEquals(auth_aclcheck('namespace:*', '',array()), AUTH_NONE); 69 70 // user with no matching group 71 $this->assertEquals(auth_aclcheck('page', 'jill',array('foo')), AUTH_NONE); 72 $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo')), AUTH_NONE); 73 $this->assertEquals(auth_aclcheck('namespace:*', 'jill',array('foo')), AUTH_NONE); 74 75 // user with matching group 76 $this->assertEquals(auth_aclcheck('page', 'jill',array('foo','user')), AUTH_UPLOAD); 77 $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo','user')), AUTH_READ); 78 $this->assertEquals(auth_aclcheck('namespace:*', 'jill',array('foo','user')), AUTH_UPLOAD); 79 80 // super user 81 $this->assertEquals(auth_aclcheck('page', 'john',array('foo')), AUTH_ADMIN); 82 $this->assertEquals(auth_aclcheck('namespace:page','john',array('foo')), AUTH_ADMIN); 83 $this->assertEquals(auth_aclcheck('namespace:*', 'john',array('foo')), AUTH_ADMIN); 84 } 85 86 function test_aclexample(){ 87 global $conf; 88 global $AUTH_ACL; 89 $conf['superuser'] = 'john'; 90 $conf['useacl'] = 1; 91 92 $AUTH_ACL = array( 93 '* @ALL 4', 94 '* bigboss 16', 95 'start @ALL 1', 96 'marketing:* @marketing 8', 97 'devel:* @ALL 0', 98 'devel:* @devel 8', 99 'devel:* bigboss 16', 100 'devel:funstuff bigboss 0', 101 'devel:* @marketing 1', 102 'devel:marketing @marketing 2', 103 ); 104 105 106 $this->assertEquals(auth_aclcheck('page', '' ,array()) , AUTH_CREATE); 107 $this->assertEquals(auth_aclcheck('page', 'bigboss' ,array('foo')) , AUTH_DELETE); 108 $this->assertEquals(auth_aclcheck('page', 'jill' ,array('marketing')) , AUTH_CREATE); 109 $this->assertEquals(auth_aclcheck('page', 'jane' ,array('devel')) , AUTH_CREATE); 110 111 $this->assertEquals(auth_aclcheck('start', '' ,array()) , AUTH_READ); 112 $this->assertEquals(auth_aclcheck('start', 'bigboss' ,array('foo')) , AUTH_READ); 113 $this->assertEquals(auth_aclcheck('start', 'jill' ,array('marketing')) , AUTH_READ); 114 $this->assertEquals(auth_aclcheck('start', 'jane' ,array('devel')) , AUTH_READ); 115 116 $this->assertEquals(auth_aclcheck('marketing:page', '' ,array()) , AUTH_CREATE); 117 $this->assertEquals(auth_aclcheck('marketing:page', 'bigboss' ,array('foo')) , AUTH_DELETE); 118 $this->assertEquals(auth_aclcheck('marketing:page', 'jill' ,array('marketing')) , AUTH_UPLOAD); 119 $this->assertEquals(auth_aclcheck('marketing:page', 'jane' ,array('devel')) , AUTH_CREATE); 120 121 122 $this->assertEquals(auth_aclcheck('devel:page', '' ,array()) , AUTH_NONE); 123 $this->assertEquals(auth_aclcheck('devel:page', 'bigboss' ,array('foo')) , AUTH_DELETE); 124 $this->assertEquals(auth_aclcheck('devel:page', 'jill' ,array('marketing')) , AUTH_READ); 125 $this->assertEquals(auth_aclcheck('devel:page', 'jane' ,array('devel')) , AUTH_UPLOAD); 126 127 $this->assertEquals(auth_aclcheck('devel:funstuff', '' ,array()) , AUTH_NONE); 128 $this->assertEquals(auth_aclcheck('devel:funstuff', 'bigboss' ,array('foo')) , AUTH_NONE); 129 $this->assertEquals(auth_aclcheck('devel:funstuff', 'jill' ,array('marketing')) , AUTH_READ); 130 $this->assertEquals(auth_aclcheck('devel:funstuff', 'jane' ,array('devel')) , AUTH_UPLOAD); 131 132 $this->assertEquals(auth_aclcheck('devel:marketing', '' ,array()) , AUTH_NONE); 133 $this->assertEquals(auth_aclcheck('devel:marketing', 'bigboss' ,array('foo')) , AUTH_DELETE); 134 $this->assertEquals(auth_aclcheck('devel:marketing', 'jill' ,array('marketing')) , AUTH_EDIT); 135 $this->assertEquals(auth_aclcheck('devel:marketing', 'jane' ,array('devel')) , AUTH_UPLOAD); 136 137 } 138 139 function test_multiadmin_restricted(){ 140 global $conf; 141 global $AUTH_ACL; 142 $conf['superuser'] = 'john,@admin,doe,@roots'; 143 $conf['useacl'] = 1; 144 145 $AUTH_ACL = array( 146 '* @ALL 0', 147 '* @user 8', 148 ); 149 150 // anonymous user 151 $this->assertEquals(auth_aclcheck('page', '',array()), AUTH_NONE); 152 $this->assertEquals(auth_aclcheck('namespace:page','',array()), AUTH_NONE); 153 $this->assertEquals(auth_aclcheck('namespace:*', '',array()), AUTH_NONE); 154 155 // user with no matching group 156 $this->assertEquals(auth_aclcheck('page', 'jill',array('foo')), AUTH_NONE); 157 $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo')), AUTH_NONE); 158 $this->assertEquals(auth_aclcheck('namespace:*', 'jill',array('foo')), AUTH_NONE); 159 160 // user with matching group 161 $this->assertEquals(auth_aclcheck('page', 'jill',array('foo','user')), AUTH_UPLOAD); 162 $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo','user')), AUTH_UPLOAD); 163 $this->assertEquals(auth_aclcheck('namespace:*', 'jill',array('foo','user')), AUTH_UPLOAD); 164 165 // super user john 166 $this->assertEquals(auth_aclcheck('page', 'john',array('foo')), AUTH_ADMIN); 167 $this->assertEquals(auth_aclcheck('namespace:page','john',array('foo')), AUTH_ADMIN); 168 $this->assertEquals(auth_aclcheck('namespace:*', 'john',array('foo')), AUTH_ADMIN); 169 170 // super user doe 171 $this->assertEquals(auth_aclcheck('page', 'doe',array('foo')), AUTH_ADMIN); 172 $this->assertEquals(auth_aclcheck('namespace:page','doe',array('foo')), AUTH_ADMIN); 173 $this->assertEquals(auth_aclcheck('namespace:*', 'doe',array('foo')), AUTH_ADMIN); 174 175 // user with matching admin group 176 $this->assertEquals(auth_aclcheck('page', 'jill',array('foo','admin')), AUTH_ADMIN); 177 $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo','admin')), AUTH_ADMIN); 178 $this->assertEquals(auth_aclcheck('namespace:*', 'jill',array('foo','admin')), AUTH_ADMIN); 179 180 // user with matching another admin group 181 $this->assertEquals(auth_aclcheck('page', 'jill',array('foo','roots')), AUTH_ADMIN); 182 $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo','roots')), AUTH_ADMIN); 183 $this->assertEquals(auth_aclcheck('namespace:*', 'jill',array('foo','roots')), AUTH_ADMIN); 184 } 185 186 function test_multiadmin_restricted_ropage(){ 187 global $conf; 188 global $AUTH_ACL; 189 $conf['superuser'] = 'john,@admin,doe,@roots'; 190 $conf['useacl'] = 1; 191 192 $AUTH_ACL = array( 193 '* @ALL 0', 194 '* @user 8', 195 'namespace:page @user 1', 196 ); 197 198 // anonymous user 199 $this->assertEquals(auth_aclcheck('page', '',array()), AUTH_NONE); 200 $this->assertEquals(auth_aclcheck('namespace:page','',array()), AUTH_NONE); 201 $this->assertEquals(auth_aclcheck('namespace:*', '',array()), AUTH_NONE); 202 203 // user with no matching group 204 $this->assertEquals(auth_aclcheck('page', 'jill',array('foo')), AUTH_NONE); 205 $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo')), AUTH_NONE); 206 $this->assertEquals(auth_aclcheck('namespace:*', 'jill',array('foo')), AUTH_NONE); 207 208 // user with matching group 209 $this->assertEquals(auth_aclcheck('page', 'jill',array('foo','user')), AUTH_UPLOAD); 210 $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo','user')), AUTH_READ); 211 $this->assertEquals(auth_aclcheck('namespace:*', 'jill',array('foo','user')), AUTH_UPLOAD); 212 213 // super user john 214 $this->assertEquals(auth_aclcheck('page', 'john',array('foo')), AUTH_ADMIN); 215 $this->assertEquals(auth_aclcheck('namespace:page','john',array('foo')), AUTH_ADMIN); 216 $this->assertEquals(auth_aclcheck('namespace:*', 'john',array('foo')), AUTH_ADMIN); 217 218 // super user doe 219 $this->assertEquals(auth_aclcheck('page', 'doe',array('foo')), AUTH_ADMIN); 220 $this->assertEquals(auth_aclcheck('namespace:page','doe',array('foo')), AUTH_ADMIN); 221 $this->assertEquals(auth_aclcheck('namespace:*', 'doe',array('foo')), AUTH_ADMIN); 222 223 // user with matching admin group 224 $this->assertEquals(auth_aclcheck('page', 'jill',array('foo','admin')), AUTH_ADMIN); 225 $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo','admin')), AUTH_ADMIN); 226 $this->assertEquals(auth_aclcheck('namespace:*', 'jill',array('foo','admin')), AUTH_ADMIN); 227 228 // user with matching another admin group 229 $this->assertEquals(auth_aclcheck('page', 'jill',array('foo','roots')), AUTH_ADMIN); 230 $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo','roots')), AUTH_ADMIN); 231 $this->assertEquals(auth_aclcheck('namespace:*', 'jill',array('foo','roots')), AUTH_ADMIN); 232 } 233 234 function test_wildcards(){ 235 global $conf; 236 global $AUTH_ACL; 237 global $USERINFO; 238 $conf['useacl'] = 1; 239 240 $_SERVER['REMOTE_USER'] = 'john'; 241 $USERINFO['grps'] = array('test','töst','foo bar'); 242 $AUTH_ACL = auth_loadACL(); // default test file 243 244 // default setting 245 $this->assertEquals(AUTH_UPLOAD, auth_aclcheck('page', $_SERVER['REMOTE_USER'], $USERINFO['grps'])); 246 247 // user namespace 248 $this->assertEquals(AUTH_DELETE, auth_aclcheck('users:john:foo', $_SERVER['REMOTE_USER'], $USERINFO['grps'])); 249 $this->assertEquals(AUTH_READ, auth_aclcheck('users:john:foo', 'schmock', array())); 250 251 // group namespace 252 $this->assertEquals(AUTH_DELETE, auth_aclcheck('groups:test:foo', $_SERVER['REMOTE_USER'], $USERINFO['grps'])); 253 $this->assertEquals(AUTH_READ, auth_aclcheck('groups:test:foo', 'schmock', array())); 254 $this->assertEquals(AUTH_DELETE, auth_aclcheck('groups:toest:foo', $_SERVER['REMOTE_USER'], $USERINFO['grps'])); 255 $this->assertEquals(AUTH_READ, auth_aclcheck('groups:toest:foo', 'schmock', array())); 256 $this->assertEquals(AUTH_DELETE, auth_aclcheck('groups:foo_bar:foo', $_SERVER['REMOTE_USER'], $USERINFO['grps'])); 257 $this->assertEquals(AUTH_READ, auth_aclcheck('groups:foo_bar:foo', 'schmock', array())); 258 259 } 260 261} 262 263//Setup VIM: ex: et ts=4 : 264