1<?php
2
3use dokuwiki\test\mock\AuthCaseInsensitivePlugin;
4
5class auth_acl_caseinsensitive_test extends DokuWikiTest {
6    protected $oldAuth;
7    protected $oldAuthAcl;
8
9    function setUp() : void {
10        parent::setUp();
11        global $auth;
12        global $AUTH_ACL;
13
14        $this->oldAuth    = $auth;
15        $this->oldAuthAcl = $AUTH_ACL;
16
17        $auth = new AuthCaseInsensitivePlugin();
18    }
19
20    function tearDown() : void {
21        global $conf;
22        global $AUTH_ACL;
23        global $auth;
24
25        $auth     = $this->oldAuth;
26        $AUTH_ACL = $this->oldAuthAcl;
27    }
28
29    function test_multiadmin_restricted_ropage() {
30        global $conf;
31        global $AUTH_ACL;
32
33        $conf['superuser'] = 'John,doe,@Admin1,@admin2';
34        $conf['useacl']    = 1;
35
36        $AUTH_ACL = array(
37            '*              @ALL       0',
38            '*              @Group1    8',
39            '*              @group2    8',
40            'namespace:page @Group1    1',
41            'namespace:page @group2    1',
42        );
43
44        // anonymous user
45        $this->assertEquals(auth_aclcheck('page',           '', array()), AUTH_NONE);
46        $this->assertEquals(auth_aclcheck('namespace:page', '', array()), AUTH_NONE);
47        $this->assertEquals(auth_aclcheck('namespace:*',    '', array()), AUTH_NONE);
48
49        // user with no matching group
50        $this->assertEquals(auth_aclcheck('page',           'jill', array('foo')), AUTH_NONE);
51        $this->assertEquals(auth_aclcheck('namespace:page', 'jill', array('foo')), AUTH_NONE);
52        $this->assertEquals(auth_aclcheck('namespace:*',    'jill', array('foo')), AUTH_NONE);
53
54        // user with matching group 1
55        $this->assertEquals(auth_aclcheck('page',           'jill', array('foo', 'group1')), AUTH_UPLOAD);
56        $this->assertEquals(auth_aclcheck('namespace:page', 'jill', array('foo', 'group1')), AUTH_READ);
57        $this->assertEquals(auth_aclcheck('namespace:*',    'jill', array('foo', 'group1')), AUTH_UPLOAD);
58
59        // user with matching group 2
60        $this->assertEquals(auth_aclcheck('page',           'jill', array('foo', 'Group2')), AUTH_UPLOAD);
61        $this->assertEquals(auth_aclcheck('namespace:page', 'jill', array('foo', 'Group2')), AUTH_READ);
62        $this->assertEquals(auth_aclcheck('namespace:*',    'jill', array('foo', 'Group2')), AUTH_UPLOAD);
63
64        // super user John
65        $this->assertEquals(auth_aclcheck('page',           'john', array('foo')), AUTH_ADMIN);
66        $this->assertEquals(auth_aclcheck('namespace:page', 'john', array('foo')), AUTH_ADMIN);
67        $this->assertEquals(auth_aclcheck('namespace:*',    'john', array('foo')), AUTH_ADMIN);
68
69        // super user doe
70        $this->assertEquals(auth_aclcheck('page',           'Doe', array('foo')), AUTH_ADMIN);
71        $this->assertEquals(auth_aclcheck('namespace:page', 'Doe', array('foo')), AUTH_ADMIN);
72        $this->assertEquals(auth_aclcheck('namespace:*',    'Doe', array('foo')), AUTH_ADMIN);
73
74        // user with matching admin group 1
75        $this->assertEquals(auth_aclcheck('page',           'jill', array('foo', 'admin1')), AUTH_ADMIN);
76        $this->assertEquals(auth_aclcheck('namespace:page', 'jill', array('foo', 'admin1')), AUTH_ADMIN);
77        $this->assertEquals(auth_aclcheck('namespace:*',    'jill', array('foo', 'admin1')), AUTH_ADMIN);
78
79        // user with matching admin group 2
80        $this->assertEquals(auth_aclcheck('page',           'jill', array('foo', 'Admin2')), AUTH_ADMIN);
81        $this->assertEquals(auth_aclcheck('namespace:page', 'jill', array('foo', 'Admin2')), AUTH_ADMIN);
82        $this->assertEquals(auth_aclcheck('namespace:*',    'jill', array('foo', 'Admin2')), AUTH_ADMIN);
83    }
84
85    /*
86     * Test aclcheck on @ALL group
87     *
88     * The default permission for @ALL group is AUTH_NONE. So we use an
89     * ACL entry which grants @ALL group an AUTH_READ permission to see
90     * whether ACL matching is properly done or not.
91     */
92    function test_restricted_allread() {
93        global $conf;
94        global $AUTH_ACL;
95
96        $conf['superuser'] = 'john';
97        $conf['useacl']    = 1;
98
99        $AUTH_ACL = array(
100            '*           @ALL           1',
101            '*           @group1        8',
102        );
103
104        // anonymous user
105        $this->assertEquals(auth_aclcheck('page',           '', array()), AUTH_READ);
106        $this->assertEquals(auth_aclcheck('namespace:page', '', array()), AUTH_READ);
107        $this->assertEquals(auth_aclcheck('namespace:*',    '', array()), AUTH_READ);
108
109        // user with no matching group
110        $this->assertEquals(auth_aclcheck('page',           'jill', array('foo')), AUTH_READ);
111        $this->assertEquals(auth_aclcheck('namespace:page', 'jill', array('foo')), AUTH_READ);
112        $this->assertEquals(auth_aclcheck('namespace:*',    'jill', array('foo')), AUTH_READ);
113
114        // user with matching group
115        $this->assertEquals(auth_aclcheck('page',           'jill', array('foo', 'Group1')), AUTH_UPLOAD);
116        $this->assertEquals(auth_aclcheck('namespace:page', 'jill', array('foo', 'Group1')), AUTH_UPLOAD);
117        $this->assertEquals(auth_aclcheck('namespace:*',    'jill', array('foo', 'Group1')), AUTH_UPLOAD);
118
119        // super user
120        $this->assertEquals(auth_aclcheck('page',           'John', array('foo')), AUTH_ADMIN);
121        $this->assertEquals(auth_aclcheck('namespace:page', 'John', array('foo')), AUTH_ADMIN);
122        $this->assertEquals(auth_aclcheck('namespace:*',    'John', array('foo')), AUTH_ADMIN);
123    }
124}
125