1eb3ce0d5SKazutaka Miyasaka<?php 2eb3ce0d5SKazutaka Miyasaka 34bdfdb32SPhyuse dokuwiki\test\mock\AuthCaseInsensitivePlugin; 4eb3ce0d5SKazutaka Miyasaka 5eb3ce0d5SKazutaka Miyasakaclass auth_acl_caseinsensitive_test extends DokuWikiTest { 6eb3ce0d5SKazutaka Miyasaka protected $oldAuth; 7eb3ce0d5SKazutaka Miyasaka protected $oldAuthAcl; 8eb3ce0d5SKazutaka Miyasaka 9*1c33cec3SAndreas Gohr function setUp() : void { 10ff576d93SDominik Eckelmann parent::setUp(); 11eb3ce0d5SKazutaka Miyasaka global $auth; 12eb3ce0d5SKazutaka Miyasaka global $AUTH_ACL; 13eb3ce0d5SKazutaka Miyasaka 14eb3ce0d5SKazutaka Miyasaka $this->oldAuth = $auth; 15eb3ce0d5SKazutaka Miyasaka $this->oldAuthAcl = $AUTH_ACL; 16eb3ce0d5SKazutaka Miyasaka 174bdfdb32SPhy $auth = new AuthCaseInsensitivePlugin(); 18eb3ce0d5SKazutaka Miyasaka } 19eb3ce0d5SKazutaka Miyasaka 20*1c33cec3SAndreas Gohr function tearDown() : void { 21eb3ce0d5SKazutaka Miyasaka global $conf; 22eb3ce0d5SKazutaka Miyasaka global $AUTH_ACL; 23eb3ce0d5SKazutaka Miyasaka global $auth; 24eb3ce0d5SKazutaka Miyasaka 25eb3ce0d5SKazutaka Miyasaka $auth = $this->oldAuth; 26eb3ce0d5SKazutaka Miyasaka $AUTH_ACL = $this->oldAuthAcl; 27eb3ce0d5SKazutaka Miyasaka } 28eb3ce0d5SKazutaka Miyasaka 29eb3ce0d5SKazutaka Miyasaka function test_multiadmin_restricted_ropage() { 30eb3ce0d5SKazutaka Miyasaka global $conf; 31eb3ce0d5SKazutaka Miyasaka global $AUTH_ACL; 32eb3ce0d5SKazutaka Miyasaka 33eb3ce0d5SKazutaka Miyasaka $conf['superuser'] = 'John,doe,@Admin1,@admin2'; 34eb3ce0d5SKazutaka Miyasaka $conf['useacl'] = 1; 35eb3ce0d5SKazutaka Miyasaka 36eb3ce0d5SKazutaka Miyasaka $AUTH_ACL = array( 37eb3ce0d5SKazutaka Miyasaka '* @ALL 0', 38eb3ce0d5SKazutaka Miyasaka '* @Group1 8', 39eb3ce0d5SKazutaka Miyasaka '* @group2 8', 40eb3ce0d5SKazutaka Miyasaka 'namespace:page @Group1 1', 41eb3ce0d5SKazutaka Miyasaka 'namespace:page @group2 1', 42eb3ce0d5SKazutaka Miyasaka ); 43eb3ce0d5SKazutaka Miyasaka 44eb3ce0d5SKazutaka Miyasaka // anonymous user 45eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('page', '', array()), AUTH_NONE); 46eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('namespace:page', '', array()), AUTH_NONE); 47eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('namespace:*', '', array()), AUTH_NONE); 48eb3ce0d5SKazutaka Miyasaka 49eb3ce0d5SKazutaka Miyasaka // user with no matching group 50eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('page', 'jill', array('foo')), AUTH_NONE); 51eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('namespace:page', 'jill', array('foo')), AUTH_NONE); 52eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('namespace:*', 'jill', array('foo')), AUTH_NONE); 53eb3ce0d5SKazutaka Miyasaka 54eb3ce0d5SKazutaka Miyasaka // user with matching group 1 55eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('page', 'jill', array('foo', 'group1')), AUTH_UPLOAD); 56eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('namespace:page', 'jill', array('foo', 'group1')), AUTH_READ); 57eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('namespace:*', 'jill', array('foo', 'group1')), AUTH_UPLOAD); 58eb3ce0d5SKazutaka Miyasaka 59eb3ce0d5SKazutaka Miyasaka // user with matching group 2 60eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('page', 'jill', array('foo', 'Group2')), AUTH_UPLOAD); 61eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('namespace:page', 'jill', array('foo', 'Group2')), AUTH_READ); 62eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('namespace:*', 'jill', array('foo', 'Group2')), AUTH_UPLOAD); 63eb3ce0d5SKazutaka Miyasaka 64eb3ce0d5SKazutaka Miyasaka // super user John 65eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('page', 'john', array('foo')), AUTH_ADMIN); 66eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('namespace:page', 'john', array('foo')), AUTH_ADMIN); 67eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('namespace:*', 'john', array('foo')), AUTH_ADMIN); 68eb3ce0d5SKazutaka Miyasaka 69eb3ce0d5SKazutaka Miyasaka // super user doe 70eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('page', 'Doe', array('foo')), AUTH_ADMIN); 71eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('namespace:page', 'Doe', array('foo')), AUTH_ADMIN); 72eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('namespace:*', 'Doe', array('foo')), AUTH_ADMIN); 73eb3ce0d5SKazutaka Miyasaka 74eb3ce0d5SKazutaka Miyasaka // user with matching admin group 1 75eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('page', 'jill', array('foo', 'admin1')), AUTH_ADMIN); 76eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('namespace:page', 'jill', array('foo', 'admin1')), AUTH_ADMIN); 77eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('namespace:*', 'jill', array('foo', 'admin1')), AUTH_ADMIN); 78eb3ce0d5SKazutaka Miyasaka 79eb3ce0d5SKazutaka Miyasaka // user with matching admin group 2 80eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('page', 'jill', array('foo', 'Admin2')), AUTH_ADMIN); 81eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('namespace:page', 'jill', array('foo', 'Admin2')), AUTH_ADMIN); 82eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('namespace:*', 'jill', array('foo', 'Admin2')), AUTH_ADMIN); 83eb3ce0d5SKazutaka Miyasaka } 84eb3ce0d5SKazutaka Miyasaka 85eb3ce0d5SKazutaka Miyasaka /* 86eb3ce0d5SKazutaka Miyasaka * Test aclcheck on @ALL group 87eb3ce0d5SKazutaka Miyasaka * 88eb3ce0d5SKazutaka Miyasaka * The default permission for @ALL group is AUTH_NONE. So we use an 89eb3ce0d5SKazutaka Miyasaka * ACL entry which grants @ALL group an AUTH_READ permission to see 90eb3ce0d5SKazutaka Miyasaka * whether ACL matching is properly done or not. 91eb3ce0d5SKazutaka Miyasaka */ 92eb3ce0d5SKazutaka Miyasaka function test_restricted_allread() { 93eb3ce0d5SKazutaka Miyasaka global $conf; 94eb3ce0d5SKazutaka Miyasaka global $AUTH_ACL; 95eb3ce0d5SKazutaka Miyasaka 96eb3ce0d5SKazutaka Miyasaka $conf['superuser'] = 'john'; 97eb3ce0d5SKazutaka Miyasaka $conf['useacl'] = 1; 98eb3ce0d5SKazutaka Miyasaka 99eb3ce0d5SKazutaka Miyasaka $AUTH_ACL = array( 100eb3ce0d5SKazutaka Miyasaka '* @ALL 1', 101eb3ce0d5SKazutaka Miyasaka '* @group1 8', 102eb3ce0d5SKazutaka Miyasaka ); 103eb3ce0d5SKazutaka Miyasaka 104eb3ce0d5SKazutaka Miyasaka // anonymous user 105eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('page', '', array()), AUTH_READ); 106eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('namespace:page', '', array()), AUTH_READ); 107eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('namespace:*', '', array()), AUTH_READ); 108eb3ce0d5SKazutaka Miyasaka 109eb3ce0d5SKazutaka Miyasaka // user with no matching group 110eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('page', 'jill', array('foo')), AUTH_READ); 111eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('namespace:page', 'jill', array('foo')), AUTH_READ); 112eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('namespace:*', 'jill', array('foo')), AUTH_READ); 113eb3ce0d5SKazutaka Miyasaka 114eb3ce0d5SKazutaka Miyasaka // user with matching group 115eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('page', 'jill', array('foo', 'Group1')), AUTH_UPLOAD); 116eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('namespace:page', 'jill', array('foo', 'Group1')), AUTH_UPLOAD); 117eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('namespace:*', 'jill', array('foo', 'Group1')), AUTH_UPLOAD); 118eb3ce0d5SKazutaka Miyasaka 119eb3ce0d5SKazutaka Miyasaka // super user 120eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('page', 'John', array('foo')), AUTH_ADMIN); 121eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('namespace:page', 'John', array('foo')), AUTH_ADMIN); 122eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('namespace:*', 'John', array('foo')), AUTH_ADMIN); 123eb3ce0d5SKazutaka Miyasaka } 124eb3ce0d5SKazutaka Miyasaka} 125