1*eb3ce0d5SKazutaka Miyasaka<?php 2*eb3ce0d5SKazutaka Miyasaka 3*eb3ce0d5SKazutaka Miyasakaclass auth_acl_caseinsensitive_auth extends auth_basic { 4*eb3ce0d5SKazutaka Miyasaka function isCaseSensitive() { 5*eb3ce0d5SKazutaka Miyasaka return false; 6*eb3ce0d5SKazutaka Miyasaka } 7*eb3ce0d5SKazutaka Miyasaka} 8*eb3ce0d5SKazutaka Miyasaka 9*eb3ce0d5SKazutaka Miyasakaclass auth_acl_caseinsensitive_test extends DokuWikiTest { 10*eb3ce0d5SKazutaka Miyasaka protected $oldConf; 11*eb3ce0d5SKazutaka Miyasaka protected $oldAuth; 12*eb3ce0d5SKazutaka Miyasaka protected $oldAuthAcl; 13*eb3ce0d5SKazutaka Miyasaka 14*eb3ce0d5SKazutaka Miyasaka function setup() { 15*eb3ce0d5SKazutaka Miyasaka global $conf; 16*eb3ce0d5SKazutaka Miyasaka global $auth; 17*eb3ce0d5SKazutaka Miyasaka global $AUTH_ACL; 18*eb3ce0d5SKazutaka Miyasaka 19*eb3ce0d5SKazutaka Miyasaka $this->oldConf = $conf; 20*eb3ce0d5SKazutaka Miyasaka $this->oldAuth = $auth; 21*eb3ce0d5SKazutaka Miyasaka $this->oldAuthAcl = $AUTH_ACL; 22*eb3ce0d5SKazutaka Miyasaka 23*eb3ce0d5SKazutaka Miyasaka $auth = new auth_acl_caseinsensitive_auth(); 24*eb3ce0d5SKazutaka Miyasaka } 25*eb3ce0d5SKazutaka Miyasaka 26*eb3ce0d5SKazutaka Miyasaka function teardown() { 27*eb3ce0d5SKazutaka Miyasaka global $conf; 28*eb3ce0d5SKazutaka Miyasaka global $AUTH_ACL; 29*eb3ce0d5SKazutaka Miyasaka global $auth; 30*eb3ce0d5SKazutaka Miyasaka 31*eb3ce0d5SKazutaka Miyasaka $conf = $this->oldConf; 32*eb3ce0d5SKazutaka Miyasaka $auth = $this->oldAuth; 33*eb3ce0d5SKazutaka Miyasaka $AUTH_ACL = $this->oldAuthAcl; 34*eb3ce0d5SKazutaka Miyasaka } 35*eb3ce0d5SKazutaka Miyasaka 36*eb3ce0d5SKazutaka Miyasaka function test_multiadmin_restricted_ropage() { 37*eb3ce0d5SKazutaka Miyasaka global $conf; 38*eb3ce0d5SKazutaka Miyasaka global $AUTH_ACL; 39*eb3ce0d5SKazutaka Miyasaka 40*eb3ce0d5SKazutaka Miyasaka $conf['superuser'] = 'John,doe,@Admin1,@admin2'; 41*eb3ce0d5SKazutaka Miyasaka $conf['useacl'] = 1; 42*eb3ce0d5SKazutaka Miyasaka 43*eb3ce0d5SKazutaka Miyasaka $AUTH_ACL = array( 44*eb3ce0d5SKazutaka Miyasaka '* @ALL 0', 45*eb3ce0d5SKazutaka Miyasaka '* @Group1 8', 46*eb3ce0d5SKazutaka Miyasaka '* @group2 8', 47*eb3ce0d5SKazutaka Miyasaka 'namespace:page @Group1 1', 48*eb3ce0d5SKazutaka Miyasaka 'namespace:page @group2 1', 49*eb3ce0d5SKazutaka Miyasaka ); 50*eb3ce0d5SKazutaka Miyasaka 51*eb3ce0d5SKazutaka Miyasaka // anonymous user 52*eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('page', '', array()), AUTH_NONE); 53*eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('namespace:page', '', array()), AUTH_NONE); 54*eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('namespace:*', '', array()), AUTH_NONE); 55*eb3ce0d5SKazutaka Miyasaka 56*eb3ce0d5SKazutaka Miyasaka // user with no matching group 57*eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('page', 'jill', array('foo')), AUTH_NONE); 58*eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('namespace:page', 'jill', array('foo')), AUTH_NONE); 59*eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('namespace:*', 'jill', array('foo')), AUTH_NONE); 60*eb3ce0d5SKazutaka Miyasaka 61*eb3ce0d5SKazutaka Miyasaka // user with matching group 1 62*eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('page', 'jill', array('foo', 'group1')), AUTH_UPLOAD); 63*eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('namespace:page', 'jill', array('foo', 'group1')), AUTH_READ); 64*eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('namespace:*', 'jill', array('foo', 'group1')), AUTH_UPLOAD); 65*eb3ce0d5SKazutaka Miyasaka 66*eb3ce0d5SKazutaka Miyasaka // user with matching group 2 67*eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('page', 'jill', array('foo', 'Group2')), AUTH_UPLOAD); 68*eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('namespace:page', 'jill', array('foo', 'Group2')), AUTH_READ); 69*eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('namespace:*', 'jill', array('foo', 'Group2')), AUTH_UPLOAD); 70*eb3ce0d5SKazutaka Miyasaka 71*eb3ce0d5SKazutaka Miyasaka // super user John 72*eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('page', 'john', array('foo')), AUTH_ADMIN); 73*eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('namespace:page', 'john', array('foo')), AUTH_ADMIN); 74*eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('namespace:*', 'john', array('foo')), AUTH_ADMIN); 75*eb3ce0d5SKazutaka Miyasaka 76*eb3ce0d5SKazutaka Miyasaka // super user doe 77*eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('page', 'Doe', array('foo')), AUTH_ADMIN); 78*eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('namespace:page', 'Doe', array('foo')), AUTH_ADMIN); 79*eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('namespace:*', 'Doe', array('foo')), AUTH_ADMIN); 80*eb3ce0d5SKazutaka Miyasaka 81*eb3ce0d5SKazutaka Miyasaka // user with matching admin group 1 82*eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('page', 'jill', array('foo', 'admin1')), AUTH_ADMIN); 83*eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('namespace:page', 'jill', array('foo', 'admin1')), AUTH_ADMIN); 84*eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('namespace:*', 'jill', array('foo', 'admin1')), AUTH_ADMIN); 85*eb3ce0d5SKazutaka Miyasaka 86*eb3ce0d5SKazutaka Miyasaka // user with matching admin group 2 87*eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('page', 'jill', array('foo', 'Admin2')), AUTH_ADMIN); 88*eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('namespace:page', 'jill', array('foo', 'Admin2')), AUTH_ADMIN); 89*eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('namespace:*', 'jill', array('foo', 'Admin2')), AUTH_ADMIN); 90*eb3ce0d5SKazutaka Miyasaka } 91*eb3ce0d5SKazutaka Miyasaka 92*eb3ce0d5SKazutaka Miyasaka /* 93*eb3ce0d5SKazutaka Miyasaka * Test aclcheck on @ALL group 94*eb3ce0d5SKazutaka Miyasaka * 95*eb3ce0d5SKazutaka Miyasaka * The default permission for @ALL group is AUTH_NONE. So we use an 96*eb3ce0d5SKazutaka Miyasaka * ACL entry which grants @ALL group an AUTH_READ permission to see 97*eb3ce0d5SKazutaka Miyasaka * whether ACL matching is properly done or not. 98*eb3ce0d5SKazutaka Miyasaka */ 99*eb3ce0d5SKazutaka Miyasaka function test_restricted_allread() { 100*eb3ce0d5SKazutaka Miyasaka global $conf; 101*eb3ce0d5SKazutaka Miyasaka global $AUTH_ACL; 102*eb3ce0d5SKazutaka Miyasaka 103*eb3ce0d5SKazutaka Miyasaka $conf['superuser'] = 'john'; 104*eb3ce0d5SKazutaka Miyasaka $conf['useacl'] = 1; 105*eb3ce0d5SKazutaka Miyasaka 106*eb3ce0d5SKazutaka Miyasaka $AUTH_ACL = array( 107*eb3ce0d5SKazutaka Miyasaka '* @ALL 1', 108*eb3ce0d5SKazutaka Miyasaka '* @group1 8', 109*eb3ce0d5SKazutaka Miyasaka ); 110*eb3ce0d5SKazutaka Miyasaka 111*eb3ce0d5SKazutaka Miyasaka // anonymous user 112*eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('page', '', array()), AUTH_READ); 113*eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('namespace:page', '', array()), AUTH_READ); 114*eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('namespace:*', '', array()), AUTH_READ); 115*eb3ce0d5SKazutaka Miyasaka 116*eb3ce0d5SKazutaka Miyasaka // user with no matching group 117*eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('page', 'jill', array('foo')), AUTH_READ); 118*eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('namespace:page', 'jill', array('foo')), AUTH_READ); 119*eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('namespace:*', 'jill', array('foo')), AUTH_READ); 120*eb3ce0d5SKazutaka Miyasaka 121*eb3ce0d5SKazutaka Miyasaka // user with matching group 122*eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('page', 'jill', array('foo', 'Group1')), AUTH_UPLOAD); 123*eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('namespace:page', 'jill', array('foo', 'Group1')), AUTH_UPLOAD); 124*eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('namespace:*', 'jill', array('foo', 'Group1')), AUTH_UPLOAD); 125*eb3ce0d5SKazutaka Miyasaka 126*eb3ce0d5SKazutaka Miyasaka // super user 127*eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('page', 'John', array('foo')), AUTH_ADMIN); 128*eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('namespace:page', 'John', array('foo')), AUTH_ADMIN); 129*eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('namespace:*', 'John', array('foo')), AUTH_ADMIN); 130*eb3ce0d5SKazutaka Miyasaka } 131*eb3ce0d5SKazutaka Miyasaka} 132