1eb3ce0d5SKazutaka Miyasaka<?php 2eb3ce0d5SKazutaka Miyasaka 3eb3ce0d5SKazutaka Miyasakaclass auth_acl_caseinsensitive_auth extends auth_basic { 4eb3ce0d5SKazutaka Miyasaka function isCaseSensitive() { 5eb3ce0d5SKazutaka Miyasaka return false; 6eb3ce0d5SKazutaka Miyasaka } 7eb3ce0d5SKazutaka Miyasaka} 8eb3ce0d5SKazutaka Miyasaka 9eb3ce0d5SKazutaka Miyasakaclass auth_acl_caseinsensitive_test extends DokuWikiTest { 10eb3ce0d5SKazutaka Miyasaka protected $oldAuth; 11eb3ce0d5SKazutaka Miyasaka protected $oldAuthAcl; 12eb3ce0d5SKazutaka Miyasaka 13*ff576d93SDominik Eckelmann function setUp() { 14*ff576d93SDominik Eckelmann parent::setUp(); 15eb3ce0d5SKazutaka Miyasaka global $auth; 16eb3ce0d5SKazutaka Miyasaka global $AUTH_ACL; 17eb3ce0d5SKazutaka Miyasaka 18eb3ce0d5SKazutaka Miyasaka $this->oldAuth = $auth; 19eb3ce0d5SKazutaka Miyasaka $this->oldAuthAcl = $AUTH_ACL; 20eb3ce0d5SKazutaka Miyasaka 21eb3ce0d5SKazutaka Miyasaka $auth = new auth_acl_caseinsensitive_auth(); 22eb3ce0d5SKazutaka Miyasaka } 23eb3ce0d5SKazutaka Miyasaka 24*ff576d93SDominik Eckelmann function tearDown() { 25eb3ce0d5SKazutaka Miyasaka global $conf; 26eb3ce0d5SKazutaka Miyasaka global $AUTH_ACL; 27eb3ce0d5SKazutaka Miyasaka global $auth; 28eb3ce0d5SKazutaka Miyasaka 29eb3ce0d5SKazutaka Miyasaka $auth = $this->oldAuth; 30eb3ce0d5SKazutaka Miyasaka $AUTH_ACL = $this->oldAuthAcl; 31eb3ce0d5SKazutaka Miyasaka } 32eb3ce0d5SKazutaka Miyasaka 33eb3ce0d5SKazutaka Miyasaka function test_multiadmin_restricted_ropage() { 34eb3ce0d5SKazutaka Miyasaka global $conf; 35eb3ce0d5SKazutaka Miyasaka global $AUTH_ACL; 36eb3ce0d5SKazutaka Miyasaka 37eb3ce0d5SKazutaka Miyasaka $conf['superuser'] = 'John,doe,@Admin1,@admin2'; 38eb3ce0d5SKazutaka Miyasaka $conf['useacl'] = 1; 39eb3ce0d5SKazutaka Miyasaka 40eb3ce0d5SKazutaka Miyasaka $AUTH_ACL = array( 41eb3ce0d5SKazutaka Miyasaka '* @ALL 0', 42eb3ce0d5SKazutaka Miyasaka '* @Group1 8', 43eb3ce0d5SKazutaka Miyasaka '* @group2 8', 44eb3ce0d5SKazutaka Miyasaka 'namespace:page @Group1 1', 45eb3ce0d5SKazutaka Miyasaka 'namespace:page @group2 1', 46eb3ce0d5SKazutaka Miyasaka ); 47eb3ce0d5SKazutaka Miyasaka 48eb3ce0d5SKazutaka Miyasaka // anonymous user 49eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('page', '', array()), AUTH_NONE); 50eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('namespace:page', '', array()), AUTH_NONE); 51eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('namespace:*', '', array()), AUTH_NONE); 52eb3ce0d5SKazutaka Miyasaka 53eb3ce0d5SKazutaka Miyasaka // user with no matching group 54eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('page', 'jill', array('foo')), AUTH_NONE); 55eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('namespace:page', 'jill', array('foo')), AUTH_NONE); 56eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('namespace:*', 'jill', array('foo')), AUTH_NONE); 57eb3ce0d5SKazutaka Miyasaka 58eb3ce0d5SKazutaka Miyasaka // user with matching group 1 59eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('page', 'jill', array('foo', 'group1')), AUTH_UPLOAD); 60eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('namespace:page', 'jill', array('foo', 'group1')), AUTH_READ); 61eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('namespace:*', 'jill', array('foo', 'group1')), AUTH_UPLOAD); 62eb3ce0d5SKazutaka Miyasaka 63eb3ce0d5SKazutaka Miyasaka // user with matching group 2 64eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('page', 'jill', array('foo', 'Group2')), AUTH_UPLOAD); 65eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('namespace:page', 'jill', array('foo', 'Group2')), AUTH_READ); 66eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('namespace:*', 'jill', array('foo', 'Group2')), AUTH_UPLOAD); 67eb3ce0d5SKazutaka Miyasaka 68eb3ce0d5SKazutaka Miyasaka // super user John 69eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('page', 'john', array('foo')), AUTH_ADMIN); 70eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('namespace:page', 'john', array('foo')), AUTH_ADMIN); 71eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('namespace:*', 'john', array('foo')), AUTH_ADMIN); 72eb3ce0d5SKazutaka Miyasaka 73eb3ce0d5SKazutaka Miyasaka // super user doe 74eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('page', 'Doe', array('foo')), AUTH_ADMIN); 75eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('namespace:page', 'Doe', array('foo')), AUTH_ADMIN); 76eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('namespace:*', 'Doe', array('foo')), AUTH_ADMIN); 77eb3ce0d5SKazutaka Miyasaka 78eb3ce0d5SKazutaka Miyasaka // user with matching admin group 1 79eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('page', 'jill', array('foo', 'admin1')), AUTH_ADMIN); 80eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('namespace:page', 'jill', array('foo', 'admin1')), AUTH_ADMIN); 81eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('namespace:*', 'jill', array('foo', 'admin1')), AUTH_ADMIN); 82eb3ce0d5SKazutaka Miyasaka 83eb3ce0d5SKazutaka Miyasaka // user with matching admin group 2 84eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('page', 'jill', array('foo', 'Admin2')), AUTH_ADMIN); 85eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('namespace:page', 'jill', array('foo', 'Admin2')), AUTH_ADMIN); 86eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('namespace:*', 'jill', array('foo', 'Admin2')), AUTH_ADMIN); 87eb3ce0d5SKazutaka Miyasaka } 88eb3ce0d5SKazutaka Miyasaka 89eb3ce0d5SKazutaka Miyasaka /* 90eb3ce0d5SKazutaka Miyasaka * Test aclcheck on @ALL group 91eb3ce0d5SKazutaka Miyasaka * 92eb3ce0d5SKazutaka Miyasaka * The default permission for @ALL group is AUTH_NONE. So we use an 93eb3ce0d5SKazutaka Miyasaka * ACL entry which grants @ALL group an AUTH_READ permission to see 94eb3ce0d5SKazutaka Miyasaka * whether ACL matching is properly done or not. 95eb3ce0d5SKazutaka Miyasaka */ 96eb3ce0d5SKazutaka Miyasaka function test_restricted_allread() { 97eb3ce0d5SKazutaka Miyasaka global $conf; 98eb3ce0d5SKazutaka Miyasaka global $AUTH_ACL; 99eb3ce0d5SKazutaka Miyasaka 100eb3ce0d5SKazutaka Miyasaka $conf['superuser'] = 'john'; 101eb3ce0d5SKazutaka Miyasaka $conf['useacl'] = 1; 102eb3ce0d5SKazutaka Miyasaka 103eb3ce0d5SKazutaka Miyasaka $AUTH_ACL = array( 104eb3ce0d5SKazutaka Miyasaka '* @ALL 1', 105eb3ce0d5SKazutaka Miyasaka '* @group1 8', 106eb3ce0d5SKazutaka Miyasaka ); 107eb3ce0d5SKazutaka Miyasaka 108eb3ce0d5SKazutaka Miyasaka // anonymous user 109eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('page', '', array()), AUTH_READ); 110eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('namespace:page', '', array()), AUTH_READ); 111eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('namespace:*', '', array()), AUTH_READ); 112eb3ce0d5SKazutaka Miyasaka 113eb3ce0d5SKazutaka Miyasaka // user with no matching group 114eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('page', 'jill', array('foo')), AUTH_READ); 115eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('namespace:page', 'jill', array('foo')), AUTH_READ); 116eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('namespace:*', 'jill', array('foo')), AUTH_READ); 117eb3ce0d5SKazutaka Miyasaka 118eb3ce0d5SKazutaka Miyasaka // user with matching group 119eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('page', 'jill', array('foo', 'Group1')), AUTH_UPLOAD); 120eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('namespace:page', 'jill', array('foo', 'Group1')), AUTH_UPLOAD); 121eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('namespace:*', 'jill', array('foo', 'Group1')), AUTH_UPLOAD); 122eb3ce0d5SKazutaka Miyasaka 123eb3ce0d5SKazutaka Miyasaka // super user 124eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('page', 'John', array('foo')), AUTH_ADMIN); 125eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('namespace:page', 'John', array('foo')), AUTH_ADMIN); 126eb3ce0d5SKazutaka Miyasaka $this->assertEquals(auth_aclcheck('namespace:*', 'John', array('foo')), AUTH_ADMIN); 127eb3ce0d5SKazutaka Miyasaka } 128eb3ce0d5SKazutaka Miyasaka} 129