xref: /dokuwiki/_test/tests/inc/auth_aclcheck_caseinsensitive.test.php (revision e1d9dcc8b460b6f029ac9c8d5d3b8d23b6e73402) 
1<?php
2
3use dokuwiki\Extension\AuthPlugin;
4
5class auth_acl_caseinsensitive_auth extends AuthPlugin {
6    function isCaseSensitive() {
7        return false;
8    }
9}
10
11class auth_acl_caseinsensitive_test extends DokuWikiTest {
12    protected $oldAuth;
13    protected $oldAuthAcl;
14
15    function setUp() {
16        parent::setUp();
17        global $auth;
18        global $AUTH_ACL;
19
20        $this->oldAuth    = $auth;
21        $this->oldAuthAcl = $AUTH_ACL;
22
23        $auth = new auth_acl_caseinsensitive_auth();
24    }
25
26    function tearDown() {
27        global $conf;
28        global $AUTH_ACL;
29        global $auth;
30
31        $auth     = $this->oldAuth;
32        $AUTH_ACL = $this->oldAuthAcl;
33    }
34
35    function test_multiadmin_restricted_ropage() {
36        global $conf;
37        global $AUTH_ACL;
38
39        $conf['superuser'] = 'John,doe,@Admin1,@admin2';
40        $conf['useacl']    = 1;
41
42        $AUTH_ACL = array(
43            '*              @ALL       0',
44            '*              @Group1    8',
45            '*              @group2    8',
46            'namespace:page @Group1    1',
47            'namespace:page @group2    1',
48        );
49
50        // anonymous user
51        $this->assertEquals(auth_aclcheck('page',           '', array()), AUTH_NONE);
52        $this->assertEquals(auth_aclcheck('namespace:page', '', array()), AUTH_NONE);
53        $this->assertEquals(auth_aclcheck('namespace:*',    '', array()), AUTH_NONE);
54
55        // user with no matching group
56        $this->assertEquals(auth_aclcheck('page',           'jill', array('foo')), AUTH_NONE);
57        $this->assertEquals(auth_aclcheck('namespace:page', 'jill', array('foo')), AUTH_NONE);
58        $this->assertEquals(auth_aclcheck('namespace:*',    'jill', array('foo')), AUTH_NONE);
59
60        // user with matching group 1
61        $this->assertEquals(auth_aclcheck('page',           'jill', array('foo', 'group1')), AUTH_UPLOAD);
62        $this->assertEquals(auth_aclcheck('namespace:page', 'jill', array('foo', 'group1')), AUTH_READ);
63        $this->assertEquals(auth_aclcheck('namespace:*',    'jill', array('foo', 'group1')), AUTH_UPLOAD);
64
65        // user with matching group 2
66        $this->assertEquals(auth_aclcheck('page',           'jill', array('foo', 'Group2')), AUTH_UPLOAD);
67        $this->assertEquals(auth_aclcheck('namespace:page', 'jill', array('foo', 'Group2')), AUTH_READ);
68        $this->assertEquals(auth_aclcheck('namespace:*',    'jill', array('foo', 'Group2')), AUTH_UPLOAD);
69
70        // super user John
71        $this->assertEquals(auth_aclcheck('page',           'john', array('foo')), AUTH_ADMIN);
72        $this->assertEquals(auth_aclcheck('namespace:page', 'john', array('foo')), AUTH_ADMIN);
73        $this->assertEquals(auth_aclcheck('namespace:*',    'john', array('foo')), AUTH_ADMIN);
74
75        // super user doe
76        $this->assertEquals(auth_aclcheck('page',           'Doe', array('foo')), AUTH_ADMIN);
77        $this->assertEquals(auth_aclcheck('namespace:page', 'Doe', array('foo')), AUTH_ADMIN);
78        $this->assertEquals(auth_aclcheck('namespace:*',    'Doe', array('foo')), AUTH_ADMIN);
79
80        // user with matching admin group 1
81        $this->assertEquals(auth_aclcheck('page',           'jill', array('foo', 'admin1')), AUTH_ADMIN);
82        $this->assertEquals(auth_aclcheck('namespace:page', 'jill', array('foo', 'admin1')), AUTH_ADMIN);
83        $this->assertEquals(auth_aclcheck('namespace:*',    'jill', array('foo', 'admin1')), AUTH_ADMIN);
84
85        // user with matching admin group 2
86        $this->assertEquals(auth_aclcheck('page',           'jill', array('foo', 'Admin2')), AUTH_ADMIN);
87        $this->assertEquals(auth_aclcheck('namespace:page', 'jill', array('foo', 'Admin2')), AUTH_ADMIN);
88        $this->assertEquals(auth_aclcheck('namespace:*',    'jill', array('foo', 'Admin2')), AUTH_ADMIN);
89    }
90
91    /*
92     * Test aclcheck on @ALL group
93     *
94     * The default permission for @ALL group is AUTH_NONE. So we use an
95     * ACL entry which grants @ALL group an AUTH_READ permission to see
96     * whether ACL matching is properly done or not.
97     */
98    function test_restricted_allread() {
99        global $conf;
100        global $AUTH_ACL;
101
102        $conf['superuser'] = 'john';
103        $conf['useacl']    = 1;
104
105        $AUTH_ACL = array(
106            '*           @ALL           1',
107            '*           @group1        8',
108        );
109
110        // anonymous user
111        $this->assertEquals(auth_aclcheck('page',           '', array()), AUTH_READ);
112        $this->assertEquals(auth_aclcheck('namespace:page', '', array()), AUTH_READ);
113        $this->assertEquals(auth_aclcheck('namespace:*',    '', array()), AUTH_READ);
114
115        // user with no matching group
116        $this->assertEquals(auth_aclcheck('page',           'jill', array('foo')), AUTH_READ);
117        $this->assertEquals(auth_aclcheck('namespace:page', 'jill', array('foo')), AUTH_READ);
118        $this->assertEquals(auth_aclcheck('namespace:*',    'jill', array('foo')), AUTH_READ);
119
120        // user with matching group
121        $this->assertEquals(auth_aclcheck('page',           'jill', array('foo', 'Group1')), AUTH_UPLOAD);
122        $this->assertEquals(auth_aclcheck('namespace:page', 'jill', array('foo', 'Group1')), AUTH_UPLOAD);
123        $this->assertEquals(auth_aclcheck('namespace:*',    'jill', array('foo', 'Group1')), AUTH_UPLOAD);
124
125        // super user
126        $this->assertEquals(auth_aclcheck('page',           'John', array('foo')), AUTH_ADMIN);
127        $this->assertEquals(auth_aclcheck('namespace:page', 'John', array('foo')), AUTH_ADMIN);
128        $this->assertEquals(auth_aclcheck('namespace:*',    'John', array('foo')), AUTH_ADMIN);
129    }
130}
131