diff options
| author | Andreas Gohr <andi@splitbrain.org> | 2012-06-30 14:19:51 +0200 |
|---|---|---|
| committer | Andreas Gohr <andi@splitbrain.org> | 2012-06-30 14:20:51 +0200 |
| commit | 32e82180a785b09b1886cf44ecca5ed22ce37b9d (patch) | |
| tree | 2e759bdab80a1cdfab92207ae1c406ee613e605c | |
| parent | 772c924913365ea9be90e667f6d06cdcef3ab4ec (diff) | |
| download | rpg-32e82180a785b09b1886cf44ecca5ed22ce37b9d.tar.gz rpg-32e82180a785b09b1886cf44ecca5ed22ce37b9d.tar.bz2 | |
fixed group wildcards and added tests
| -rw-r--r-- | _test/conf/acl.auth.php | 6 | ||||
| -rw-r--r-- | _test/tests/inc/auth_aclcheck.test.php | 27 | ||||
| -rw-r--r-- | inc/auth.php | 16 |
3 files changed, 43 insertions, 6 deletions
diff --git a/_test/conf/acl.auth.php b/_test/conf/acl.auth.php index 14344d778..8a1b01f23 100644 --- a/_test/conf/acl.auth.php +++ b/_test/conf/acl.auth.php @@ -19,3 +19,9 @@ # delete 16 * @ALL 8 + +# for testing wildcards: +users:* @ALL 1 +users:%USER%:* %USER% 16 +groups:* @ALL 1 +groups:%GROUP%:* %GROUP% 16 diff --git a/_test/tests/inc/auth_aclcheck.test.php b/_test/tests/inc/auth_aclcheck.test.php index ea48ec6a5..991f82da7 100644 --- a/_test/tests/inc/auth_aclcheck.test.php +++ b/_test/tests/inc/auth_aclcheck.test.php @@ -235,6 +235,33 @@ class auth_acl_test extends DokuWikiTest { $this->assertEquals(auth_aclcheck('namespace:*', 'jill',array('foo','roots')), AUTH_ADMIN); } + function test_wildcards(){ + global $conf; + global $AUTH_ACL; + global $USERINFO; + $conf['useacl'] = 1; + + $_SERVER['REMOTE_USER'] = 'john'; + $USERINFO['grps'] = array('test','töst','foo bar'); + $AUTH_ACL = auth_loadACL(); // default test file + + // default setting + $this->assertEquals(AUTH_UPLOAD, auth_aclcheck('page', $_SERVER['REMOTE_USER'], $USERINFO['grps'])); + + // user namespace + $this->assertEquals(AUTH_DELETE, auth_aclcheck('users:john:foo', $_SERVER['REMOTE_USER'], $USERINFO['grps'])); + $this->assertEquals(AUTH_READ, auth_aclcheck('users:john:foo', 'schmock', array())); + + // group namespace + $this->assertEquals(AUTH_DELETE, auth_aclcheck('groups:test:foo', $_SERVER['REMOTE_USER'], $USERINFO['grps'])); + $this->assertEquals(AUTH_READ, auth_aclcheck('groups:test:foo', 'schmock', array())); + $this->assertEquals(AUTH_DELETE, auth_aclcheck('groups:toest:foo', $_SERVER['REMOTE_USER'], $USERINFO['grps'])); + $this->assertEquals(AUTH_READ, auth_aclcheck('groups:toest:foo', 'schmock', array())); + $this->assertEquals(AUTH_DELETE, auth_aclcheck('groups:foo_bar:foo', $_SERVER['REMOTE_USER'], $USERINFO['grps'])); + $this->assertEquals(AUTH_READ, auth_aclcheck('groups:foo_bar:foo', 'schmock', array())); + + } + } //Setup VIM: ex: et ts=4 : diff --git a/inc/auth.php b/inc/auth.php index fbdb2b439..26f4000fd 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -130,24 +130,28 @@ function auth_loadACL() { $acl = file($config_cascade['acl']['default']); //support user wildcard + $out = array(); if(isset($_SERVER['REMOTE_USER'])){ $len = count($acl); for($i = 0; $i < $len; $i++) { if($acl[$i]{0} == '#') continue; + if(!trim($acl[$i])) continue; list($id,$rest) = preg_split('/\s+/',$acl[$i],2); + if(strstr($acl[$i], '%GROUP%')){ foreach($USERINFO['grps'] as $grp){ $nid = str_replace('%GROUP%',cleanID($grp),$id); - $nrest = str_replace('%GROUP%',auth_nameencode($grp),$rest); - $acl[] = "$nid\t$nrest"; + $nrest = str_replace('%GROUP%','@'.auth_nameencode($grp),$rest); + $out[] = "$nid\t$nrest"; } + } else { + $id = str_replace('%USER%',cleanID($_SERVER['REMOTE_USER']),$id); + $rest = str_replace('%USER%',auth_nameencode($_SERVER['REMOTE_USER']),$rest); + $out[] = "$id\t$rest"; } - $id = str_replace('%USER%',cleanID($_SERVER['REMOTE_USER']),$id); - $rest = str_replace('%USER%',auth_nameencode($_SERVER['REMOTE_USER']),$rest); - $acl[$i] = "$id\t$rest"; } } - return $acl; + return $out; } /** |