diff options
| author | Kazutaka Miyasaka <kazmiya@gmail.com> | 2012-11-25 21:02:32 +0900 |
|---|---|---|
| committer | Kazutaka Miyasaka <kazmiya@gmail.com> | 2012-11-25 21:02:32 +0900 |
| commit | eb3ce0d55290dd4a60193e680aa50b46571350bd (patch) | |
| tree | d56fb1a469918b76d8e4e2462d5db3ca75c616b1 /_test/tests | |
| parent | b7183bb542c52e0826a76346fd9005da965a9ac5 (diff) | |
| download | rpg-eb3ce0d55290dd4a60193e680aa50b46571350bd.tar.gz rpg-eb3ce0d55290dd4a60193e680aa50b46571350bd.tar.bz2 | |
Fix case-insensitive match in ACL checking
ACL checking of DokuWiki is currently always case-sensitive
regardless of auth backend setting ($auth->isCaseSensitive).
This commit enables case-insensitive match in the same way
of auth_isMember().
Diffstat (limited to '_test/tests')
| -rw-r--r-- | _test/tests/inc/auth_aclcheck_caseinsensitive.test.php | 131 |
1 files changed, 131 insertions, 0 deletions
diff --git a/_test/tests/inc/auth_aclcheck_caseinsensitive.test.php b/_test/tests/inc/auth_aclcheck_caseinsensitive.test.php new file mode 100644 index 000000000..9f1fb6aa0 --- /dev/null +++ b/_test/tests/inc/auth_aclcheck_caseinsensitive.test.php @@ -0,0 +1,131 @@ +<?php + +class auth_acl_caseinsensitive_auth extends auth_basic { + function isCaseSensitive() { + return false; + } +} + +class auth_acl_caseinsensitive_test extends DokuWikiTest { + protected $oldConf; + protected $oldAuth; + protected $oldAuthAcl; + + function setup() { + global $conf; + global $auth; + global $AUTH_ACL; + + $this->oldConf = $conf; + $this->oldAuth = $auth; + $this->oldAuthAcl = $AUTH_ACL; + + $auth = new auth_acl_caseinsensitive_auth(); + } + + function teardown() { + global $conf; + global $AUTH_ACL; + global $auth; + + $conf = $this->oldConf; + $auth = $this->oldAuth; + $AUTH_ACL = $this->oldAuthAcl; + } + + function test_multiadmin_restricted_ropage() { + global $conf; + global $AUTH_ACL; + + $conf['superuser'] = 'John,doe,@Admin1,@admin2'; + $conf['useacl'] = 1; + + $AUTH_ACL = array( + '* @ALL 0', + '* @Group1 8', + '* @group2 8', + 'namespace:page @Group1 1', + 'namespace:page @group2 1', + ); + + // anonymous user + $this->assertEquals(auth_aclcheck('page', '', array()), AUTH_NONE); + $this->assertEquals(auth_aclcheck('namespace:page', '', array()), AUTH_NONE); + $this->assertEquals(auth_aclcheck('namespace:*', '', array()), AUTH_NONE); + + // user with no matching group + $this->assertEquals(auth_aclcheck('page', 'jill', array('foo')), AUTH_NONE); + $this->assertEquals(auth_aclcheck('namespace:page', 'jill', array('foo')), AUTH_NONE); + $this->assertEquals(auth_aclcheck('namespace:*', 'jill', array('foo')), AUTH_NONE); + + // user with matching group 1 + $this->assertEquals(auth_aclcheck('page', 'jill', array('foo', 'group1')), AUTH_UPLOAD); + $this->assertEquals(auth_aclcheck('namespace:page', 'jill', array('foo', 'group1')), AUTH_READ); + $this->assertEquals(auth_aclcheck('namespace:*', 'jill', array('foo', 'group1')), AUTH_UPLOAD); + + // user with matching group 2 + $this->assertEquals(auth_aclcheck('page', 'jill', array('foo', 'Group2')), AUTH_UPLOAD); + $this->assertEquals(auth_aclcheck('namespace:page', 'jill', array('foo', 'Group2')), AUTH_READ); + $this->assertEquals(auth_aclcheck('namespace:*', 'jill', array('foo', 'Group2')), AUTH_UPLOAD); + + // super user John + $this->assertEquals(auth_aclcheck('page', 'john', array('foo')), AUTH_ADMIN); + $this->assertEquals(auth_aclcheck('namespace:page', 'john', array('foo')), AUTH_ADMIN); + $this->assertEquals(auth_aclcheck('namespace:*', 'john', array('foo')), AUTH_ADMIN); + + // super user doe + $this->assertEquals(auth_aclcheck('page', 'Doe', array('foo')), AUTH_ADMIN); + $this->assertEquals(auth_aclcheck('namespace:page', 'Doe', array('foo')), AUTH_ADMIN); + $this->assertEquals(auth_aclcheck('namespace:*', 'Doe', array('foo')), AUTH_ADMIN); + + // user with matching admin group 1 + $this->assertEquals(auth_aclcheck('page', 'jill', array('foo', 'admin1')), AUTH_ADMIN); + $this->assertEquals(auth_aclcheck('namespace:page', 'jill', array('foo', 'admin1')), AUTH_ADMIN); + $this->assertEquals(auth_aclcheck('namespace:*', 'jill', array('foo', 'admin1')), AUTH_ADMIN); + + // user with matching admin group 2 + $this->assertEquals(auth_aclcheck('page', 'jill', array('foo', 'Admin2')), AUTH_ADMIN); + $this->assertEquals(auth_aclcheck('namespace:page', 'jill', array('foo', 'Admin2')), AUTH_ADMIN); + $this->assertEquals(auth_aclcheck('namespace:*', 'jill', array('foo', 'Admin2')), AUTH_ADMIN); + } + + /* + * Test aclcheck on @ALL group + * + * The default permission for @ALL group is AUTH_NONE. So we use an + * ACL entry which grants @ALL group an AUTH_READ permission to see + * whether ACL matching is properly done or not. + */ + function test_restricted_allread() { + global $conf; + global $AUTH_ACL; + + $conf['superuser'] = 'john'; + $conf['useacl'] = 1; + + $AUTH_ACL = array( + '* @ALL 1', + '* @group1 8', + ); + + // anonymous user + $this->assertEquals(auth_aclcheck('page', '', array()), AUTH_READ); + $this->assertEquals(auth_aclcheck('namespace:page', '', array()), AUTH_READ); + $this->assertEquals(auth_aclcheck('namespace:*', '', array()), AUTH_READ); + + // user with no matching group + $this->assertEquals(auth_aclcheck('page', 'jill', array('foo')), AUTH_READ); + $this->assertEquals(auth_aclcheck('namespace:page', 'jill', array('foo')), AUTH_READ); + $this->assertEquals(auth_aclcheck('namespace:*', 'jill', array('foo')), AUTH_READ); + + // user with matching group + $this->assertEquals(auth_aclcheck('page', 'jill', array('foo', 'Group1')), AUTH_UPLOAD); + $this->assertEquals(auth_aclcheck('namespace:page', 'jill', array('foo', 'Group1')), AUTH_UPLOAD); + $this->assertEquals(auth_aclcheck('namespace:*', 'jill', array('foo', 'Group1')), AUTH_UPLOAD); + + // super user + $this->assertEquals(auth_aclcheck('page', 'John', array('foo')), AUTH_ADMIN); + $this->assertEquals(auth_aclcheck('namespace:page', 'John', array('foo')), AUTH_ADMIN); + $this->assertEquals(auth_aclcheck('namespace:*', 'John', array('foo')), AUTH_ADMIN); + } +} |