summaryrefslogtreecommitdiff
path: root/_test
diff options
context:
space:
mode:
authorKazutaka Miyasaka <kazmiya@gmail.com>2012-11-25 21:02:32 +0900
committerKazutaka Miyasaka <kazmiya@gmail.com>2012-11-25 21:02:32 +0900
commiteb3ce0d55290dd4a60193e680aa50b46571350bd (patch)
treed56fb1a469918b76d8e4e2462d5db3ca75c616b1 /_test
parentb7183bb542c52e0826a76346fd9005da965a9ac5 (diff)
downloadrpg-eb3ce0d55290dd4a60193e680aa50b46571350bd.tar.gz
rpg-eb3ce0d55290dd4a60193e680aa50b46571350bd.tar.bz2
Fix case-insensitive match in ACL checking
ACL checking of DokuWiki is currently always case-sensitive regardless of auth backend setting ($auth->isCaseSensitive). This commit enables case-insensitive match in the same way of auth_isMember().
Diffstat (limited to '_test')
-rw-r--r--_test/tests/inc/auth_aclcheck_caseinsensitive.test.php131
1 files changed, 131 insertions, 0 deletions
diff --git a/_test/tests/inc/auth_aclcheck_caseinsensitive.test.php b/_test/tests/inc/auth_aclcheck_caseinsensitive.test.php
new file mode 100644
index 000000000..9f1fb6aa0
--- /dev/null
+++ b/_test/tests/inc/auth_aclcheck_caseinsensitive.test.php
@@ -0,0 +1,131 @@
+<?php
+
+class auth_acl_caseinsensitive_auth extends auth_basic {
+ function isCaseSensitive() {
+ return false;
+ }
+}
+
+class auth_acl_caseinsensitive_test extends DokuWikiTest {
+ protected $oldConf;
+ protected $oldAuth;
+ protected $oldAuthAcl;
+
+ function setup() {
+ global $conf;
+ global $auth;
+ global $AUTH_ACL;
+
+ $this->oldConf = $conf;
+ $this->oldAuth = $auth;
+ $this->oldAuthAcl = $AUTH_ACL;
+
+ $auth = new auth_acl_caseinsensitive_auth();
+ }
+
+ function teardown() {
+ global $conf;
+ global $AUTH_ACL;
+ global $auth;
+
+ $conf = $this->oldConf;
+ $auth = $this->oldAuth;
+ $AUTH_ACL = $this->oldAuthAcl;
+ }
+
+ function test_multiadmin_restricted_ropage() {
+ global $conf;
+ global $AUTH_ACL;
+
+ $conf['superuser'] = 'John,doe,@Admin1,@admin2';
+ $conf['useacl'] = 1;
+
+ $AUTH_ACL = array(
+ '* @ALL 0',
+ '* @Group1 8',
+ '* @group2 8',
+ 'namespace:page @Group1 1',
+ 'namespace:page @group2 1',
+ );
+
+ // anonymous user
+ $this->assertEquals(auth_aclcheck('page', '', array()), AUTH_NONE);
+ $this->assertEquals(auth_aclcheck('namespace:page', '', array()), AUTH_NONE);
+ $this->assertEquals(auth_aclcheck('namespace:*', '', array()), AUTH_NONE);
+
+ // user with no matching group
+ $this->assertEquals(auth_aclcheck('page', 'jill', array('foo')), AUTH_NONE);
+ $this->assertEquals(auth_aclcheck('namespace:page', 'jill', array('foo')), AUTH_NONE);
+ $this->assertEquals(auth_aclcheck('namespace:*', 'jill', array('foo')), AUTH_NONE);
+
+ // user with matching group 1
+ $this->assertEquals(auth_aclcheck('page', 'jill', array('foo', 'group1')), AUTH_UPLOAD);
+ $this->assertEquals(auth_aclcheck('namespace:page', 'jill', array('foo', 'group1')), AUTH_READ);
+ $this->assertEquals(auth_aclcheck('namespace:*', 'jill', array('foo', 'group1')), AUTH_UPLOAD);
+
+ // user with matching group 2
+ $this->assertEquals(auth_aclcheck('page', 'jill', array('foo', 'Group2')), AUTH_UPLOAD);
+ $this->assertEquals(auth_aclcheck('namespace:page', 'jill', array('foo', 'Group2')), AUTH_READ);
+ $this->assertEquals(auth_aclcheck('namespace:*', 'jill', array('foo', 'Group2')), AUTH_UPLOAD);
+
+ // super user John
+ $this->assertEquals(auth_aclcheck('page', 'john', array('foo')), AUTH_ADMIN);
+ $this->assertEquals(auth_aclcheck('namespace:page', 'john', array('foo')), AUTH_ADMIN);
+ $this->assertEquals(auth_aclcheck('namespace:*', 'john', array('foo')), AUTH_ADMIN);
+
+ // super user doe
+ $this->assertEquals(auth_aclcheck('page', 'Doe', array('foo')), AUTH_ADMIN);
+ $this->assertEquals(auth_aclcheck('namespace:page', 'Doe', array('foo')), AUTH_ADMIN);
+ $this->assertEquals(auth_aclcheck('namespace:*', 'Doe', array('foo')), AUTH_ADMIN);
+
+ // user with matching admin group 1
+ $this->assertEquals(auth_aclcheck('page', 'jill', array('foo', 'admin1')), AUTH_ADMIN);
+ $this->assertEquals(auth_aclcheck('namespace:page', 'jill', array('foo', 'admin1')), AUTH_ADMIN);
+ $this->assertEquals(auth_aclcheck('namespace:*', 'jill', array('foo', 'admin1')), AUTH_ADMIN);
+
+ // user with matching admin group 2
+ $this->assertEquals(auth_aclcheck('page', 'jill', array('foo', 'Admin2')), AUTH_ADMIN);
+ $this->assertEquals(auth_aclcheck('namespace:page', 'jill', array('foo', 'Admin2')), AUTH_ADMIN);
+ $this->assertEquals(auth_aclcheck('namespace:*', 'jill', array('foo', 'Admin2')), AUTH_ADMIN);
+ }
+
+ /*
+ * Test aclcheck on @ALL group
+ *
+ * The default permission for @ALL group is AUTH_NONE. So we use an
+ * ACL entry which grants @ALL group an AUTH_READ permission to see
+ * whether ACL matching is properly done or not.
+ */
+ function test_restricted_allread() {
+ global $conf;
+ global $AUTH_ACL;
+
+ $conf['superuser'] = 'john';
+ $conf['useacl'] = 1;
+
+ $AUTH_ACL = array(
+ '* @ALL 1',
+ '* @group1 8',
+ );
+
+ // anonymous user
+ $this->assertEquals(auth_aclcheck('page', '', array()), AUTH_READ);
+ $this->assertEquals(auth_aclcheck('namespace:page', '', array()), AUTH_READ);
+ $this->assertEquals(auth_aclcheck('namespace:*', '', array()), AUTH_READ);
+
+ // user with no matching group
+ $this->assertEquals(auth_aclcheck('page', 'jill', array('foo')), AUTH_READ);
+ $this->assertEquals(auth_aclcheck('namespace:page', 'jill', array('foo')), AUTH_READ);
+ $this->assertEquals(auth_aclcheck('namespace:*', 'jill', array('foo')), AUTH_READ);
+
+ // user with matching group
+ $this->assertEquals(auth_aclcheck('page', 'jill', array('foo', 'Group1')), AUTH_UPLOAD);
+ $this->assertEquals(auth_aclcheck('namespace:page', 'jill', array('foo', 'Group1')), AUTH_UPLOAD);
+ $this->assertEquals(auth_aclcheck('namespace:*', 'jill', array('foo', 'Group1')), AUTH_UPLOAD);
+
+ // super user
+ $this->assertEquals(auth_aclcheck('page', 'John', array('foo')), AUTH_ADMIN);
+ $this->assertEquals(auth_aclcheck('namespace:page', 'John', array('foo')), AUTH_ADMIN);
+ $this->assertEquals(auth_aclcheck('namespace:*', 'John', array('foo')), AUTH_ADMIN);
+ }
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-09 10:36:52 +0000