summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--_testing/README1
-rw-r--r--_testing/unittests/inc/auth_aclcheck.test.php244
2 files changed, 244 insertions, 1 deletions
diff --git a/_testing/README b/_testing/README
index 6f2677300..477fb9d20 100644
--- a/_testing/README
+++ b/_testing/README
@@ -19,7 +19,6 @@ The easiest way to install phpunit is via pear:
==== Bad tests ====
Bad tests are tests that do not run out of the box.
- * inc/auth_aclcheck
* inc/DifferenceEngine
* inc/html_hilight (runkit)
* inc/indexer_idx_indexlengths
diff --git a/_testing/unittests/inc/auth_aclcheck.test.php b/_testing/unittests/inc/auth_aclcheck.test.php
new file mode 100644
index 000000000..53c6f03f1
--- /dev/null
+++ b/_testing/unittests/inc/auth_aclcheck.test.php
@@ -0,0 +1,244 @@
+<?php
+
+require_once DOKU_INC.'inc/init.php';
+require_once DOKU_INC.'inc/auth.php';
+require_once DOKU_INC.'inc/auth/basic.class.php';
+
+class auth_acl_test extends PHPUnit_Framework_TestCase {
+
+ var $oldConf;
+ var $oldAuthAcl;
+
+ function setup() {
+ global $conf;
+ global $AUTH_ACL;
+ global $auth;
+ $this->oldConf = $conf;
+ $this->oldAuthAcl = $AUTH_ACL;
+ $auth = new auth_basic();
+ }
+
+ function teardown() {
+ global $conf;
+ global $AUTH_ACL;
+ $conf = $this->oldConf;
+ $AUTH_ACL = $this->oldAuthAcl;
+
+ }
+
+ function test_restricted(){
+ global $conf;
+ global $AUTH_ACL;
+ $conf['superuser'] = 'john';
+ $conf['useacl'] = 1;
+
+ $AUTH_ACL = array(
+ '* @ALL 0',
+ '* @user 8',
+ );
+
+ // anonymous user
+ $this->assertEquals(auth_aclcheck('page', '',array()), AUTH_NONE);
+ $this->assertEquals(auth_aclcheck('namespace:page','',array()), AUTH_NONE);
+ $this->assertEquals(auth_aclcheck('namespace:*', '',array()), AUTH_NONE);
+
+ // user with no matching group
+ $this->assertEquals(auth_aclcheck('page', 'jill',array('foo')), AUTH_NONE);
+ $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo')), AUTH_NONE);
+ $this->assertEquals(auth_aclcheck('namespace:*', 'jill',array('foo')), AUTH_NONE);
+
+ // user with matching group
+ $this->assertEquals(auth_aclcheck('page', 'jill',array('foo','user')), AUTH_UPLOAD);
+ $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo','user')), AUTH_UPLOAD);
+ $this->assertEquals(auth_aclcheck('namespace:*', 'jill',array('foo','user')), AUTH_UPLOAD);
+
+ // super user
+ $this->assertEquals(auth_aclcheck('page', 'john',array('foo')), AUTH_ADMIN);
+ $this->assertEquals(auth_aclcheck('namespace:page','john',array('foo')), AUTH_ADMIN);
+ $this->assertEquals(auth_aclcheck('namespace:*', 'john',array('foo')), AUTH_ADMIN);
+ }
+
+ function test_restricted_ropage(){
+ global $conf;
+ global $AUTH_ACL;
+ $conf['superuser'] = 'john';
+ $conf['useacl'] = 1;
+
+ $AUTH_ACL = array(
+ '* @ALL 0',
+ '* @user 8',
+ 'namespace:page @user 1',
+ );
+
+ // anonymous user
+ $this->assertEquals(auth_aclcheck('page', '',array()), AUTH_NONE);
+ $this->assertEquals(auth_aclcheck('namespace:page','',array()), AUTH_NONE);
+ $this->assertEquals(auth_aclcheck('namespace:*', '',array()), AUTH_NONE);
+
+ // user with no matching group
+ $this->assertEquals(auth_aclcheck('page', 'jill',array('foo')), AUTH_NONE);
+ $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo')), AUTH_NONE);
+ $this->assertEquals(auth_aclcheck('namespace:*', 'jill',array('foo')), AUTH_NONE);
+
+ // user with matching group
+ $this->assertEquals(auth_aclcheck('page', 'jill',array('foo','user')), AUTH_UPLOAD);
+ $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo','user')), AUTH_READ);
+ $this->assertEquals(auth_aclcheck('namespace:*', 'jill',array('foo','user')), AUTH_UPLOAD);
+
+ // super user
+ $this->assertEquals(auth_aclcheck('page', 'john',array('foo')), AUTH_ADMIN);
+ $this->assertEquals(auth_aclcheck('namespace:page','john',array('foo')), AUTH_ADMIN);
+ $this->assertEquals(auth_aclcheck('namespace:*', 'john',array('foo')), AUTH_ADMIN);
+ }
+
+ function test_aclexample(){
+ global $conf;
+ global $AUTH_ACL;
+ $conf['superuser'] = 'john';
+ $conf['useacl'] = 1;
+
+ $AUTH_ACL = array(
+ '* @ALL 4',
+ '* bigboss 16',
+ 'start @ALL 1',
+ 'marketing:* @marketing 8',
+ 'devel:* @ALL 0',
+ 'devel:* @devel 8',
+ 'devel:* bigboss 16',
+ 'devel:funstuff bigboss 0',
+ 'devel:* @marketing 1',
+ 'devel:marketing @marketing 2',
+ );
+
+
+ $this->assertEquals(auth_aclcheck('page', '' ,array()) , AUTH_CREATE);
+ $this->assertEquals(auth_aclcheck('page', 'bigboss' ,array('foo')) , AUTH_DELETE);
+ $this->assertEquals(auth_aclcheck('page', 'jill' ,array('marketing')) , AUTH_CREATE);
+ $this->assertEquals(auth_aclcheck('page', 'jane' ,array('devel')) , AUTH_CREATE);
+
+ $this->assertEquals(auth_aclcheck('start', '' ,array()) , AUTH_READ);
+ $this->assertEquals(auth_aclcheck('start', 'bigboss' ,array('foo')) , AUTH_READ);
+ $this->assertEquals(auth_aclcheck('start', 'jill' ,array('marketing')) , AUTH_READ);
+ $this->assertEquals(auth_aclcheck('start', 'jane' ,array('devel')) , AUTH_READ);
+
+ $this->assertEquals(auth_aclcheck('marketing:page', '' ,array()) , AUTH_CREATE);
+ $this->assertEquals(auth_aclcheck('marketing:page', 'bigboss' ,array('foo')) , AUTH_DELETE);
+ $this->assertEquals(auth_aclcheck('marketing:page', 'jill' ,array('marketing')) , AUTH_UPLOAD);
+ $this->assertEquals(auth_aclcheck('marketing:page', 'jane' ,array('devel')) , AUTH_CREATE);
+
+
+ $this->assertEquals(auth_aclcheck('devel:page', '' ,array()) , AUTH_NONE);
+ $this->assertEquals(auth_aclcheck('devel:page', 'bigboss' ,array('foo')) , AUTH_DELETE);
+ $this->assertEquals(auth_aclcheck('devel:page', 'jill' ,array('marketing')) , AUTH_READ);
+ $this->assertEquals(auth_aclcheck('devel:page', 'jane' ,array('devel')) , AUTH_UPLOAD);
+
+ $this->assertEquals(auth_aclcheck('devel:funstuff', '' ,array()) , AUTH_NONE);
+ $this->assertEquals(auth_aclcheck('devel:funstuff', 'bigboss' ,array('foo')) , AUTH_NONE);
+ $this->assertEquals(auth_aclcheck('devel:funstuff', 'jill' ,array('marketing')) , AUTH_READ);
+ $this->assertEquals(auth_aclcheck('devel:funstuff', 'jane' ,array('devel')) , AUTH_UPLOAD);
+
+ $this->assertEquals(auth_aclcheck('devel:marketing', '' ,array()) , AUTH_NONE);
+ $this->assertEquals(auth_aclcheck('devel:marketing', 'bigboss' ,array('foo')) , AUTH_DELETE);
+ $this->assertEquals(auth_aclcheck('devel:marketing', 'jill' ,array('marketing')) , AUTH_EDIT);
+ $this->assertEquals(auth_aclcheck('devel:marketing', 'jane' ,array('devel')) , AUTH_UPLOAD);
+
+ }
+
+ function test_multiadmin_restricted(){
+ global $conf;
+ global $AUTH_ACL;
+ $conf['superuser'] = 'john,@admin,doe,@roots';
+ $conf['useacl'] = 1;
+
+ $AUTH_ACL = array(
+ '* @ALL 0',
+ '* @user 8',
+ );
+
+ // anonymous user
+ $this->assertEquals(auth_aclcheck('page', '',array()), AUTH_NONE);
+ $this->assertEquals(auth_aclcheck('namespace:page','',array()), AUTH_NONE);
+ $this->assertEquals(auth_aclcheck('namespace:*', '',array()), AUTH_NONE);
+
+ // user with no matching group
+ $this->assertEquals(auth_aclcheck('page', 'jill',array('foo')), AUTH_NONE);
+ $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo')), AUTH_NONE);
+ $this->assertEquals(auth_aclcheck('namespace:*', 'jill',array('foo')), AUTH_NONE);
+
+ // user with matching group
+ $this->assertEquals(auth_aclcheck('page', 'jill',array('foo','user')), AUTH_UPLOAD);
+ $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo','user')), AUTH_UPLOAD);
+ $this->assertEquals(auth_aclcheck('namespace:*', 'jill',array('foo','user')), AUTH_UPLOAD);
+
+ // super user john
+ $this->assertEquals(auth_aclcheck('page', 'john',array('foo')), AUTH_ADMIN);
+ $this->assertEquals(auth_aclcheck('namespace:page','john',array('foo')), AUTH_ADMIN);
+ $this->assertEquals(auth_aclcheck('namespace:*', 'john',array('foo')), AUTH_ADMIN);
+
+ // super user doe
+ $this->assertEquals(auth_aclcheck('page', 'doe',array('foo')), AUTH_ADMIN);
+ $this->assertEquals(auth_aclcheck('namespace:page','doe',array('foo')), AUTH_ADMIN);
+ $this->assertEquals(auth_aclcheck('namespace:*', 'doe',array('foo')), AUTH_ADMIN);
+
+ // user with matching admin group
+ $this->assertEquals(auth_aclcheck('page', 'jill',array('foo','admin')), AUTH_ADMIN);
+ $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo','admin')), AUTH_ADMIN);
+ $this->assertEquals(auth_aclcheck('namespace:*', 'jill',array('foo','admin')), AUTH_ADMIN);
+
+ // user with matching another admin group
+ $this->assertEquals(auth_aclcheck('page', 'jill',array('foo','roots')), AUTH_ADMIN);
+ $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo','roots')), AUTH_ADMIN);
+ $this->assertEquals(auth_aclcheck('namespace:*', 'jill',array('foo','roots')), AUTH_ADMIN);
+ }
+
+ function test_multiadmin_restricted_ropage(){
+ global $conf;
+ global $AUTH_ACL;
+ $conf['superuser'] = 'john,@admin,doe,@roots';
+ $conf['useacl'] = 1;
+
+ $AUTH_ACL = array(
+ '* @ALL 0',
+ '* @user 8',
+ 'namespace:page @user 1',
+ );
+
+ // anonymous user
+ $this->assertEquals(auth_aclcheck('page', '',array()), AUTH_NONE);
+ $this->assertEquals(auth_aclcheck('namespace:page','',array()), AUTH_NONE);
+ $this->assertEquals(auth_aclcheck('namespace:*', '',array()), AUTH_NONE);
+
+ // user with no matching group
+ $this->assertEquals(auth_aclcheck('page', 'jill',array('foo')), AUTH_NONE);
+ $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo')), AUTH_NONE);
+ $this->assertEquals(auth_aclcheck('namespace:*', 'jill',array('foo')), AUTH_NONE);
+
+ // user with matching group
+ $this->assertEquals(auth_aclcheck('page', 'jill',array('foo','user')), AUTH_UPLOAD);
+ $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo','user')), AUTH_READ);
+ $this->assertEquals(auth_aclcheck('namespace:*', 'jill',array('foo','user')), AUTH_UPLOAD);
+
+ // super user john
+ $this->assertEquals(auth_aclcheck('page', 'john',array('foo')), AUTH_ADMIN);
+ $this->assertEquals(auth_aclcheck('namespace:page','john',array('foo')), AUTH_ADMIN);
+ $this->assertEquals(auth_aclcheck('namespace:*', 'john',array('foo')), AUTH_ADMIN);
+
+ // super user doe
+ $this->assertEquals(auth_aclcheck('page', 'doe',array('foo')), AUTH_ADMIN);
+ $this->assertEquals(auth_aclcheck('namespace:page','doe',array('foo')), AUTH_ADMIN);
+ $this->assertEquals(auth_aclcheck('namespace:*', 'doe',array('foo')), AUTH_ADMIN);
+
+ // user with matching admin group
+ $this->assertEquals(auth_aclcheck('page', 'jill',array('foo','admin')), AUTH_ADMIN);
+ $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo','admin')), AUTH_ADMIN);
+ $this->assertEquals(auth_aclcheck('namespace:*', 'jill',array('foo','admin')), AUTH_ADMIN);
+
+ // user with matching another admin group
+ $this->assertEquals(auth_aclcheck('page', 'jill',array('foo','roots')), AUTH_ADMIN);
+ $this->assertEquals(auth_aclcheck('namespace:page','jill',array('foo','roots')), AUTH_ADMIN);
+ $this->assertEquals(auth_aclcheck('namespace:*', 'jill',array('foo','roots')), AUTH_ADMIN);
+ }
+
+}
+
+//Setup VIM: ex: et ts=4 :
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-15 18:53:18 +0000