From 7651d633d828ae1f70ca70634c5ebfe0686db25a Mon Sep 17 00:00:00 2001 From: Guy Brand Date: Wed, 27 Feb 2008 15:25:15 +0100 Subject: Superuser and manager now can be comma separated lists This patch allows $conf['superuser'] and $conf['manager'] to be lists of values instead of only a single value. So one can put: $conf['superuser'] darcs-hash:20080227142515-19e2d-c160914589f71531583e7ddaab1fc6a81996efa1.gz --- _test/cases/inc/auth_aclcheck.test.php | 96 ++++++++++++++++++++++++++++++++ _test/cases/inc/auth_admincheck.test.php | 53 ++++++++++++++++++ 2 files changed, 149 insertions(+) create mode 100644 _test/cases/inc/auth_admincheck.test.php (limited to '_test') diff --git a/_test/cases/inc/auth_aclcheck.test.php b/_test/cases/inc/auth_aclcheck.test.php index 18242fd16..d8a8f285a 100644 --- a/_test/cases/inc/auth_aclcheck.test.php +++ b/_test/cases/inc/auth_aclcheck.test.php @@ -130,6 +130,102 @@ class auth_acl_test extends UnitTestCase { $this->assertEqual(auth_aclcheck('devel:marketing', 'jane' ,array('devel')) , AUTH_UPLOAD); } + + function test_multiadmin_restricted(){ + global $conf; + global $AUTH_ACL; + $conf['superuser'] = 'john,@admin,doe,@roots'; + $conf['useacl'] = 1; + + $AUTH_ACL = array( + '* @ALL 0', + '* @user 8', + ); + + // anonymous user + $this->assertEqual(auth_aclcheck('page', '',array()), AUTH_NONE); + $this->assertEqual(auth_aclcheck('namespace:page','',array()), AUTH_NONE); + $this->assertEqual(auth_aclcheck('namespace:*', '',array()), AUTH_NONE); + + // user with no matching group + $this->assertEqual(auth_aclcheck('page', 'jill',array('foo')), AUTH_NONE); + $this->assertEqual(auth_aclcheck('namespace:page','jill',array('foo')), AUTH_NONE); + $this->assertEqual(auth_aclcheck('namespace:*', 'jill',array('foo')), AUTH_NONE); + + // user with matching group + $this->assertEqual(auth_aclcheck('page', 'jill',array('foo','user')), AUTH_UPLOAD); + $this->assertEqual(auth_aclcheck('namespace:page','jill',array('foo','user')), AUTH_UPLOAD); + $this->assertEqual(auth_aclcheck('namespace:*', 'jill',array('foo','user')), AUTH_UPLOAD); + + // super user john + $this->assertEqual(auth_aclcheck('page', 'john',array('foo')), AUTH_ADMIN); + $this->assertEqual(auth_aclcheck('namespace:page','john',array('foo')), AUTH_ADMIN); + $this->assertEqual(auth_aclcheck('namespace:*', 'john',array('foo')), AUTH_ADMIN); + + // super user doe + $this->assertEqual(auth_aclcheck('page', 'doe',array('foo')), AUTH_ADMIN); + $this->assertEqual(auth_aclcheck('namespace:page','doe',array('foo')), AUTH_ADMIN); + $this->assertEqual(auth_aclcheck('namespace:*', 'doe',array('foo')), AUTH_ADMIN); + + // user with matching admin group + $this->assertEqual(auth_aclcheck('page', 'jill',array('foo','admin')), AUTH_ADMIN); + $this->assertEqual(auth_aclcheck('namespace:page','jill',array('foo','admin')), AUTH_ADMIN); + $this->assertEqual(auth_aclcheck('namespace:*', 'jill',array('foo','admin')), AUTH_ADMIN); + + // user with matching another admin group + $this->assertEqual(auth_aclcheck('page', 'jill',array('foo','roots')), AUTH_ADMIN); + $this->assertEqual(auth_aclcheck('namespace:page','jill',array('foo','roots')), AUTH_ADMIN); + $this->assertEqual(auth_aclcheck('namespace:*', 'jill',array('foo','roots')), AUTH_ADMIN); + } + + function test_multiadmin_restricted_ropage(){ + global $conf; + global $AUTH_ACL; + $conf['superuser'] = 'john,@admin,doe,@roots'; + $conf['useacl'] = 1; + + $AUTH_ACL = array( + '* @ALL 0', + '* @user 8', + 'namespace:page @user 1', + ); + + // anonymous user + $this->assertEqual(auth_aclcheck('page', '',array()), AUTH_NONE); + $this->assertEqual(auth_aclcheck('namespace:page','',array()), AUTH_NONE); + $this->assertEqual(auth_aclcheck('namespace:*', '',array()), AUTH_NONE); + + // user with no matching group + $this->assertEqual(auth_aclcheck('page', 'jill',array('foo')), AUTH_NONE); + $this->assertEqual(auth_aclcheck('namespace:page','jill',array('foo')), AUTH_NONE); + $this->assertEqual(auth_aclcheck('namespace:*', 'jill',array('foo')), AUTH_NONE); + + // user with matching group + $this->assertEqual(auth_aclcheck('page', 'jill',array('foo','user')), AUTH_UPLOAD); + $this->assertEqual(auth_aclcheck('namespace:page','jill',array('foo','user')), AUTH_READ); + $this->assertEqual(auth_aclcheck('namespace:*', 'jill',array('foo','user')), AUTH_UPLOAD); + + // super user john + $this->assertEqual(auth_aclcheck('page', 'john',array('foo')), AUTH_ADMIN); + $this->assertEqual(auth_aclcheck('namespace:page','john',array('foo')), AUTH_ADMIN); + $this->assertEqual(auth_aclcheck('namespace:*', 'john',array('foo')), AUTH_ADMIN); + + // super user doe + $this->assertEqual(auth_aclcheck('page', 'doe',array('foo')), AUTH_ADMIN); + $this->assertEqual(auth_aclcheck('namespace:page','doe',array('foo')), AUTH_ADMIN); + $this->assertEqual(auth_aclcheck('namespace:*', 'doe',array('foo')), AUTH_ADMIN); + + // user with matching admin group + $this->assertEqual(auth_aclcheck('page', 'jill',array('foo','admin')), AUTH_ADMIN); + $this->assertEqual(auth_aclcheck('namespace:page','jill',array('foo','admin')), AUTH_ADMIN); + $this->assertEqual(auth_aclcheck('namespace:*', 'jill',array('foo','admin')), AUTH_ADMIN); + + // user with matching another admin group + $this->assertEqual(auth_aclcheck('page', 'jill',array('foo','roots')), AUTH_ADMIN); + $this->assertEqual(auth_aclcheck('namespace:page','jill',array('foo','roots')), AUTH_ADMIN); + $this->assertEqual(auth_aclcheck('namespace:*', 'jill',array('foo','roots')), AUTH_ADMIN); + } + } //Setup VIM: ex: et ts=4 enc=utf-8 : diff --git a/_test/cases/inc/auth_admincheck.test.php b/_test/cases/inc/auth_admincheck.test.php new file mode 100644 index 000000000..c00271a26 --- /dev/null +++ b/_test/cases/inc/auth_admincheck.test.php @@ -0,0 +1,53 @@ +assertEqual(auth_ismanager('jill', '',false), false); + + // admin or manager users + $this->assertEqual(auth_ismanager('john', '',false), true); + $this->assertEqual(auth_ismanager('doe', '',false), true); + + // admin or manager groups + $this->assertEqual(auth_ismanager('jill', array('admin'),false), true); + $this->assertEqual(auth_ismanager('jill', array('managers'),false), true); + } + + function test_isadmin(){ + global $conf; + $conf['superuser'] = 'john,@admin,doe,@roots'; + + // anonymous user + $this->assertEqual(auth_ismanager('jill', '',true), false); + + // admin user + $this->assertEqual(auth_ismanager('john', '',true), true); + $this->assertEqual(auth_ismanager('doe', '',true), true); + + // admin groups + $this->assertEqual(auth_ismanager('jill', array('admin'),true), true); + $this->assertEqual(auth_ismanager('jill', array('roots'),true), true); + $this->assertEqual(auth_ismanager('john', array('admin'),true), true); + $this->assertEqual(auth_ismanager('doe', array('admin'),true), true); + } + +} + +//Setup VIM: ex: et ts=4 enc=utf-8 : -- cgit v1.2.3