1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
|
<?php
class auth_acl_caseinsensitive_auth extends DokuWiki_Auth_Plugin {
function isCaseSensitive() {
return false;
}
}
class auth_acl_caseinsensitive_test extends DokuWikiTest {
protected $oldAuth;
protected $oldAuthAcl;
function setUp() {
parent::setUp();
global $auth;
global $AUTH_ACL;
$this->oldAuth = $auth;
$this->oldAuthAcl = $AUTH_ACL;
$auth = new auth_acl_caseinsensitive_auth();
}
function tearDown() {
global $conf;
global $AUTH_ACL;
global $auth;
$auth = $this->oldAuth;
$AUTH_ACL = $this->oldAuthAcl;
}
function test_multiadmin_restricted_ropage() {
global $conf;
global $AUTH_ACL;
$conf['superuser'] = 'John,doe,@Admin1,@admin2';
$conf['useacl'] = 1;
$AUTH_ACL = array(
'* @ALL 0',
'* @Group1 8',
'* @group2 8',
'namespace:page @Group1 1',
'namespace:page @group2 1',
);
// anonymous user
$this->assertEquals(auth_aclcheck('page', '', array()), AUTH_NONE);
$this->assertEquals(auth_aclcheck('namespace:page', '', array()), AUTH_NONE);
$this->assertEquals(auth_aclcheck('namespace:*', '', array()), AUTH_NONE);
// user with no matching group
$this->assertEquals(auth_aclcheck('page', 'jill', array('foo')), AUTH_NONE);
$this->assertEquals(auth_aclcheck('namespace:page', 'jill', array('foo')), AUTH_NONE);
$this->assertEquals(auth_aclcheck('namespace:*', 'jill', array('foo')), AUTH_NONE);
// user with matching group 1
$this->assertEquals(auth_aclcheck('page', 'jill', array('foo', 'group1')), AUTH_UPLOAD);
$this->assertEquals(auth_aclcheck('namespace:page', 'jill', array('foo', 'group1')), AUTH_READ);
$this->assertEquals(auth_aclcheck('namespace:*', 'jill', array('foo', 'group1')), AUTH_UPLOAD);
// user with matching group 2
$this->assertEquals(auth_aclcheck('page', 'jill', array('foo', 'Group2')), AUTH_UPLOAD);
$this->assertEquals(auth_aclcheck('namespace:page', 'jill', array('foo', 'Group2')), AUTH_READ);
$this->assertEquals(auth_aclcheck('namespace:*', 'jill', array('foo', 'Group2')), AUTH_UPLOAD);
// super user John
$this->assertEquals(auth_aclcheck('page', 'john', array('foo')), AUTH_ADMIN);
$this->assertEquals(auth_aclcheck('namespace:page', 'john', array('foo')), AUTH_ADMIN);
$this->assertEquals(auth_aclcheck('namespace:*', 'john', array('foo')), AUTH_ADMIN);
// super user doe
$this->assertEquals(auth_aclcheck('page', 'Doe', array('foo')), AUTH_ADMIN);
$this->assertEquals(auth_aclcheck('namespace:page', 'Doe', array('foo')), AUTH_ADMIN);
$this->assertEquals(auth_aclcheck('namespace:*', 'Doe', array('foo')), AUTH_ADMIN);
// user with matching admin group 1
$this->assertEquals(auth_aclcheck('page', 'jill', array('foo', 'admin1')), AUTH_ADMIN);
$this->assertEquals(auth_aclcheck('namespace:page', 'jill', array('foo', 'admin1')), AUTH_ADMIN);
$this->assertEquals(auth_aclcheck('namespace:*', 'jill', array('foo', 'admin1')), AUTH_ADMIN);
// user with matching admin group 2
$this->assertEquals(auth_aclcheck('page', 'jill', array('foo', 'Admin2')), AUTH_ADMIN);
$this->assertEquals(auth_aclcheck('namespace:page', 'jill', array('foo', 'Admin2')), AUTH_ADMIN);
$this->assertEquals(auth_aclcheck('namespace:*', 'jill', array('foo', 'Admin2')), AUTH_ADMIN);
}
/*
* Test aclcheck on @ALL group
*
* The default permission for @ALL group is AUTH_NONE. So we use an
* ACL entry which grants @ALL group an AUTH_READ permission to see
* whether ACL matching is properly done or not.
*/
function test_restricted_allread() {
global $conf;
global $AUTH_ACL;
$conf['superuser'] = 'john';
$conf['useacl'] = 1;
$AUTH_ACL = array(
'* @ALL 1',
'* @group1 8',
);
// anonymous user
$this->assertEquals(auth_aclcheck('page', '', array()), AUTH_READ);
$this->assertEquals(auth_aclcheck('namespace:page', '', array()), AUTH_READ);
$this->assertEquals(auth_aclcheck('namespace:*', '', array()), AUTH_READ);
// user with no matching group
$this->assertEquals(auth_aclcheck('page', 'jill', array('foo')), AUTH_READ);
$this->assertEquals(auth_aclcheck('namespace:page', 'jill', array('foo')), AUTH_READ);
$this->assertEquals(auth_aclcheck('namespace:*', 'jill', array('foo')), AUTH_READ);
// user with matching group
$this->assertEquals(auth_aclcheck('page', 'jill', array('foo', 'Group1')), AUTH_UPLOAD);
$this->assertEquals(auth_aclcheck('namespace:page', 'jill', array('foo', 'Group1')), AUTH_UPLOAD);
$this->assertEquals(auth_aclcheck('namespace:*', 'jill', array('foo', 'Group1')), AUTH_UPLOAD);
// super user
$this->assertEquals(auth_aclcheck('page', 'John', array('foo')), AUTH_ADMIN);
$this->assertEquals(auth_aclcheck('namespace:page', 'John', array('foo')), AUTH_ADMIN);
$this->assertEquals(auth_aclcheck('namespace:*', 'John', array('foo')), AUTH_ADMIN);
}
}
|