1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
|
<?php
class auth_acl_caseinsensitive_auth extends auth_basic {
function isCaseSensitive() {
return false;
}
}
class auth_acl_caseinsensitive_test extends DokuWikiTest {
protected $oldConf;
protected $oldAuth;
protected $oldAuthAcl;
function setup() {
global $conf;
global $auth;
global $AUTH_ACL;
$this->oldConf = $conf;
$this->oldAuth = $auth;
$this->oldAuthAcl = $AUTH_ACL;
$auth = new auth_acl_caseinsensitive_auth();
}
function teardown() {
global $conf;
global $AUTH_ACL;
global $auth;
$conf = $this->oldConf;
$auth = $this->oldAuth;
$AUTH_ACL = $this->oldAuthAcl;
}
function test_multiadmin_restricted_ropage() {
global $conf;
global $AUTH_ACL;
$conf['superuser'] = 'John,doe,@Admin1,@admin2';
$conf['useacl'] = 1;
$AUTH_ACL = array(
'* @ALL 0',
'* @Group1 8',
'* @group2 8',
'namespace:page @Group1 1',
'namespace:page @group2 1',
);
// anonymous user
$this->assertEquals(auth_aclcheck('page', '', array()), AUTH_NONE);
$this->assertEquals(auth_aclcheck('namespace:page', '', array()), AUTH_NONE);
$this->assertEquals(auth_aclcheck('namespace:*', '', array()), AUTH_NONE);
// user with no matching group
$this->assertEquals(auth_aclcheck('page', 'jill', array('foo')), AUTH_NONE);
$this->assertEquals(auth_aclcheck('namespace:page', 'jill', array('foo')), AUTH_NONE);
$this->assertEquals(auth_aclcheck('namespace:*', 'jill', array('foo')), AUTH_NONE);
// user with matching group 1
$this->assertEquals(auth_aclcheck('page', 'jill', array('foo', 'group1')), AUTH_UPLOAD);
$this->assertEquals(auth_aclcheck('namespace:page', 'jill', array('foo', 'group1')), AUTH_READ);
$this->assertEquals(auth_aclcheck('namespace:*', 'jill', array('foo', 'group1')), AUTH_UPLOAD);
// user with matching group 2
$this->assertEquals(auth_aclcheck('page', 'jill', array('foo', 'Group2')), AUTH_UPLOAD);
$this->assertEquals(auth_aclcheck('namespace:page', 'jill', array('foo', 'Group2')), AUTH_READ);
$this->assertEquals(auth_aclcheck('namespace:*', 'jill', array('foo', 'Group2')), AUTH_UPLOAD);
// super user John
$this->assertEquals(auth_aclcheck('page', 'john', array('foo')), AUTH_ADMIN);
$this->assertEquals(auth_aclcheck('namespace:page', 'john', array('foo')), AUTH_ADMIN);
$this->assertEquals(auth_aclcheck('namespace:*', 'john', array('foo')), AUTH_ADMIN);
// super user doe
$this->assertEquals(auth_aclcheck('page', 'Doe', array('foo')), AUTH_ADMIN);
$this->assertEquals(auth_aclcheck('namespace:page', 'Doe', array('foo')), AUTH_ADMIN);
$this->assertEquals(auth_aclcheck('namespace:*', 'Doe', array('foo')), AUTH_ADMIN);
// user with matching admin group 1
$this->assertEquals(auth_aclcheck('page', 'jill', array('foo', 'admin1')), AUTH_ADMIN);
$this->assertEquals(auth_aclcheck('namespace:page', 'jill', array('foo', 'admin1')), AUTH_ADMIN);
$this->assertEquals(auth_aclcheck('namespace:*', 'jill', array('foo', 'admin1')), AUTH_ADMIN);
// user with matching admin group 2
$this->assertEquals(auth_aclcheck('page', 'jill', array('foo', 'Admin2')), AUTH_ADMIN);
$this->assertEquals(auth_aclcheck('namespace:page', 'jill', array('foo', 'Admin2')), AUTH_ADMIN);
$this->assertEquals(auth_aclcheck('namespace:*', 'jill', array('foo', 'Admin2')), AUTH_ADMIN);
}
/*
* Test aclcheck on @ALL group
*
* The default permission for @ALL group is AUTH_NONE. So we use an
* ACL entry which grants @ALL group an AUTH_READ permission to see
* whether ACL matching is properly done or not.
*/
function test_restricted_allread() {
global $conf;
global $AUTH_ACL;
$conf['superuser'] = 'john';
$conf['useacl'] = 1;
$AUTH_ACL = array(
'* @ALL 1',
'* @group1 8',
);
// anonymous user
$this->assertEquals(auth_aclcheck('page', '', array()), AUTH_READ);
$this->assertEquals(auth_aclcheck('namespace:page', '', array()), AUTH_READ);
$this->assertEquals(auth_aclcheck('namespace:*', '', array()), AUTH_READ);
// user with no matching group
$this->assertEquals(auth_aclcheck('page', 'jill', array('foo')), AUTH_READ);
$this->assertEquals(auth_aclcheck('namespace:page', 'jill', array('foo')), AUTH_READ);
$this->assertEquals(auth_aclcheck('namespace:*', 'jill', array('foo')), AUTH_READ);
// user with matching group
$this->assertEquals(auth_aclcheck('page', 'jill', array('foo', 'Group1')), AUTH_UPLOAD);
$this->assertEquals(auth_aclcheck('namespace:page', 'jill', array('foo', 'Group1')), AUTH_UPLOAD);
$this->assertEquals(auth_aclcheck('namespace:*', 'jill', array('foo', 'Group1')), AUTH_UPLOAD);
// super user
$this->assertEquals(auth_aclcheck('page', 'John', array('foo')), AUTH_ADMIN);
$this->assertEquals(auth_aclcheck('namespace:page', 'John', array('foo')), AUTH_ADMIN);
$this->assertEquals(auth_aclcheck('namespace:*', 'John', array('foo')), AUTH_ADMIN);
}
}
|
