Permalink
Browse files

Item12849: Implement ALLOW/DENY wildcard

And disable the deprecated use of empty DENY rules.

Needs TWikiCompatibilityPlugin work to add the All*Groups
Also needs the conversion tool implemented.

git-svn-id: http://svn.foswiki.org/trunk@17576 0b4bb1d4-4e5a-0410-9cc4-b2b747904278
  • Loading branch information...
GeorgeClark GeorgeClark
GeorgeClark authored and GeorgeClark committed Apr 24, 2014
1 parent 2d9f0d9 commit 71f3ff53bacda693f88312874f510ca7cc5fc060
@@ -428,6 +428,160 @@ THIS
return;
}
# Test that empty DENYTOPIC overrides DENYWEB
sub test_denyweb_empty_denytopic {
my $this = shift;
my ($topicObject) =
Foswiki::Func::readTopic( $this->{test_web},
$Foswiki::cfg{WebPrefsTopicName} );
$topicObject->text(<<"THIS");
If DENYWEB is set to a list of wikiname
* people in the list are DENIED access
* Set DENYWEBVIEW = $this->{users_web}.MrOrange %USERSWEB%.MrBlue
THIS
$topicObject->save();
$topicObject->finish();
($topicObject) =
Foswiki::Func::readTopic( $this->{test_web}, $this->{test_topic} );
$topicObject->text(<<'THIS');
If DENYTOPIC is set to empty string
1. Everyone is PERMITTED
* Set DENYTOPICVIEW =
THIS
$topicObject->save();
$topicObject->finish();
# Verify that the new "empty deny" rule is ignored
# Also passes on Foswiki <1.2
$Foswiki::cfg{AccessControlACL}{enableDeprecatedEmptyDeny} = 1;
# renew Foswiki, so WebPreferences gets re-read
$this->createNewFoswikiSession();
$this->PERMITTED( "VIEW", $MrOrange );
$this->PERMITTED( "VIEW", $MrGreen );
$this->PERMITTED( "VIEW", $MrYellow );
$this->PERMITTED( "VIEW", $MrWhite );
$this->PERMITTED( "view", $MrBlue );
# renew Foswiki, so WebPreferences gets re-read
if ( $this->check_dependency('Foswiki,>=,1.2') ) {
$Foswiki::cfg{AccessControlACL}{enableDeprecatedEmptyDeny} = 0;
$this->createNewFoswikiSession();
$this->DENIED( "VIEW", $MrOrange );
$this->PERMITTED( "VIEW", $MrGreen );
$this->PERMITTED( "VIEW", $MrYellow );
$this->PERMITTED( "VIEW", $MrWhite );
$this->DENIED( "view", $MrBlue );
}
return;
}
# Test that DENYTOPIC * wildcard overrides DENYWEB *
sub test_wildcard_denyweb_allow_topic {
my $this = shift;
my ($topicObject) =
Foswiki::Func::readTopic( $this->{test_web},
$Foswiki::cfg{WebPrefsTopicName} );
$topicObject->text(<<"THIS");
If DENYWEB is set to the wildcard
* everyone is DENIED access
* Set DENYWEBVIEW = *
THIS
$topicObject->save();
$topicObject->finish();
($topicObject) =
Foswiki::Func::readTopic( $this->{test_web}, $this->{test_topic} );
$topicObject->text(<<"THIS");
Except ALLOW at the topic will override DENY at web.
1. Everyone is PERMITTED
* Set ALLOWTOPICVIEW = $this->{users_web}.MrOrange %USERSWEB%.MrBlue
THIS
$topicObject->save();
$topicObject->finish();
# renew Foswiki, so WebPreferences gets re-read
$this->createNewFoswikiSession();
$this->PERMITTED( "VIEW", $MrOrange );
$this->DENIED( "VIEW", $MrGreen );
$this->DENIED( "VIEW", $MrYellow );
$this->DENIED( "VIEW", $MrWhite );
$this->PERMITTED( "view", $MrBlue );
return;
}
# Test that ALLOWTOPIC * wildcard overrides DENYWEB
sub test_denyweb_wildcard_topic {
my $this = shift;
my ($topicObject) =
Foswiki::Func::readTopic( $this->{test_web},
$Foswiki::cfg{WebPrefsTopicName} );
$topicObject->text(<<"THIS");
If DENYWEB is set to a list of wikiname
* people in the list are DENIED access
* Set DENYWEBVIEW = $this->{users_web}.MrOrange %USERSWEB%.MrBlue
THIS
$topicObject->save();
$topicObject->finish();
($topicObject) =
Foswiki::Func::readTopic( $this->{test_web}, $this->{test_topic} );
$topicObject->text(<<'THIS');
If DENYTOPIC is set to empty string
1. Everyone is PERMITTED
* Set ALLOWTOPICVIEW = *
THIS
$topicObject->save();
$topicObject->finish();
# Verify that the new "empty deny" rule is ignored
# Also passes on Foswiki <1.2
$Foswiki::cfg{AccessControlACL}{enableDeprecatedEmptyDeny} = 1;
# renew Foswiki, so WebPreferences gets re-read
$this->createNewFoswikiSession();
$this->PERMITTED( "VIEW", $MrOrange );
$this->PERMITTED( "VIEW", $MrGreen );
$this->PERMITTED( "VIEW", $MrYellow );
$this->PERMITTED( "VIEW", $MrWhite );
$this->PERMITTED( "view", $MrBlue );
return;
}
# Test that ALLOWTOPIC doesn't override DENYTOPIC wildcard
sub test_denytopic_wild_allowtopic {
my $this = shift;
my ($topicObject) =
Foswiki::Func::readTopic( $this->{test_web}, $this->{test_topic} );
$topicObject->text(<<'THIS');
If DENYTOPIC is set to empty string
1. Everyone is PERMITTED
* Set DENYTOPICVIEW = *
* Set ALLOWTOPICVIEW = this->{users_web}.MrOrange %USERSWEB%.MrBlue
THIS
$topicObject->save();
$topicObject->finish();
# renew Foswiki, so WebPreferences gets re-read
$this->createNewFoswikiSession();
$this->DENIED( "VIEW", $MrOrange );
$this->DENIED( "VIEW", $MrGreen );
$this->DENIED( "VIEW", $MrYellow );
$this->DENIED( "VIEW", $MrWhite );
$this->DENIED( "view", $MrBlue );
return;
}
# Test that ALLOWWEB works in a top-level web with no finalisation
sub test_allow_web {
my $this = shift;
Oops, something went wrong.

0 comments on commit 71f3ff5

Please sign in to comment.