diff --git a/lib/access.php b/lib/access.php index f120361..dff10a2 100644 --- a/lib/access.php +++ b/lib/access.php @@ -82,6 +82,7 @@ function granted($route,$subject='') { foreach ($this->rules as $sub => $verbs) if ($sub!=$subject && isset($verbs[$verb])) foreach ($verbs[$verb] as $path => $rule) { + $path=strtolower($path); if (!isset($others[$path])) $others[$path]=[$sub=>$rule]; else @@ -93,7 +94,7 @@ function granted($route,$subject='') { //specific paths are processed first: $paths=array(); foreach ($keys=array_keys($rules) as $key) { - $path=str_replace('@','*@',$key); + $path=str_replace('@','*@',strtolower($key)); if (substr($path,-1)!='*') $path.='+'; $paths[]=$path; @@ -103,8 +104,8 @@ function granted($route,$subject='') { $rules=array_combine($keys,$vals); foreach($rules as $path=>$rule) if (preg_match('/^'.preg_replace('/@\w*/','[^\/]+', - str_replace('\*','.*',preg_quote($path,'/'))).'$/',$uri)) - return (strpos($path,'@')!==FALSE && isset($others[$uri])) + str_replace('\*','.*',preg_quote($path,'/'))).'$/i',$uri)) + return (strpos($path,'@')!==FALSE && isset($others[strtolower($uri)])) ? !$this->policy==self::DENY: $rule; return $this->policy==self::ALLOW; } diff --git a/tests/tests.php b/tests/tests.php index f17b19f..1743e7b 100644 --- a/tests/tests.php +++ b/tests/tests.php @@ -166,61 +166,87 @@ function run($f3) { 'DENY DELETE /foo' => '*', 'ALLOW DELETE /foo' => 'admin', )); - $access=new \Access(); - $access->policy('allow'); - $f3->route('GET|POST @admin_user_new: /admin/user/new','Class->create'); - $f3->route('GET|POST @admin_user_edit: /admin/user/@id','Class->edit'); - $f3->route('DELETE @admin_user_delete: /admin/user/@id','Class->delete'); - $access->deny('* /admin*','*'); - $access->allow('* /admin*','superadmin'); - $access->allow('@admin_user_new','user_admin_create'); - $access->allow('@admin_user_edit','user_admin_edit'); - $access->allow('@admin_user_delete','user_admin_delete'); - $test->expect( - $access->granted('GET /admin/user/new','superadmin') && - $access->granted('GET /admin/user/23','superadmin') && - $access->granted('POST /admin/user/23','superadmin') && - $access->granted('POST /admin/user/new','user_admin_create') && - $access->granted('POST /admin/user/23','user_admin_edit') && - !$access->granted('POST /admin/user/23','client') && - !$access->granted('GET /admin/user/new','user_admin_edit') && - !$access->granted('POST /admin/user/new','user_admin_edit') && - !$access->granted('GET /admin/user/23','user_admin_create') && - !$access->granted('POST /admin/user/23','user_admin_create'), - 'Static routes precedence' - ); - $test->expect( - $access->granted('GET /admin/user/23','superadmin') && - $access->granted('DELETE /admin/user/23','superadmin') && - $access->granted('POST /admin/user/23','user_admin_edit') && - $access->granted('DELETE /admin/user/23','user_admin_delete') && - !$access->granted('POST /admin/user/23','client') && - !$access->granted('DELETE /admin/user/23','client') && - !$access->granted('GET /admin/user/23','user_admin_create') && - !$access->granted('POST /admin/user/23','user_admin_create') && - !$access->granted('DELETE /admin/user/12','user_admin_create') && - !$access->granted('DELETE /admin/user/12','user_admin_edit'), - 'Named route verb inheritance' - ); - $access->policy('deny'); - $test->expect( - $access->granted('GET /admin/user/new','superadmin') && - $access->granted('GET /admin/user/23','superadmin') && - $access->granted('POST /admin/user/23','superadmin') && - $access->granted('DELETE /admin/user/23','superadmin') && - $access->granted('POST /admin/user/new','user_admin_create') && - $access->granted('POST /admin/user/23','user_admin_edit') && - $access->granted('DELETE /admin/user/23','user_admin_delete') && - !$access->granted('POST /admin/user/23','client') && - !$access->granted('DELETE /admin/user/23','client') && - !$access->granted('GET /admin/user/new','user_admin_edit') && - !$access->granted('POST /admin/user/new','user_admin_edit') && - !$access->granted('GET /admin/user/23','user_admin_create') && - !$access->granted('POST /admin/user/23','user_admin_create') && - !$access->granted('DELETE /admin/user/12','user_admin_create') && - !$access->granted('DELETE /admin/user/12','user_admin_edit'), - 'Routes precedence & VERB test, reversed default policy' - ); + $runs=[ + 1=>['/admin/user/new','/admin/user/@id','/admin*'], + 2=>['/AdMin/uSeR/new','/AdMin/uSeR/@id','/aDmiN*'], + ]; + foreach ($runs as $run=>$strings) { + $access=new \Access(); + $access->policy('allow'); + $f3->route('GET|POST @admin_user_new: '.$strings[0],'Class->create'); + $f3->route('GET|POST @admin_user_edit: '.$strings[1],'Class->edit'); + $f3->route('DELETE @admin_user_delete: '.$strings[1],'Class->delete'); + $access->deny('* '.$strings[2],'*'); + $access->allow('* '.$strings[2],'superadmin'); + $access->allow('@admin_user_new','user_admin_create'); + $access->allow('@admin_user_edit','user_admin_edit'); + $access->allow('@admin_user_delete','user_admin_delete'); + $test->expect( + $access->granted('GET /admin/user/new','superadmin') && + $access->granted('GET /admin/user/23','superadmin') && + $access->granted('POST /admin/user/23','superadmin') && + $access->granted('POST /admin/user/new','user_admin_create') && + $access->granted('POST /admin/user/23','user_admin_edit') && + !$access->granted('POST /admin/user/23','client') && + !$access->granted('GET /admin/user/new','user_admin_edit') && + !$access->granted('POST /admin/user/new','user_admin_edit') && + !$access->granted('GET /admin/user/23','user_admin_create') && + !$access->granted('POST /admin/user/23','user_admin_create'), + 'Static routes precedence (run '.$run.')' + ); + $test->expect( + $access->granted('GET /admin/user/23','superadmin') && + $access->granted('DELETE /admin/user/23','superadmin') && + $access->granted('POST /admin/user/23','user_admin_edit') && + $access->granted('DELETE /admin/user/23','user_admin_delete') && + !$access->granted('POST /admin/user/23','client') && + !$access->granted('DELETE /admin/user/23','client') && + !$access->granted('GET /admin/user/23','user_admin_create') && + !$access->granted('POST /admin/user/23','user_admin_create') && + !$access->granted('DELETE /admin/user/12','user_admin_create') && + !$access->granted('DELETE /admin/user/12','user_admin_edit'), + 'Named route verb inheritance (run '.$run.')' + ); + $access->policy('deny'); + $test->expect( + $access->granted('GET /admin/user/new','superadmin') && + $access->granted('GET /admin/user/23','superadmin') && + $access->granted('POST /admin/user/23','superadmin') && + $access->granted('DELETE /admin/user/23','superadmin') && + $access->granted('POST /admin/user/new','user_admin_create') && + $access->granted('POST /admin/user/23','user_admin_edit') && + $access->granted('DELETE /admin/user/23','user_admin_delete') && + !$access->granted('POST /admin/user/23','client') && + !$access->granted('DELETE /admin/user/23','client') && + !$access->granted('GET /admin/user/new','user_admin_edit') && + !$access->granted('POST /admin/user/new','user_admin_edit') && + !$access->granted('GET /admin/user/23','user_admin_create') && + !$access->granted('POST /admin/user/23','user_admin_create') && + !$access->granted('DELETE /admin/user/12','user_admin_create') && + !$access->granted('DELETE /admin/user/12','user_admin_edit'), + 'Routes precedence & VERB test, reversed default policy (run '.$run.')' + ); + $test->expect( + $access->granted('GET /Admin/User/New','superadmin') && + $access->granted('GET /Admin/User/23','superadmin') && + $access->granted('POST /Admin/User/23','superadmin') && + $access->granted('DELETE /Admin/User/23','superadmin') && + $access->granted('POST /Admin/User/New','user_admin_create') && + $access->granted('POST /Admin/User/23','user_admin_edit') && + $access->granted('DELETE /Admin/User/23','user_admin_delete') && + !$access->granted('POST /Admin/User/23','client') && + !$access->granted('DELETE /Admin/User/23','client') && + !$access->granted('GET /Admin/User/New','user_admin_edit') && + !$access->granted('POST /Admin/User/New','user_admin_edit') && + !$access->granted('GET /Admin/User/23','user_admin_create') && + !$access->granted('POST /Admin/User/23','user_admin_create') && + !$access->granted('DELETE /Admin/User/12','user_admin_create') && + !$access->granted('DELETE /Admin/User/12','user_admin_edit'), + 'Case insensitivity test (run '.$run.')' + ); + unset($f3->ROUTES[$strings[0]],$f3->ROUTES[$strings[1]]); + unset($f3->ALIASES['admin_user_new'],$f3->ALIASES['admin_user_edit'],$f3->ALIASES['admin_user_delete']); + } $access=new \Access(); $test->expect( !$access->granted('/') && !$access->granted('/','admin'),