TYPO3 CMS  TYPO3_7-6
BackendUserAuthenticationTest.php
Go to the documentation of this file.
1 <?php
3 
4 /*
5  * This file is part of the TYPO3 CMS project.
6  *
7  * It is free software; you can redistribute it and/or modify it under
8  * the terms of the GNU General Public License, either version 2
9  * of the License, or any later version.
10  *
11  * For the full copyright and license information, please read the
12  * LICENSE.txt file that was distributed with this source code.
13  *
14  * The TYPO3 project - inspiring people to share!
15  */
16 
21 {
26  // File permissions
27  'addFile' => false,
28  'readFile' => false,
29  'writeFile' => false,
30  'copyFile' => false,
31  'moveFile' => false,
32  'renameFile' => false,
33  'unzipFile' => false,
34  'deleteFile' => false,
35  // Folder permissions
36  'addFolder' => false,
37  'readFolder' => false,
38  'writeFolder' => false,
39  'copyFolder' => false,
40  'moveFolder' => false,
41  'renameFolder' => false,
42  'deleteFolder' => false,
43  'recursivedeleteFolder' => false
44  ];
45 
46  protected function setUp()
47  {
48  // reset hooks
49  $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS'] = [];
50  }
51 
52  protected function tearDown()
53  {
55  parent::tearDown();
56  }
57 
59  // Tests concerning the form protection
61 
65  {
66  $formProtection = $this->getMock(
67  \TYPO3\CMS\Core\FormProtection\BackendFormProtection::class,
68  ['clean'],
69  [],
70  '',
71  false
72  );
73  $formProtection->expects($this->once())->method('clean');
74 
76  'default',
77  $formProtection
78  );
79 
80  // logoff() call the static factory that has a dependency to a valid BE_USER object. Mock this away
81  $GLOBALS['BE_USER'] = $this->getMock(\TYPO3\CMS\Core\Authentication\BackendUserAuthentication::class, [], [], '', false);
82  $GLOBALS['BE_USER']->user = ['uid' => $this->getUniqueId()];
83  $GLOBALS['TYPO3_DB'] = $this->getMock(\TYPO3\CMS\Core\Database\DatabaseConnection::class, [], [], '', false);
84 
85  $subject = $this->getAccessibleMock(\TYPO3\CMS\Core\Authentication\BackendUserAuthentication::class, ['dummy'], [], '', false);
86  $subject->_set('db', $GLOBALS['TYPO3_DB']);
87  $subject->logoff();
88  }
89 
93  public function getTSConfigDataProvider()
94  {
95  $completeConfiguration = [
96  'value' => 'oneValue',
97  'value.' => ['oneProperty' => 'oneValue'],
98  'permissions.' => [
99  'file.' => [
100  'default.' => ['readAction' => '1'],
101  '1.' => ['writeAction' => '1'],
102  '0.' => ['readAction' => '0'],
103  ],
104  ]
105  ];
106 
107  return [
108  'single level string' => [
109  $completeConfiguration,
110  'permissions',
111  [
112  'value' => null,
113  'properties' =>
114  [
115  'file.' => [
116  'default.' => ['readAction' => '1'],
117  '1.' => ['writeAction' => '1'],
118  '0.' => ['readAction' => '0'],
119  ],
120  ],
121  ],
122  ],
123  'two levels string' => [
124  $completeConfiguration,
125  'permissions.file',
126  [
127  'value' => null,
128  'properties' =>
129  [
130  'default.' => ['readAction' => '1'],
131  '1.' => ['writeAction' => '1'],
132  '0.' => ['readAction' => '0'],
133  ],
134  ],
135  ],
136  'three levels string' => [
137  $completeConfiguration,
138  'permissions.file.default',
139  [
140  'value' => null,
141  'properties' =>
142  ['readAction' => '1'],
143  ],
144  ],
145  'three levels string with integer property' => [
146  $completeConfiguration,
147  'permissions.file.1',
148  [
149  'value' => null,
150  'properties' => ['writeAction' => '1'],
151  ],
152  ],
153  'three levels string with integer zero property' => [
154  $completeConfiguration,
155  'permissions.file.0',
156  [
157  'value' => null,
158  'properties' => ['readAction' => '0'],
159  ],
160  ],
161  'four levels string with integer zero property, value, no properties' => [
162  $completeConfiguration,
163  'permissions.file.0.readAction',
164  [
165  'value' => '0',
166  'properties' => null,
167  ],
168  ],
169  'four levels string with integer property, value, no properties' => [
170  $completeConfiguration,
171  'permissions.file.1.writeAction',
172  [
173  'value' => '1',
174  'properties' => null,
175  ],
176  ],
177  'one level, not existent string' => [
178  $completeConfiguration,
179  'foo',
180  [
181  'value' => null,
182  'properties' => null,
183  ],
184  ],
185  'two level, not existent string' => [
186  $completeConfiguration,
187  'foo.bar',
188  [
189  'value' => null,
190  'properties' => null,
191  ],
192  ],
193  'two level, where second level does not exist' => [
194  $completeConfiguration,
195  'permissions.bar',
196  [
197  'value' => null,
198  'properties' => null,
199  ],
200  ],
201  'three level, where third level does not exist' => [
202  $completeConfiguration,
203  'permissions.file.foo',
204  [
205  'value' => null,
206  'properties' => null,
207  ],
208  ],
209  'three level, where second and third level does not exist' => [
210  $completeConfiguration,
211  'permissions.foo.bar',
212  [
213  'value' => null,
214  'properties' => null,
215  ],
216  ],
217  'value and properties' => [
218  $completeConfiguration,
219  'value',
220  [
221  'value' => 'oneValue',
222  'properties' => ['oneProperty' => 'oneValue'],
223  ],
224  ],
225  ];
226  }
227 
235  public function getTSConfigReturnsCorrectArrayForGivenObjectString(array $completeConfiguration, $objectString, array $expectedConfiguration)
236  {
237  $subject = $this->getMock(\TYPO3\CMS\Core\Authentication\BackendUserAuthentication::class, ['dummy'], [], '', false);
238  $subject->userTS = $completeConfiguration;
239 
240  $actualConfiguration = $subject->getTSConfig($objectString);
241  $this->assertSame($expectedConfiguration, $actualConfiguration);
242  }
243 
248  {
249  return [
250  'Only read permissions' => [
251  [
252  'addFile' => 0,
253  'readFile' => 1,
254  'writeFile' => 0,
255  'copyFile' => 0,
256  'moveFile' => 0,
257  'renameFile' => 0,
258  'unzipFile' => 0,
259  'deleteFile' => 0,
260  'addFolder' => 0,
261  'readFolder' => 1,
262  'copyFolder' => 0,
263  'moveFolder' => 0,
264  'renameFolder' => 0,
265  'writeFolder' => 0,
266  'deleteFolder' => 0,
267  'recursivedeleteFolder' => 0,
268  ]
269  ],
270  'Uploading allowed' => [
271  [
272  'addFile' => 1,
273  'readFile' => 1,
274  'writeFile' => 1,
275  'copyFile' => 1,
276  'moveFile' => 1,
277  'renameFile' => 1,
278  'unzipFile' => 0,
279  'deleteFile' => 1,
280  'addFolder' => 0,
281  'readFolder' => 1,
282  'copyFolder' => 0,
283  'moveFolder' => 0,
284  'renameFolder' => 0,
285  'writeFolder' => 0,
286  'deleteFolder' => 0,
287  'recursivedeleteFolder' => 0
288  ]
289  ],
290  'One value is enough' => [
291  [
292  'addFile' => 1,
293  ]
294  ],
295  ];
296  }
297 
304  {
305  $subject = $this->getMock(\TYPO3\CMS\Core\Authentication\BackendUserAuthentication::class, ['isAdmin']);
306 
307  $subject
308  ->expects($this->any())
309  ->method('isAdmin')
310  ->will($this->returnValue(false));
311 
312  $subject->userTS = [
313  'permissions.' => [
314  'file.' => [
315  'default.' => $userTsConfiguration
316  ],
317  ]
318  ];
319 
320  $expectedPermissions = array_merge($this->defaultFilePermissions, $userTsConfiguration);
321  array_walk(
322  $expectedPermissions,
323  function (&$value) {
324  $value = (bool)$value;
325  }
326  );
327 
328  $this->assertEquals($expectedPermissions, $subject->getFilePermissions());
329  }
330 
335  {
336  $defaultPermissions = [
337  'addFile' => true,
338  'readFile' => true,
339  'writeFile' => true,
340  'copyFile' => true,
341  'moveFile' => true,
342  'renameFile' => true,
343  'unzipFile' => true,
344  'deleteFile' => true,
345  'addFolder' => true,
346  'readFolder' => true,
347  'copyFolder' => true,
348  'moveFolder' => true,
349  'renameFolder' => true,
350  'writeFolder' => true,
351  'deleteFolder' => true,
352  'recursivedeleteFolder' => true
353  ];
354 
355  return [
356  'Overwrites given storage permissions with default permissions' => [
357  $defaultPermissions,
358  1,
359  [
360  'addFile' => 0,
361  'recursivedeleteFolder' =>0
362  ],
363  [
364  'addFile' => 0,
365  'readFile' => 1,
366  'writeFile' => 1,
367  'copyFile' => 1,
368  'moveFile' => 1,
369  'renameFile' => 1,
370  'unzipFile' => 1,
371  'deleteFile' => 1,
372  'addFolder' => 1,
373  'readFolder' => 1,
374  'copyFolder' => 1,
375  'moveFolder' => 1,
376  'renameFolder' => 1,
377  'writeFolder' => 1,
378  'deleteFolder' => 1,
379  'recursivedeleteFolder' => 0
380  ]
381  ],
382  'Overwrites given storage 0 permissions with default permissions' => [
383  $defaultPermissions,
384  0,
385  [
386  'addFile' => 0,
387  'recursivedeleteFolder' =>0
388  ],
389  [
390  'addFile' => false,
391  'readFile' => true,
392  'writeFile' => true,
393  'copyFile' => true,
394  'moveFile' => true,
395  'renameFile' => true,
396  'unzipFile' => true,
397  'deleteFile' => true,
398  'addFolder' => true,
399  'readFolder' => true,
400  'copyFolder' => true,
401  'moveFolder' => true,
402  'renameFolder' => true,
403  'writeFolder' => true,
404  'deleteFolder' => true,
405  'recursivedeleteFolder' => false
406  ]
407  ],
408  'Returns default permissions if no storage permissions are found' => [
409  $defaultPermissions,
410  1,
411  [],
412  [
413  'addFile' => true,
414  'readFile' => true,
415  'writeFile' => true,
416  'copyFile' => true,
417  'moveFile' => true,
418  'renameFile' => true,
419  'unzipFile' => true,
420  'deleteFile' => true,
421  'addFolder' => true,
422  'readFolder' => true,
423  'copyFolder' => true,
424  'moveFolder' => true,
425  'renameFolder' => true,
426  'writeFolder' => true,
427  'deleteFolder' => true,
428  'recursivedeleteFolder' => true
429  ]
430  ],
431  ];
432  }
433 
442  public function getFilePermissionsFromStorageOverwritesDefaultPermissions(array $defaultPermissions, $storageUid, array $storagePermissions, array $expectedPermissions)
443  {
444  $subject = $this->getMock(\TYPO3\CMS\Core\Authentication\BackendUserAuthentication::class, ['isAdmin', 'getFilePermissions']);
445  $storageMock = $this->getMock(\TYPO3\CMS\Core\Resource\ResourceStorage::class, [], [], '', false);
446  $storageMock->expects($this->any())->method('getUid')->will($this->returnValue($storageUid));
447 
448  $subject
449  ->expects($this->any())
450  ->method('isAdmin')
451  ->will($this->returnValue(false));
452 
453  $subject
454  ->expects($this->any())
455  ->method('getFilePermissions')
456  ->will($this->returnValue($defaultPermissions));
457 
458  $subject->userTS = [
459  'permissions.' => [
460  'file.' => [
461  'storage.' => [
462  $storageUid . '.' => $storagePermissions
463  ],
464  ],
465  ]
466  ];
467 
468  $this->assertEquals($expectedPermissions, $subject->getFilePermissionsForStorage($storageMock));
469  }
470 
478  public function getFilePermissionsFromStorageAlwaysReturnsDefaultPermissionsForAdmins(array $defaultPermissions, $storageUid, array $storagePermissions)
479  {
480  $subject = $this->getMock(\TYPO3\CMS\Core\Authentication\BackendUserAuthentication::class, ['isAdmin', 'getFilePermissions']);
481  $storageMock = $this->getMock(\TYPO3\CMS\Core\Resource\ResourceStorage::class, [], [], '', false);
482  $storageMock->expects($this->any())->method('getUid')->will($this->returnValue($storageUid));
483 
484  $subject
485  ->expects($this->any())
486  ->method('isAdmin')
487  ->will($this->returnValue(true));
488 
489  $subject
490  ->expects($this->any())
491  ->method('getFilePermissions')
492  ->will($this->returnValue($defaultPermissions));
493 
494  $subject->userTS = [
495  'permissions.' => [
496  'file.' => [
497  'storage.' => [
498  $storageUid . '.' => $storagePermissions
499  ],
500  ],
501  ]
502  ];
503 
504  $this->assertEquals($defaultPermissions, $subject->getFilePermissionsForStorage($storageMock));
505  }
506 
511  {
512  return [
513  'No permission' => [
514  '',
515  [
516  'addFile' => false,
517  'readFile' => false,
518  'writeFile' => false,
519  'copyFile' => false,
520  'moveFile' => false,
521  'renameFile' => false,
522  'unzipFile' => false,
523  'deleteFile' => false,
524  'addFolder' => false,
525  'readFolder' => false,
526  'copyFolder' => false,
527  'moveFolder' => false,
528  'renameFolder' => false,
529  'writeFolder' => false,
530  'deleteFolder' => false,
531  'recursivedeleteFolder' => false
532  ]
533  ],
534  'Standard file permissions' => [
535  'addFile,readFile,writeFile,copyFile,moveFile,renameFile,deleteFile',
536  [
537  'addFile' => true,
538  'readFile' => true,
539  'writeFile' => true,
540  'copyFile' => true,
541  'moveFile' => true,
542  'renameFile' => true,
543  'unzipFile' => false,
544  'deleteFile' => true,
545  'addFolder' => false,
546  'readFolder' => false,
547  'copyFolder' => false,
548  'moveFolder' => false,
549  'renameFolder' => false,
550  'writeFolder' => false,
551  'deleteFolder' => false,
552  'recursivedeleteFolder' => false
553  ]
554  ],
555  'Unzip allowed' => [
556  'readFile,unzipFile',
557  [
558  'addFile' => false,
559  'readFile' => true,
560  'writeFile' => false,
561  'copyFile' => false,
562  'moveFile' => false,
563  'renameFile' => false,
564  'unzipFile' => true,
565  'deleteFile' => false,
566  'addFolder' => false,
567  'readFolder' => false,
568  'writeFolder' => false,
569  'copyFolder' => false,
570  'moveFolder' => false,
571  'renameFolder' => false,
572  'deleteFolder' => false,
573  'recursivedeleteFolder' => false
574  ]
575  ],
576  'Standard folder permissions' => [
577  'addFolder,readFolder,moveFolder,renameFolder,writeFolder,deleteFolder',
578  [
579  'addFile' => false,
580  'readFile' => false,
581  'writeFile' => false,
582  'copyFile' => false,
583  'moveFile' => false,
584  'renameFile' => false,
585  'unzipFile' => false,
586  'deleteFile' => false,
587  'addFolder' => true,
588  'readFolder' => true,
589  'writeFolder' => true,
590  'copyFolder' => false,
591  'moveFolder' => true,
592  'renameFolder' => true,
593  'deleteFolder' => true,
594  'recursivedeleteFolder' => false
595  ]
596  ],
597  'Copy folder allowed' => [
598  'readFolder,copyFolder',
599  [
600  'addFile' => false,
601  'readFile' => false,
602  'writeFile' => false,
603  'copyFile' => false,
604  'moveFile' => false,
605  'renameFile' => false,
606  'unzipFile' => false,
607  'deleteFile' => false,
608  'addFolder' => false,
609  'readFolder' => true,
610  'writeFolder' => false,
611  'copyFolder' => true,
612  'moveFolder' => false,
613  'renameFolder' => false,
614  'deleteFolder' => false,
615  'recursivedeleteFolder' => false
616  ]
617  ],
618  'Copy folder and remove subfolders allowed' => [
619  'readFolder,copyFolder,recursivedeleteFolder',
620  [
621  'addFile' => false,
622  'readFile' => false,
623  'writeFile' => false,
624  'copyFile' => false,
625  'moveFile' => false,
626  'renameFile' => false,
627  'unzipFile' => false,
628  'deleteFile' => false,
629  'addFolder' => false,
630  'readFolder' => true,
631  'writeFolder' => false,
632  'copyFolder' => true,
633  'moveFolder' => false,
634  'renameFolder' => false,
635  'deleteFolder' => false,
636  'recursivedeleteFolder' => true
637  ]
638  ],
639  ];
640  }
641 
646  public function getFilePermissionsTakesUserDefaultPermissionsFromRecordIntoAccountIfUserIsNotAdmin($permissionValue, $expectedPermissions)
647  {
648  $subject = $this->getMock(\TYPO3\CMS\Core\Authentication\BackendUserAuthentication::class, ['isAdmin']);
649 
650  $subject
651  ->expects($this->any())
652  ->method('isAdmin')
653  ->will($this->returnValue(false));
654 
655  $subject->userTS = [];
656  $subject->groupData['file_permissions'] = $permissionValue;
657  $this->assertEquals($expectedPermissions, $subject->getFilePermissions());
658  }
659 
664  {
665  $subject = $this->getMock(\TYPO3\CMS\Core\Authentication\BackendUserAuthentication::class, ['isAdmin']);
666 
667  $subject
668  ->expects($this->any())
669  ->method('isAdmin')
670  ->will($this->returnValue(true));
671 
672  $expectedPermissions = [
673  'addFile' => true,
674  'readFile' => true,
675  'writeFile' => true,
676  'copyFile' => true,
677  'moveFile' => true,
678  'renameFile' => true,
679  'unzipFile' => true,
680  'deleteFile' => true,
681  'addFolder' => true,
682  'readFolder' => true,
683  'writeFolder' => true,
684  'copyFolder' => true,
685  'moveFolder' => true,
686  'renameFolder' => true,
687  'deleteFolder' => true,
688  'recursivedeleteFolder' => true
689  ];
690 
691  $this->assertEquals($expectedPermissions, $subject->getFilePermissions());
692  }
693 }
getFilePermissionsTakesUserDefaultPermissionsFromRecordIntoAccountIfUserIsNotAdmin($permissionValue, $expectedPermissions)
getTSConfigReturnsCorrectArrayForGivenObjectString(array $completeConfiguration, $objectString, array $expectedConfiguration)
static set($classNameOrType, AbstractFormProtection $instance)
getFilePermissionsFromStorageAlwaysReturnsDefaultPermissionsForAdmins(array $defaultPermissions, $storageUid, array $storagePermissions)
getFilePermissionsFromStorageOverwritesDefaultPermissions(array $defaultPermissions, $storageUid, array $storagePermissions, array $expectedPermissions)
getAccessibleMock( $originalClassName, $methods=[], array $arguments=[], $mockClassName='', $callOriginalConstructor=true, $callOriginalClone=true, $callAutoload=true)
if(TYPO3_MODE==='BE') $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_tsfebeuserauth.php']['frontendEditingController']['default']