# Copyright (c) 2005 bivio Software, Inc. All Rights Reserved. # $Id: dav-permission.btest,v 1.9 2007/09/01 18:16:40 nagler Exp $ test_setup('PetShop'); home_page(); my($root) = '/demo/dav/files'; my($x) = absolute_uri("$root/pub2"); test_deviance('401 Authorization Required'); send_request(OPTIONS => "$root"); test_conformance(); $root =~ s{/files}{}; basic_authorization('root>guest', 'bad pass'); test_deviance('401 Authorization Required'); send_request(PROPFIND => '/dav'); test_conformance(); basic_authorization('root'); send_request(PROPFIND => '/dav'); test_deviance('403 Forbidden'); send_request(OPTIONS => "$root"); test_conformance(); basic_authorization('demo>guest'); test_deviance('401 Authorization Required'); send_request(PROPFIND => '/dav'); test_conformance(); basic_authorization('root>guest'); send_request(PROPFIND => $root); basic_authorization('guest'); send_request(PROPFIND => $root); verify_no_text('orders'); test_deviance('403 Forbidden'); send_request(PROPFIND => "$root/orders"); test_conformance(); $root .= '/files'; visit_uri("$root/private/file.html"); send_request(PROPFIND => "$root/private"); my($rand) = random_string(); test_deviance('404 Not Found'); send_request(PROPFIND => "$root/pub/dav-permission.$rand"); test_deviance('403 Forbidden'); send_request(MKCOL => "$root/pub/dav-permission.$rand"); send_request(PUT => "$root/pub/dav-permission.$rand", undef, ''); send_request(DELETE => "$root/pub/file.txt"); send_request(LOCK => "$root/pub"); send_request(MOVE => "$root/pub", { Destination => $x, }); test_conformance(); send_request(OPTIONS => "$root/private"); visit_uri("$root/private/file.html"); # Don't write to '/' or '/pub', other tests depend send_request(COPY => "$root/private/file.html", { Destination => absolute_uri('/guest/dav/files/dav-permission'), }); $x = absolute_uri("$root/dav-permission"); test_deviance('403 Forbidden'); send_request(COPY => '/guest/dav/files/private/file.html', { Destination => $x, }); test_conformance(); # Defect on 1/28/2005 basic_authorization('root'); my($user) = generate_local_email(random_string()); send_request(GET => my $root_forums = '/dav/Forums.csv'); my($top) = "btest_" . random_string(); my($dn) = "DAV $top BTEST"; send_request(PUT => $root_forums, undef, get_content() . <<"EOF"); $top,$dn EOF send_request(GET => $root_forums); my($root_forums_csv) = get_content(); my($top_uri) = "/dav/$top"; my($top_members) = "$top_uri/Members.csv"; send_request(GET => $top_members); send_request(PUT => $top_members, undef, get_content() . "$user,1,1,1\n"); basic_authorization("root>$user"); send_request(GET => $top_members); (my $csv = get_content()) =~ s/(?<=^\Q$user\E,)1/0/m || die; send_request(PUT => $top_members, undef, $csv); # End # Make sure an admin at a lower level can't get at a higher level test_deviance('403 Forbidden'); send_request(GET => $root_forums); send_request(PUT => $root_forums, undef, $root_forums_csv . "davp1,DAV Permission\n");