Merge pull request #774 from MartijnRas/master

remoteuser - Patch for default setting and improved checking in hasAccess()

_test/tests/inc/remote.test.php

@@ -157,6 +157,8 @@ class remote_test extends DokuWikiTest {
     }
 
     function test_hasAccessSuccess() {
+        global $conf;
+        $conf['remoteuser'] = '';
         $this->assertTrue($this->remote->hasAccess());
     }
 
@@ -209,6 +211,7 @@ class remote_test extends DokuWikiTest {
     function test_forceAccessSuccess() {
         global $conf;
         $conf['remote'] = 1;
+        $conf['remoteuser'] = '';
         $this->remote->forceAccess(); // no exception should occur
     }
 
@@ -223,7 +226,11 @@ class remote_test extends DokuWikiTest {
 
     function test_generalCoreFunctionWithoutArguments() {
         global $conf;
+        global $USERINFO;
         $conf['remote'] = 1;
+        $conf['remoteuser'] = '';
+        $conf['useacl'] = 1;
+        $USERINFO['grps'] = array('grp');
         $remoteApi = new RemoteApi();
         $remoteApi->getCoreMethods(new RemoteAPICoreTest());
 
@@ -249,7 +256,10 @@ class remote_test extends DokuWikiTest {
 
     function test_generalCoreFunctionWithArguments() {
         global $conf;
+        global $USERINFO;
         $conf['remote'] = 1;
+        $conf['remoteuser'] = '';
+        $conf['useacl'] = 1;
 
         $remoteApi = new RemoteApi();
         $remoteApi->getCoreMethods(new RemoteAPICoreTest());
@@ -262,7 +272,10 @@ class remote_test extends DokuWikiTest {
 
     function test_pluginCallMethods() {
         global $conf;
+        global $USERINFO;
         $conf['remote'] = 1;
+        $conf['remoteuser'] = '';
+        $conf['useacl'] = 1;
 
         $remoteApi = new RemoteApi();
         $this->assertEquals($remoteApi->call('plugin.testplugin.method1'), null);
@@ -319,6 +332,11 @@ class remote_test extends DokuWikiTest {
     }
 
     function test_pluginCallCustomPath() {
+        global $conf;
+        global $USERINFO;
+        $conf['remote'] = 1;
+        $conf['remoteuser'] = '';
+        $conf['useacl'] = 1;
         global $EVENT_HANDLER;
         $EVENT_HANDLER->register_hook('RPC_CALL_ADD', 'BEFORE', $this, 'pluginCallCustomPathRegister');
 

conf/dokuwiki.php

@@ -65,7 +65,7 @@ $conf['disableactions'] = '';            //comma separated list of actions to di
 $conf['auth_security_timeout'] = 900;    //time (seconds) auth data is considered valid, set to 0 to recheck on every page view
 $conf['securecookie'] = 1;               //never send HTTPS cookies via HTTP
 $conf['remote']      = 0;                //Enable/disable remote interfaces
-$conf['remoteuser']  = '!!not set !!';   //user/groups that have access to remote interface (comma separated)
+$conf['remoteuser']  = '!!not set!!';    //user/groups that have access to remote interface (comma separated)
 
 /* Antispam Features */
 $conf['usewordblock']= 1;                //block spam based on words? 0|1

inc/remote.php

@@ -236,6 +236,9 @@ class RemoteAPI {
         if (!$conf['remote']) {
             throw new RemoteAccessDeniedException('server error. RPC server not enabled.',-32604); //should not be here,just throw
         }
+        if(trim($conf['remoteuser']) == '!!not set!!') {
+            return false;
+        }
         if(!$conf['useacl']) {
             return true;
         }