gitolite/t/t11-deny-repo

228 lines
5.4 KiB
Text
Raw Permalink Normal View History

# vim: syn=sh:
# can_read cannot_read has_export_ok is_in_projects_list
# can_push cannot_push does_not_have_export_ok is_not_in_projects_list
can_read() {
# args: user, repo
runlocal git ls-remote $1:$2
expect refs/heads
notexpect DENIED
}
can_push() {
cd ~/td
rm -rf clone
runlocal git clone $1:$2 clone
expect Cloning into
notexpect DENIED
notexpect fatal
cd clone
mdc
runlocal git push origin HEAD:${3:-master}
expect_push_ok "HEAD -> ${3:-master}"
}
cannot_read() {
# args: user, repo
runlocal git ls-remote $1:$2
notexpect refs/heads
expect DENIED
}
cannot_push() {
cd ~/td
rm -rf clone
runlocal git clone $1:$2 clone
expect Cloning into
notexpect DENIED
notexpect fatal
cd clone
mdc
runlocal git push origin HEAD:${3:-master}
expect DENIED
}
has_export_ok() {
runremote ls -al $TEST_BASE_FULL/$1.git/git-daemon-export-ok
expect "$USER $USER .* $TEST_BASE_FULL/$1.git/git-daemon-export-ok"
}
does_not_have_export_ok() {
runremote ls -al $TEST_BASE_FULL/$1.git/git-daemon-export-ok
expect "ls: cannot access $TEST_BASE_FULL/$1.git/git-daemon-export-ok: No such file or directory"
}
is_in_projects_list() {
runremote cat projects.list
expect "^$1.git$"
}
is_not_in_projects_list() {
runremote cat projects.list
notexpect "^$1.git$"
}
for bc in 0 1
do
for ais in 0 1
do
cd $TESTDIR
$TESTDIR/rollback || die "rollback failed"
editrc GL_WILDREPOS 1
editrc GL_BIG_CONFIG $bc
echo "\$GL_ALL_INCLUDES_SPECIAL = $ais;" | addrc
name "set 1"
REPO=one
echo "
repo $REPO
RW+ = u1
R = u2
- = u2 u3
R = @all
" | ugc
can_push u1 $REPO
can_read u2 $REPO
cannot_push u2 $REPO
can_read u3 $REPO
cannot_push u3 $REPO
can_read u6 $REPO
cannot_push u6 $REPO
[ "$ais" = "0" ] && does_not_have_export_ok $REPO
[ "$ais" = "0" ] && is_not_in_projects_list $REPO
[ "$ais" = "1" ] && has_export_ok $REPO
[ "$ais" = "1" ] && is_in_projects_list $REPO
name "set 1a -- add the deny-repo flag"
echo "
config gitolite-options.deny-repo = 1
" | ugc
can_push u1 $REPO
can_read u2 $REPO
cannot_push u2 $REPO
cannot_read u3 $REPO
can_read u6 $REPO
cannot_push u6 $REPO
[ "$ais" = "0" ] && does_not_have_export_ok $REPO
[ "$ais" = "0" ] && is_not_in_projects_list $REPO
[ "$ais" = "1" ] && has_export_ok $REPO
[ "$ais" = "1" ] && is_in_projects_list $REPO
name "set 2 -- add gitweb and daemon"
REPO=two
echo "
repo $REPO
RW+ = u1
R = u2
- = u2 u3 gitweb daemon
R = @all
" | ugc
[ "$ais" = "0" ] && does_not_have_export_ok $REPO
[ "$ais" = "0" ] && is_not_in_projects_list $REPO
[ "$ais" = "1" ] && has_export_ok $REPO
[ "$ais" = "1" ] && is_in_projects_list $REPO
name "set 2a -- add the deny-repo flag"
echo "
config gitolite-options.deny-repo = 1
" | ugc
does_not_have_export_ok $REPO
is_not_in_projects_list $REPO
name "set 3 -- allow gitweb to all but admin repo"
REPO=three
echo "
repo gitolite-admin
- = gitweb daemon
config gitolite-options.deny-repo = 1
repo $REPO
RW+ = u3
R = gitweb daemon
" | ugc
has_export_ok $REPO
is_in_projects_list $REPO
does_not_have_export_ok gitolite-admin
is_not_in_projects_list gitolite-admin
name "set 4 -- allow gitweb to all but admin repo"
REPO=four
echo "
repo $REPO
RW+ = u4
- = gitweb daemon
repo @all
R = @all
" | ugc
[ "$ais" = "0" ] && {
does_not_have_export_ok $REPO
is_not_in_projects_list $REPO
does_not_have_export_ok gitolite-admin
is_not_in_projects_list gitolite-admin
}
[ "$ais" = "1" ] && {
has_export_ok $REPO
is_in_projects_list $REPO
does_not_have_export_ok gitolite-admin
is_not_in_projects_list gitolite-admin
}
name "set 5 -- go wild"
echo "
repo foo/..*
C = u1
RW+ = CREATOR
- = gitweb daemon
R = @all
repo bar/..*
C = u2
RW+ = CREATOR
- = gitweb daemon
R = @all
config gitolite-options.deny-repo = 1
" | ugc -r
can_push u1 foo/one
can_push u2 bar/two
[ "$ais" = "0" ] && {
does_not_have_export_ok foo/one
is_not_in_projects_list foo/one
does_not_have_export_ok bar/two
is_not_in_projects_list bar/two
}
[ "$ais" = "1" ] && {
has_export_ok foo/one
is_in_projects_list foo/one
does_not_have_export_ok bar/two
is_not_in_projects_list bar/two
}
done
done