2010-08-21 06:26:11 +02:00
|
|
|
# vim: syn=sh:
|
|
|
|
|
for bc in 0 1
|
|
|
|
|
do
|
|
|
|
|
cd $TESTDIR
|
|
|
|
|
$TESTDIR/rollback || die "rollback failed"
|
|
|
|
|
editrc GL_WILDREPOS 1
|
|
|
|
|
editrc GL_BIG_CONFIG $bc
|
|
|
|
|
|
|
|
|
|
name "INTERNAL"
|
|
|
|
|
echo "
|
|
|
|
|
@leads = u1 u2
|
|
|
|
|
@devs = u1 u2 u3 u4
|
|
|
|
|
|
|
|
|
|
@gbar = bar/CREATOR/..*
|
|
|
|
|
repo @gbar
|
|
|
|
|
C = @leads
|
|
|
|
|
RW+ = CREATOR
|
|
|
|
|
RW = WRITERS
|
|
|
|
|
R = READERS
|
|
|
|
|
" | ugc
|
|
|
|
|
name "nothing set yet"
|
|
|
|
|
expect_push_ok "master -> master"
|
|
|
|
|
|
|
|
|
|
name "u1 auto-creates a repo"
|
|
|
|
|
runlocal git ls-remote u1:bar/u1/try1
|
make REPO_BASE absolute early
$ENV{GL_REPO_BASE_ABS} is meant to point to the same directory as
$REPO_BASE, except it is meant to be passed to hooks, ADCs and other
child programs. And since you can't be sure where the child program
starts in, this became an absolute path.
Gradually, however, I started using it wherever I needed an absolute
path (mostly in code that jumps around various directories to do stuff).
Which is silly, because there's no reason $REPO_BASE cannot also be made
an absolute, even if the rc file has a relative path.
So that's what I did now: made $REPO_BASE absolute very early on, and
then systematically changed all uses of the longer form to the shorter
form when appropriate. And so the only thing we now use the longer one
for is to pass to child programs.
(Implementation note: The actual change is not very big, but while I was
about it I decided to make the test suite able to test with an absolute
REPO_BASE also, which is why the commit seems so large.)
----
This all started with a complaint from Damien Regad. He had an
extremely odd setup where his bashrc changed PWD to something other than
$HOME before anything else ran. This caused those two variables to
beceom inconsistent, and he had a 1-line fix he wanted me to apply.
I generally don't like making special fixes for for non-standard setups,
and anyway all he had to do was set the full path to REPO_BASE in the rc
file to get around this. Which is what I told him and he very politely
left it at that.
However, this did get me thinking, and I soon realised I was needlessly
conflating "relative versus absolute" with "able to be passed to child
programs". Fixing that solved his problem also, as a side-effect.
So I guess this is all thanks to Damien!
2011-03-18 06:29:52 +01:00
|
|
|
expect "Initialized empty Git repository in $TEST_BASE_FULL/bar/u1/try1.git/"
|
2010-08-21 06:26:11 +02:00
|
|
|
name "default permissions for u2 and u4"
|
|
|
|
|
runlocal ssh u1 expand
|
|
|
|
|
expect R.*W.*u1.*bar/u1/try1
|
|
|
|
|
runlocal ssh u2 expand
|
|
|
|
|
notexpect R.*W.*u1.*bar/u1/try1
|
|
|
|
|
runlocal ssh u4 expand
|
|
|
|
|
notexpect R.*W.*u1.*bar/u1/try1
|
|
|
|
|
|
|
|
|
|
name "@leads can RW try1"
|
|
|
|
|
echo RW @leads | runlocal ssh u1 setperms bar/u1/try1
|
custom perm categories in setperms (WARNING: PLEASE READ FULL COMMIT MESSAGE)
THE COMPILED CONFIG FILE FORMAT CHANGES WITH THIS VERSION. PLEASE DO
NOT MIX VERSIONS OR DOWNGRADE. Upgrading using normal gitolite upgrade
means should be fine, though.
Originally, we only allowed "R" and "RW" as categories of users supplied
to the `setperms` command. These map respectively to "READERS" and
"WRITERS" in the access rules.
Now:
- we prefer READERS instead of R and WRITERS instead of RW
- we allow the admin to define other categories as she wishes
(example: MANAGERS, TESTERS, etc). These do not have abbreviations,
however, so they must be supplied in full.
PLEASE, *PLEASE*, read the section in doc/wildcard-repositories.mkd for
more info. This is a VERY powerful feature and if you're not careful
you could mess up the ACLs nicely.
Backward compat note: you can continue to use the "R" and "RW"
categories when running the "setperms" command, and gitolite will
internally convert them to READERS and WRITERS categories.
----
implementation notes:
- new RC var called GL_WILDREPOS_PERM_CATS that is a space-sep list of
the allowed categories in a gl-perms file; defaults to "R RW" if not
specified
- wild_repo_rights no longer returns $c, $r, $wC, where $r = $user if
"R $user", $r = '@all' if "R @all", and similarly with $w and "RW".
Instead it returns $c and a new hash that effectively gives the same
info, but expanded to include any other valid categories (listed in
GL_WILDREPOS_PERM_CATS)
- consequently, the arguments that parse_acl takes also change the
same way
- (side note: R and RW are quietly converted to READERS and WRITERS;
however, new categories that you define yourself do not have
abbreviations)
- setperms validates perms to make sure only allowed categories are
used; however even if someone changed them behind the scenes,
wild_repo_rights will also check. This is necessary in case the
admin tightened up GL_WILDREPOS_PERM_CATS after someone had already
setperms-d his repos.
- as a bonus, we eliminate all the post-Dumper shenanigans, at least
for READERS and WRITERS. Those two now look, to the compile script,
just like any other usernames.
2010-11-06 06:16:17 +01:00
|
|
|
expect "WRITERS @leads"
|
2010-08-21 06:26:11 +02:00
|
|
|
runlocal ssh u1 expand
|
|
|
|
|
expect R.*W.*u1.*bar/u1/try1
|
|
|
|
|
runlocal ssh u2 expand
|
|
|
|
|
expect R.*W.*u1.*bar/u1/try1
|
|
|
|
|
runlocal ssh u4 expand
|
|
|
|
|
notexpect R.*W.*u1.*bar/u1/try1
|
|
|
|
|
|
|
|
|
|
name "@devs can R try1"
|
|
|
|
|
echo R @devs | runlocal ssh u1 setperms bar/u1/try1
|
custom perm categories in setperms (WARNING: PLEASE READ FULL COMMIT MESSAGE)
THE COMPILED CONFIG FILE FORMAT CHANGES WITH THIS VERSION. PLEASE DO
NOT MIX VERSIONS OR DOWNGRADE. Upgrading using normal gitolite upgrade
means should be fine, though.
Originally, we only allowed "R" and "RW" as categories of users supplied
to the `setperms` command. These map respectively to "READERS" and
"WRITERS" in the access rules.
Now:
- we prefer READERS instead of R and WRITERS instead of RW
- we allow the admin to define other categories as she wishes
(example: MANAGERS, TESTERS, etc). These do not have abbreviations,
however, so they must be supplied in full.
PLEASE, *PLEASE*, read the section in doc/wildcard-repositories.mkd for
more info. This is a VERY powerful feature and if you're not careful
you could mess up the ACLs nicely.
Backward compat note: you can continue to use the "R" and "RW"
categories when running the "setperms" command, and gitolite will
internally convert them to READERS and WRITERS categories.
----
implementation notes:
- new RC var called GL_WILDREPOS_PERM_CATS that is a space-sep list of
the allowed categories in a gl-perms file; defaults to "R RW" if not
specified
- wild_repo_rights no longer returns $c, $r, $wC, where $r = $user if
"R $user", $r = '@all' if "R @all", and similarly with $w and "RW".
Instead it returns $c and a new hash that effectively gives the same
info, but expanded to include any other valid categories (listed in
GL_WILDREPOS_PERM_CATS)
- consequently, the arguments that parse_acl takes also change the
same way
- (side note: R and RW are quietly converted to READERS and WRITERS;
however, new categories that you define yourself do not have
abbreviations)
- setperms validates perms to make sure only allowed categories are
used; however even if someone changed them behind the scenes,
wild_repo_rights will also check. This is necessary in case the
admin tightened up GL_WILDREPOS_PERM_CATS after someone had already
setperms-d his repos.
- as a bonus, we eliminate all the post-Dumper shenanigans, at least
for READERS and WRITERS. Those two now look, to the compile script,
just like any other usernames.
2010-11-06 06:16:17 +01:00
|
|
|
expect "READERS @devs"
|
2010-08-21 06:26:11 +02:00
|
|
|
notexpect "RW @leads"
|
custom perm categories in setperms (WARNING: PLEASE READ FULL COMMIT MESSAGE)
THE COMPILED CONFIG FILE FORMAT CHANGES WITH THIS VERSION. PLEASE DO
NOT MIX VERSIONS OR DOWNGRADE. Upgrading using normal gitolite upgrade
means should be fine, though.
Originally, we only allowed "R" and "RW" as categories of users supplied
to the `setperms` command. These map respectively to "READERS" and
"WRITERS" in the access rules.
Now:
- we prefer READERS instead of R and WRITERS instead of RW
- we allow the admin to define other categories as she wishes
(example: MANAGERS, TESTERS, etc). These do not have abbreviations,
however, so they must be supplied in full.
PLEASE, *PLEASE*, read the section in doc/wildcard-repositories.mkd for
more info. This is a VERY powerful feature and if you're not careful
you could mess up the ACLs nicely.
Backward compat note: you can continue to use the "R" and "RW"
categories when running the "setperms" command, and gitolite will
internally convert them to READERS and WRITERS categories.
----
implementation notes:
- new RC var called GL_WILDREPOS_PERM_CATS that is a space-sep list of
the allowed categories in a gl-perms file; defaults to "R RW" if not
specified
- wild_repo_rights no longer returns $c, $r, $wC, where $r = $user if
"R $user", $r = '@all' if "R @all", and similarly with $w and "RW".
Instead it returns $c and a new hash that effectively gives the same
info, but expanded to include any other valid categories (listed in
GL_WILDREPOS_PERM_CATS)
- consequently, the arguments that parse_acl takes also change the
same way
- (side note: R and RW are quietly converted to READERS and WRITERS;
however, new categories that you define yourself do not have
abbreviations)
- setperms validates perms to make sure only allowed categories are
used; however even if someone changed them behind the scenes,
wild_repo_rights will also check. This is necessary in case the
admin tightened up GL_WILDREPOS_PERM_CATS after someone had already
setperms-d his repos.
- as a bonus, we eliminate all the post-Dumper shenanigans, at least
for READERS and WRITERS. Those two now look, to the compile script,
just like any other usernames.
2010-11-06 06:16:17 +01:00
|
|
|
notexpect "WRITERS @leads"
|
2010-08-21 06:26:11 +02:00
|
|
|
runlocal ssh u1 expand
|
|
|
|
|
expect R.*W.*u1.*bar/u1/try1
|
|
|
|
|
runlocal ssh u2 expand
|
|
|
|
|
notexpect R.*W.*u1.*bar/u1/try1
|
|
|
|
|
expect R.*u1.*bar/u1/try1
|
|
|
|
|
runlocal ssh u4 expand
|
|
|
|
|
notexpect R.*W.*u1.*bar/u1/try1
|
|
|
|
|
expect R.*u1.*bar/u1/try1
|
|
|
|
|
|
|
|
|
|
name "combo of previous 2"
|
|
|
|
|
printf "R @devs\nRW @leads\n" | runlocal ssh u1 setperms bar/u1/try1
|
custom perm categories in setperms (WARNING: PLEASE READ FULL COMMIT MESSAGE)
THE COMPILED CONFIG FILE FORMAT CHANGES WITH THIS VERSION. PLEASE DO
NOT MIX VERSIONS OR DOWNGRADE. Upgrading using normal gitolite upgrade
means should be fine, though.
Originally, we only allowed "R" and "RW" as categories of users supplied
to the `setperms` command. These map respectively to "READERS" and
"WRITERS" in the access rules.
Now:
- we prefer READERS instead of R and WRITERS instead of RW
- we allow the admin to define other categories as she wishes
(example: MANAGERS, TESTERS, etc). These do not have abbreviations,
however, so they must be supplied in full.
PLEASE, *PLEASE*, read the section in doc/wildcard-repositories.mkd for
more info. This is a VERY powerful feature and if you're not careful
you could mess up the ACLs nicely.
Backward compat note: you can continue to use the "R" and "RW"
categories when running the "setperms" command, and gitolite will
internally convert them to READERS and WRITERS categories.
----
implementation notes:
- new RC var called GL_WILDREPOS_PERM_CATS that is a space-sep list of
the allowed categories in a gl-perms file; defaults to "R RW" if not
specified
- wild_repo_rights no longer returns $c, $r, $wC, where $r = $user if
"R $user", $r = '@all' if "R @all", and similarly with $w and "RW".
Instead it returns $c and a new hash that effectively gives the same
info, but expanded to include any other valid categories (listed in
GL_WILDREPOS_PERM_CATS)
- consequently, the arguments that parse_acl takes also change the
same way
- (side note: R and RW are quietly converted to READERS and WRITERS;
however, new categories that you define yourself do not have
abbreviations)
- setperms validates perms to make sure only allowed categories are
used; however even if someone changed them behind the scenes,
wild_repo_rights will also check. This is necessary in case the
admin tightened up GL_WILDREPOS_PERM_CATS after someone had already
setperms-d his repos.
- as a bonus, we eliminate all the post-Dumper shenanigans, at least
for READERS and WRITERS. Those two now look, to the compile script,
just like any other usernames.
2010-11-06 06:16:17 +01:00
|
|
|
expect "READERS @devs"
|
|
|
|
|
expect "WRITERS @leads"
|
2010-08-21 06:26:11 +02:00
|
|
|
runlocal ssh u1 expand
|
|
|
|
|
expect R.*W.*u1.*bar/u1/try1
|
|
|
|
|
runlocal ssh u2 expand
|
|
|
|
|
expect R.*W.*u1.*bar/u1/try1
|
|
|
|
|
runlocal ssh u4 expand
|
|
|
|
|
notexpect R.*W.*u1.*bar/u1/try1
|
|
|
|
|
expect R.*u1.*bar/u1/try1
|
|
|
|
|
|
|
|
|
|
name "INTERNAL"
|
|
|
|
|
|
|
|
|
|
done
|