2010-08-20 17:25:23 +02:00
|
|
|
# vim: syn=sh:
|
|
|
|
|
for bc in 0 1
|
|
|
|
|
do
|
2010-08-24 13:47:41 +02:00
|
|
|
for ais in 0 1
|
|
|
|
|
do
|
|
|
|
|
cd $TESTDIR
|
|
|
|
|
$TESTDIR/rollback || die "rollback failed"
|
|
|
|
|
editrc GL_WILDREPOS 1
|
|
|
|
|
editrc GL_BIG_CONFIG $bc
|
|
|
|
|
echo "\$GL_ALL_INCLUDES_SPECIAL = $ais;" | addrc
|
|
|
|
|
|
|
|
|
|
name "INTERNAL"
|
|
|
|
|
echo "
|
|
|
|
|
@leads = u1 u2
|
|
|
|
|
@devs = u1 u2 u3 u4
|
|
|
|
|
|
|
|
|
|
@gbar = bar/CREATOR/..*
|
|
|
|
|
repo @gbar
|
|
|
|
|
C = @leads
|
|
|
|
|
RW+ = @leads
|
|
|
|
|
RW = WRITERS @devs
|
|
|
|
|
R = READERS
|
|
|
|
|
" | ugc
|
|
|
|
|
name "nothing set yet"
|
|
|
|
|
expect_push_ok "master -> master"
|
|
|
|
|
|
|
|
|
|
runlocal git ls-remote u1:bar/u1/try1
|
|
|
|
|
runremote ls -al repositories/bar/u1/try1.git/git-daemon-export-ok
|
|
|
|
|
expect "ls: cannot access repositories/bar/u1/try1.git/git-daemon-export-ok: No such file or directory"
|
|
|
|
|
runremote ls -al projects.list
|
|
|
|
|
[ "$ais" = "0" ] && expect "gitolite-test gitolite-test 0 .* projects.list"
|
|
|
|
|
[ "$ais" = "1" ] && expect "gitolite-test gitolite-test 12 .* projects.list"
|
|
|
|
|
runremote cat projects.list
|
|
|
|
|
notexpect "bar/u1/try1.git"
|
|
|
|
|
|
|
|
|
|
runlocal git ls-remote u1:bar/u1/try2
|
|
|
|
|
runremote ls -al repositories/bar/u1/try2.git/git-daemon-export-ok
|
|
|
|
|
expect "ls: cannot access repositories/bar/u1/try2.git/git-daemon-export-ok: No such file or directory"
|
|
|
|
|
runremote ls -al projects.list
|
|
|
|
|
[ "$ais" = "0" ] && expect "gitolite-test gitolite-test 0 .* projects.list"
|
|
|
|
|
[ "$ais" = "1" ] && expect "gitolite-test gitolite-test 12 .* projects.list"
|
|
|
|
|
runremote cat projects.list
|
|
|
|
|
notexpect "bar/u1/try2.git"
|
|
|
|
|
|
|
|
|
|
name "add daemon access to try1"
|
|
|
|
|
echo R daemon | runlocal ssh u1 setperms bar/u1/try1
|
custom perm categories in setperms (WARNING: PLEASE READ FULL COMMIT MESSAGE)
THE COMPILED CONFIG FILE FORMAT CHANGES WITH THIS VERSION. PLEASE DO
NOT MIX VERSIONS OR DOWNGRADE. Upgrading using normal gitolite upgrade
means should be fine, though.
Originally, we only allowed "R" and "RW" as categories of users supplied
to the `setperms` command. These map respectively to "READERS" and
"WRITERS" in the access rules.
Now:
- we prefer READERS instead of R and WRITERS instead of RW
- we allow the admin to define other categories as she wishes
(example: MANAGERS, TESTERS, etc). These do not have abbreviations,
however, so they must be supplied in full.
PLEASE, *PLEASE*, read the section in doc/wildcard-repositories.mkd for
more info. This is a VERY powerful feature and if you're not careful
you could mess up the ACLs nicely.
Backward compat note: you can continue to use the "R" and "RW"
categories when running the "setperms" command, and gitolite will
internally convert them to READERS and WRITERS categories.
----
implementation notes:
- new RC var called GL_WILDREPOS_PERM_CATS that is a space-sep list of
the allowed categories in a gl-perms file; defaults to "R RW" if not
specified
- wild_repo_rights no longer returns $c, $r, $wC, where $r = $user if
"R $user", $r = '@all' if "R @all", and similarly with $w and "RW".
Instead it returns $c and a new hash that effectively gives the same
info, but expanded to include any other valid categories (listed in
GL_WILDREPOS_PERM_CATS)
- consequently, the arguments that parse_acl takes also change the
same way
- (side note: R and RW are quietly converted to READERS and WRITERS;
however, new categories that you define yourself do not have
abbreviations)
- setperms validates perms to make sure only allowed categories are
used; however even if someone changed them behind the scenes,
wild_repo_rights will also check. This is necessary in case the
admin tightened up GL_WILDREPOS_PERM_CATS after someone had already
setperms-d his repos.
- as a bonus, we eliminate all the post-Dumper shenanigans, at least
for READERS and WRITERS. Those two now look, to the compile script,
just like any other usernames.
2010-11-06 06:16:17 +01:00
|
|
|
expect "READERS daemon"
|
2010-08-24 13:47:41 +02:00
|
|
|
|
|
|
|
|
runremote ls -al repositories/bar/u1/try1.git/git-daemon-export-ok
|
|
|
|
|
expect "gitolite-test gitolite-test .* repositories/bar/u1/try1.git/git-daemon-export-ok"
|
|
|
|
|
runremote ls -al projects.list
|
|
|
|
|
[ "$ais" = "0" ] && expect "gitolite-test gitolite-test 0 .* projects.list"
|
|
|
|
|
[ "$ais" = "1" ] && expect "gitolite-test gitolite-test 12 .* projects.list"
|
|
|
|
|
runremote cat projects.list
|
|
|
|
|
notexpect "bar/u1/try1.git"
|
|
|
|
|
|
|
|
|
|
name "add gitweb access to try2"
|
|
|
|
|
echo R gitweb | runlocal ssh u1 setperms bar/u1/try2
|
custom perm categories in setperms (WARNING: PLEASE READ FULL COMMIT MESSAGE)
THE COMPILED CONFIG FILE FORMAT CHANGES WITH THIS VERSION. PLEASE DO
NOT MIX VERSIONS OR DOWNGRADE. Upgrading using normal gitolite upgrade
means should be fine, though.
Originally, we only allowed "R" and "RW" as categories of users supplied
to the `setperms` command. These map respectively to "READERS" and
"WRITERS" in the access rules.
Now:
- we prefer READERS instead of R and WRITERS instead of RW
- we allow the admin to define other categories as she wishes
(example: MANAGERS, TESTERS, etc). These do not have abbreviations,
however, so they must be supplied in full.
PLEASE, *PLEASE*, read the section in doc/wildcard-repositories.mkd for
more info. This is a VERY powerful feature and if you're not careful
you could mess up the ACLs nicely.
Backward compat note: you can continue to use the "R" and "RW"
categories when running the "setperms" command, and gitolite will
internally convert them to READERS and WRITERS categories.
----
implementation notes:
- new RC var called GL_WILDREPOS_PERM_CATS that is a space-sep list of
the allowed categories in a gl-perms file; defaults to "R RW" if not
specified
- wild_repo_rights no longer returns $c, $r, $wC, where $r = $user if
"R $user", $r = '@all' if "R @all", and similarly with $w and "RW".
Instead it returns $c and a new hash that effectively gives the same
info, but expanded to include any other valid categories (listed in
GL_WILDREPOS_PERM_CATS)
- consequently, the arguments that parse_acl takes also change the
same way
- (side note: R and RW are quietly converted to READERS and WRITERS;
however, new categories that you define yourself do not have
abbreviations)
- setperms validates perms to make sure only allowed categories are
used; however even if someone changed them behind the scenes,
wild_repo_rights will also check. This is necessary in case the
admin tightened up GL_WILDREPOS_PERM_CATS after someone had already
setperms-d his repos.
- as a bonus, we eliminate all the post-Dumper shenanigans, at least
for READERS and WRITERS. Those two now look, to the compile script,
just like any other usernames.
2010-11-06 06:16:17 +01:00
|
|
|
expect "READERS gitweb"
|
2010-08-24 13:47:41 +02:00
|
|
|
|
|
|
|
|
runremote ls -al repositories/bar/u1/try2.git/git-daemon-export-ok
|
|
|
|
|
expect "ls: cannot access repositories/bar/u1/try2.git/git-daemon-export-ok: No such file or directory"
|
|
|
|
|
runremote ls -al projects.list
|
|
|
|
|
[ "$ais" = "0" ] && expect "gitolite-test gitolite-test 16 .* projects.list"
|
|
|
|
|
[ "$ais" = "1" ] && expect "gitolite-test gitolite-test 28 .* projects.list"
|
|
|
|
|
runremote cat projects.list
|
|
|
|
|
expect "bar/u1/try2.git"
|
|
|
|
|
|
|
|
|
|
echo "\$GL_WILDREPOS_DEFPERMS = 'R daemon';" | addrc
|
|
|
|
|
|
|
|
|
|
name "add default daemon access"
|
|
|
|
|
runlocal git ls-remote u1:bar/u1/try3
|
|
|
|
|
runremote ls -al repositories/bar/u1/try3.git/git-daemon-export-ok
|
|
|
|
|
expect "gitolite-test gitolite-test .* repositories/bar/u1/try3.git/git-daemon-export-ok"
|
|
|
|
|
runremote ls -al projects.list
|
|
|
|
|
[ "$ais" = "0" ] && expect "gitolite-test gitolite-test 16 .* projects.list"
|
|
|
|
|
[ "$ais" = "1" ] && expect "gitolite-test gitolite-test 28 .* projects.list"
|
|
|
|
|
runremote cat projects.list
|
|
|
|
|
notexpect "bar/u1/try3.git"
|
|
|
|
|
|
|
|
|
|
name "add default gitweb access"
|
|
|
|
|
echo "\$GL_WILDREPOS_DEFPERMS = 'R gitweb';" | addrc
|
|
|
|
|
|
|
|
|
|
runlocal git ls-remote u1:bar/u1/try4
|
|
|
|
|
runremote ls -al repositories/bar/u1/try4.git/git-daemon-export-ok
|
|
|
|
|
expect "ls: cannot access repositories/bar/u1/try4.git/git-daemon-export-ok: No such file or directory"
|
|
|
|
|
runremote ls -al projects.list
|
|
|
|
|
[ "$ais" = "0" ] && expect "gitolite-test gitolite-test 32 .* projects.list"
|
|
|
|
|
[ "$ais" = "1" ] && expect "gitolite-test gitolite-test 44 .* projects.list"
|
|
|
|
|
runremote cat projects.list
|
|
|
|
|
expect "bar/u1/try4.git"
|
|
|
|
|
|
|
|
|
|
name "add default both access"
|
|
|
|
|
echo "\$GL_WILDREPOS_DEFPERMS = 'R daemon gitweb';" | addrc
|
|
|
|
|
|
|
|
|
|
runlocal git ls-remote u1:bar/u1/try5
|
|
|
|
|
runremote ls -al repositories/bar/u1/try5.git/git-daemon-export-ok
|
|
|
|
|
expect "gitolite-test gitolite-test .* repositories/bar/u1/try5.git/git-daemon-export-ok"
|
|
|
|
|
runremote ls -al projects.list
|
|
|
|
|
[ "$ais" = "0" ] && expect "gitolite-test gitolite-test 48 .* projects.list"
|
|
|
|
|
[ "$ais" = "1" ] && expect "gitolite-test gitolite-test 60 .* projects.list"
|
|
|
|
|
runremote cat projects.list
|
|
|
|
|
expect "bar/u1/try5.git"
|
|
|
|
|
|
|
|
|
|
name "add default both access with @all also"
|
|
|
|
|
echo "\$GL_WILDREPOS_DEFPERMS = 'R @all daemon gitweb';" | addrc
|
|
|
|
|
|
|
|
|
|
runlocal git ls-remote u1:bar/u1/try6
|
|
|
|
|
runremote ls -al repositories/bar/u1/try6.git/git-daemon-export-ok
|
|
|
|
|
expect "gitolite-test gitolite-test .* repositories/bar/u1/try6.git/git-daemon-export-ok"
|
|
|
|
|
runremote ls -al projects.list
|
|
|
|
|
[ "$ais" = "0" ] && expect "gitolite-test gitolite-test 64 .* projects.list"
|
|
|
|
|
[ "$ais" = "1" ] && expect "gitolite-test gitolite-test 76 .* projects.list"
|
|
|
|
|
runremote cat projects.list
|
|
|
|
|
expect "bar/u1/try6.git"
|
|
|
|
|
|
|
|
|
|
name "remove all from u6"
|
|
|
|
|
< /dev/null runlocal ssh u1 setperms bar/u1/try6
|
|
|
|
|
|
|
|
|
|
runlocal git ls-remote u1:bar/u1/try6
|
|
|
|
|
runremote ls -al repositories/bar/u1/try6.git/git-daemon-export-ok
|
|
|
|
|
expect "ls: cannot access repositories/bar/u1/try6.git/git-daemon-export-ok: No such file or directory"
|
|
|
|
|
runremote ls -al projects.list
|
|
|
|
|
[ "$ais" = "0" ] && expect "gitolite-test gitolite-test 48 .* projects.list"
|
|
|
|
|
[ "$ais" = "1" ] && expect "gitolite-test gitolite-test 60 .* projects.list"
|
|
|
|
|
runremote cat projects.list
|
|
|
|
|
notexpect "bar/u1/try6.git"
|
|
|
|
|
|
|
|
|
|
name "set default access to @all only"
|
|
|
|
|
echo "\$GL_WILDREPOS_DEFPERMS = 'R @all';" | addrc
|
|
|
|
|
|
|
|
|
|
runlocal git ls-remote u1:bar/u1/try7
|
|
|
|
|
runremote ls -al repositories/bar/u1/try7.git/git-daemon-export-ok
|
|
|
|
|
[ "$ais" = "0" ] && expect "ls: cannot access repositories/bar/u1/try7.git/git-daemon-export-ok: No such file or directory"
|
|
|
|
|
[ "$ais" = "1" ] && expect "gitolite-test gitolite-test .* repositories/bar/u1/try7.git/git-daemon-export-ok"
|
|
|
|
|
runremote ls -al projects.list
|
|
|
|
|
[ "$ais" = "0" ] && expect "gitolite-test gitolite-test 48 .* projects.list"
|
|
|
|
|
[ "$ais" = "1" ] && expect "gitolite-test gitolite-test 76 .* projects.list"
|
|
|
|
|
runremote cat projects.list
|
|
|
|
|
[ "$ais" = "0" ] && notexpect "bar/u1/try7.git"
|
|
|
|
|
[ "$ais" = "1" ] && expect "bar/u1/try7.git"
|
|
|
|
|
|
|
|
|
|
name "set default access to daemon only"
|
|
|
|
|
echo "\$GL_WILDREPOS_DEFPERMS = 'R daemon';" | addrc
|
|
|
|
|
|
|
|
|
|
runlocal git ls-remote u1:bar/u1/try8
|
|
|
|
|
runremote ls -al repositories/bar/u1/try8.git/git-daemon-export-ok
|
|
|
|
|
expect "gitolite-test gitolite-test .* repositories/bar/u1/try8.git/git-daemon-export-ok"
|
|
|
|
|
runremote ls -al projects.list
|
|
|
|
|
[ "$ais" = "0" ] && expect "gitolite-test gitolite-test 48 .* projects.list"
|
|
|
|
|
[ "$ais" = "1" ] && expect "gitolite-test gitolite-test 76 .* projects.list"
|
|
|
|
|
runremote cat projects.list
|
|
|
|
|
notexpect "bar/u1/try8.git"
|
|
|
|
|
|
|
|
|
|
name "set default access to gitweb only"
|
|
|
|
|
echo "\$GL_WILDREPOS_DEFPERMS = 'R gitweb';" | addrc
|
|
|
|
|
|
|
|
|
|
runlocal git ls-remote u1:bar/u1/try9
|
|
|
|
|
runremote ls -al repositories/bar/u1/try9.git/git-daemon-export-ok
|
|
|
|
|
expect "ls: cannot access repositories/bar/u1/try9.git/git-daemon-export-ok: No such file or directory"
|
|
|
|
|
runremote ls -al projects.list
|
|
|
|
|
[ "$ais" = "0" ] && expect "gitolite-test gitolite-test 64 .* projects.list"
|
|
|
|
|
[ "$ais" = "1" ] && expect "gitolite-test gitolite-test 92 .* projects.list"
|
|
|
|
|
runremote cat projects.list
|
|
|
|
|
expect "bar/u1/try9.git"
|
|
|
|
|
|
|
|
|
|
name "INTERNAL"
|
|
|
|
|
|
|
|
|
|
done
|
2010-08-20 17:25:23 +02:00
|
|
|
done
|