gitolite/t/deny-rules-2.t

#!/usr/bin/perl
use strict;
use warnings;

# this is hardcoded; change it if needed
use lib "src/lib";
use Gitolite::Test;

# more on deny-rules
# ----------------------------------------------------------------------

try "plan 126";

try "
    DEF GOOD    = /refs/\\.\\*/
    DEF BAD     = /DENIED/

    DEF Ryes    = gitolite access %1 %2 R any;  ok; GOOD
    DEF Rno     = gitolite access %1 %2 R any;  !ok; BAD

    DEF Wyes    = gitolite access %1 %2 W any;  ok; GOOD
    DEF Wno     = gitolite access %1 %2 W any;  !ok; BAD

    DEF GWyes   = Ryes %1 gitweb
    DEF GWno    = Rno  %1 gitweb

    DEF GDyes   = Ryes %1 daemon
    DEF GDno    = Rno  %1 daemon
";

confreset;confadd '
    repo one
        RW+ =   u1
        R   =   u2
        -   =   u2 u3
        R   =   @all
';

try "ADMIN_PUSH set1; !/FATAL/" or die text();

try "
    Wyes one u1

    Ryes one u2
    Wno  one u2

    Ryes one u3
    Wno  one u3

    Ryes one u6
    Wno  one u6

    GDyes one
    GWyes one
";

confadd '
    option deny-rules = 1
';

try "ADMIN_PUSH set1; !/FATAL/" or die text();

try "
    Wyes one u1

    Ryes one u2
    Wno  one u2

    Rno  one u3

    Ryes one u6
    Wno  one u6

    GDyes one
    GWyes one
";

confadd '
    repo two
        RW+ =   u1
        R   =   u2
        -   =   u2 u3 gitweb daemon
        R   =   @all
';

try "ADMIN_PUSH set1; !/FATAL/" or die text();

try "
    GWyes two
    GDyes two
";

confadd '
    option deny-rules = 1
';

try "ADMIN_PUSH set1; !/FATAL/" or die text();

try "
    GWno  two
    GDno  two
";

# set 3 -- allow gitweb to all but admin repo

confadd '
    repo gitolite-admin
        -   =   gitweb daemon
    option deny-rules = 1

    repo three
        RW+ =   u3
        R   =   gitweb daemon
';

try "ADMIN_PUSH set1; !/FATAL/" or die text();

try "
    GDyes   three
    GWyes   three
    GDno    gitolite-admin
    GWno    gitolite-admin
";

# set 4 -- allow gitweb to all but admin repo

confadd '
    repo four
        RW+ =   u4
        -   =   gitweb daemon

    repo @all
        R   =   @all
';
try "ADMIN_PUSH set1; !/FATAL/" or die text();

try "
    GDyes   four
    GWyes   four
    GDno    gitolite-admin
    GWno    gitolite-admin
";

# set 5 -- go wild

confreset; confadd '
    repo foo/..*
        C   =   u1
        RW+ =   CREATOR
        -   =   gitweb daemon
        R   =   @all

    repo bar/..*
        C   =   u2
        RW+ =   CREATOR
        -   =   gitweb daemon
        R   =   @all
    option deny-rules = 1
';
try "ADMIN_PUSH set1; !/FATAL/" or die text();

try "
    glt ls-remote u1 file:///foo/one
    glt ls-remote u2 file:///bar/two
    Wyes foo/one u1
    Wyes bar/two u2

    GDyes foo/one
    GDyes foo/one
    GWno  bar/two
    GWno  bar/two
";
"deny-rules" (used to be called "deny-repo" in g2) 2012-03-19 10:20:48 +01:00			`#!/usr/bin/perl`
			`use strict;`
			`use warnings;`

			`# this is hardcoded; change it if needed`
supporting DOS and fake Unix... I was very, very, tempted to say "sorry; not supported". Sadly, prudence won over juvenile glee... PS: DOS == dominant operating system 2012-04-06 16:59:05 +02:00			`use lib "src/lib";`
"deny-rules" (used to be called "deny-repo" in g2) 2012-03-19 10:20:48 +01:00			`use Gitolite::Test;`

			`# more on deny-rules`
			`# ----------------------------------------------------------------------`

			`try "plan 126";`

			`try "`
			`DEF GOOD = /refs/\\.\\*/`
			`DEF BAD = /DENIED/`

			`DEF Ryes = gitolite access %1 %2 R any; ok; GOOD`
			`DEF Rno = gitolite access %1 %2 R any; !ok; BAD`

			`DEF Wyes = gitolite access %1 %2 W any; ok; GOOD`
			`DEF Wno = gitolite access %1 %2 W any; !ok; BAD`

			`DEF GWyes = Ryes %1 gitweb`
			`DEF GWno = Rno %1 gitweb`

			`DEF GDyes = Ryes %1 daemon`
			`DEF GDno = Rno %1 daemon`
			`";`

			`confreset;confadd '`
			`repo one`
			`RW+ = u1`
			`R = u2`
			`- = u2 u3`
			`R = @all`
			`';`

			`try "ADMIN_PUSH set1; !/FATAL/" or die text();`

			`try "`
			`Wyes one u1`

			`Ryes one u2`
			`Wno one u2`

			`Ryes one u3`
			`Wno one u3`

			`Ryes one u6`
			`Wno one u6`

			`GDyes one`
			`GWyes one`
			`";`

			`confadd '`
			`option deny-rules = 1`
			`';`

			`try "ADMIN_PUSH set1; !/FATAL/" or die text();`

			`try "`
			`Wyes one u1`

			`Ryes one u2`
			`Wno one u2`

			`Rno one u3`

			`Ryes one u6`
			`Wno one u6`

			`GDyes one`
			`GWyes one`
			`";`

			`confadd '`
			`repo two`
			`RW+ = u1`
			`R = u2`
			`- = u2 u3 gitweb daemon`
			`R = @all`
			`';`

			`try "ADMIN_PUSH set1; !/FATAL/" or die text();`

			`try "`
			`GWyes two`
			`GDyes two`
			`";`

			`confadd '`
			`option deny-rules = 1`
			`';`

			`try "ADMIN_PUSH set1; !/FATAL/" or die text();`

			`try "`
			`GWno two`
			`GDno two`
			`";`

			`# set 3 -- allow gitweb to all but admin repo`

			`confadd '`
			`repo gitolite-admin`
			`- = gitweb daemon`
			`option deny-rules = 1`

			`repo three`
			`RW+ = u3`
			`R = gitweb daemon`
			`';`

			`try "ADMIN_PUSH set1; !/FATAL/" or die text();`

			`try "`
			`GDyes three`
			`GWyes three`
			`GDno gitolite-admin`
			`GWno gitolite-admin`
			`";`

			`# set 4 -- allow gitweb to all but admin repo`

			`confadd '`
			`repo four`
			`RW+ = u4`
			`- = gitweb daemon`

			`repo @all`
			`R = @all`
			`';`
			`try "ADMIN_PUSH set1; !/FATAL/" or die text();`

			`try "`
			`GDyes four`
			`GWyes four`
			`GDno gitolite-admin`
			`GWno gitolite-admin`
			`";`

			`# set 5 -- go wild`

			`confreset; confadd '`
			`repo foo/..*`
			`C = u1`
			`RW+ = CREATOR`
			`- = gitweb daemon`
			`R = @all`

			`repo bar/..*`
			`C = u2`
			`RW+ = CREATOR`
			`- = gitweb daemon`
			`R = @all`
			`option deny-rules = 1`
			`';`
			`try "ADMIN_PUSH set1; !/FATAL/" or die text();`

			`try "`
			`glt ls-remote u1 file:///foo/one`
			`glt ls-remote u2 file:///bar/two`
			`Wyes foo/one u1`
			`Wyes bar/two u2`

			`GDyes foo/one`
			`GDyes foo/one`
			`GWno bar/two`
			`GWno bar/two`
			`";`