perm-roles.t

This commit is contained in:
Sitaram Chamarty 2012-03-20 12:21:24 +05:30
parent 34cfdb4355
commit 1de773ab8e

218
t/perm-roles.t Executable file
View file

@ -0,0 +1,218 @@
#!/usr/bin/perl
use strict;
use warnings;
# this is hardcoded; change it if needed
use lib "src";
use Gitolite::Test;
# permissions using role names
# ----------------------------------------------------------------------
try "plan 91";
try "DEF POK = !/DENIED/; !/failed to push/";
confreset; confadd '
@g1 = u1
@g2 = u2
@g3 = u3
@g4 = u4
repo foo/CREATOR/..*
C = @g1
RW+ = CREATOR
- refs/tags/ = WRITERS
RW = WRITERS
R = READERS
RW+D = MANAGERS
RW refs/tags/ = TESTERS
';
try "ADMIN_PUSH set1; !/FATAL/" or die text();
try "
cd ..
# make foo/u1/u1r1
rm -rf ~/td/u1r1
glt clone u1 file:///foo/u1/u1r1
/Initialized empty Git repository in .*/foo/u1/u1r1.git//
cd u1r1
# CREATOR can push
tc e-549 e-550
glt push u1 file:///foo/u1/u1r1 master:master
POK; /master -> master/
# CREATOR can create branch
tc w-277 w-278
glt push u1 file:///foo/u1/u1r1 master:b1
POK; /master -> b1/
# CREATOR can rewind branch
git reset --hard HEAD^
tc d-987 d-988
glt push u1 file:///foo/u1/u1r1 +master:b1
POK; /master -> b1 \\(forced update\\)/
# CREATOR cannot delete branch
glt push u1 file:///foo/u1/u1r1 :b1
/D refs/heads/b1 foo/u1/u1r1 u1 DENIED by fallthru/
reject
# CREATOR can push a tag
git tag t1 HEAD^^
glt push u1 file:///foo/u1/u1r1 t1
POK; /\\[new tag\\] t1 -> t1/
# add u2 to WRITERS
echo WRITERS \@g2 | glt perms u1 foo/u1/u1r1
glt perms u1 -l foo/u1/u1r1
/WRITERS \@g2/
glt fetch u1
git reset --hard origin/master
# WRITERS can push
tc j-185 j-186
glt push u2 file:///foo/u1/u1r1 master:master
POK; /master -> master/
# WRITERS can create branch
tc u-420 u-421
glt push u2 file:///foo/u1/u1r1 master:b2
POK; /master -> b2/
# WRITERS cannot rewind branch
git reset --hard HEAD^
tc l-136 l-137
glt push u2 file:///foo/u1/u1r1 +master:b2
/\\+ refs/heads/b2 foo/u1/u1r1 u2 DENIED by fallthru/
reject
# WRITERS cannot delete branch
glt push u2 file:///foo/u1/u1r1 :b2
/D refs/heads/b2 foo/u1/u1r1 u2 DENIED by fallthru/
reject
# WRITERS cannot push a tag
git tag t2 HEAD^^
glt push u2 file:///foo/u1/u1r1 t2
/W refs/tags/t2 foo/u1/u1r1 u2 DENIED by refs/tags//
reject
# change u2 to READERS
echo READERS u2 | glt perms u1 foo/u1/u1r1
glt perms u1 -l foo/u1/u1r1
/READERS u2/
glt fetch u1
git reset --hard origin/master
# READERS cannot push at all
tc v-753 v-754
glt push u2 file:///foo/u1/u1r1 master:master
/W any foo/u1/u1r1 u2 DENIED by fallthru/
# add invalid category MANAGERS
/usr/bin/printf 'READERS u6\\nMANAGERS u2\\n' | glt perms u1 foo/u1/u1r1
!ok
/Invalid role 'MANAGERS'/
";
# make MANAGERS valid
put "$ENV{HOME}/g3trc", "\$rc{ROLES}{MANAGERS} = 1;\n";
# add u2 to now valid MANAGERS
try "
ENV G3T_RC=$ENV{HOME}/g3trc
gitolite compile; ok or die compile failed
/usr/bin/printf 'READERS u6\\nMANAGERS u2\\n' | glt perms u1 foo/u1/u1r1
ok; !/Invalid role 'MANAGERS'/
glt perms u1 -l foo/u1/u1r1
";
cmp 'READERS u6
MANAGERS u2
';
try "
glt fetch u1
git reset --hard origin/master
# MANAGERS can push
tc d-714 d-715
glt push u2 file:///foo/u1/u1r1 master:master
POK; /master -> master/
# MANAGERS can create branch
tc n-614 n-615
glt push u2 file:///foo/u1/u1r1 master:b3
POK; /master -> b3/
# MANAGERS can rewind branch
git reset --hard HEAD^
tc a-511 a-512
glt push u2 file:///foo/u1/u1r1 +master:b3
POK; /master -> b3 \\(forced update\\)/
# MANAGERS cannot delete branch
glt push u2 file:///foo/u1/u1r1 :b3
/ - \\[deleted\\] b3/
# MANAGERS can push a tag
git tag t3 HEAD^^
glt push u2 file:///foo/u1/u1r1 t3
POK; /\\[new tag\\] t3 -> t3/
# add invalid category TESTERS
echo TESTERS u2 | glt perms u1 foo/u1/u1r1
!ok
/Invalid role 'TESTERS'/
";
# make TESTERS valid
put "|cat >> $ENV{HOME}/g3trc", "\$rc{ROLES}{TESTERS} = 1;\n";
try "
gitolite compile; ok or die compile failed
# add u2 to now valid TESTERS
echo TESTERS u2 | glt perms u1 foo/u1/u1r1
!/Invalid role 'TESTERS'/
glt perms u1 -l foo/u1/u1r1
";
cmp 'TESTERS u2
';
try "
glt fetch u1
git reset --hard origin/master
# TESTERS cannot push
tc d-134 d-135
glt push u2 file:///foo/u1/u1r1 master:master
/W refs/heads/master foo/u1/u1r1 u2 DENIED by fallthru/
reject
# TESTERS cannot create branch
tc p-668 p-669
glt push u2 file:///foo/u1/u1r1 master:b4
/W refs/heads/b4 foo/u1/u1r1 u2 DENIED by fallthru/
reject
# TESTERS cannot delete branch
glt push u2 file:///foo/u1/u1r1 :b2
/D refs/heads/b2 foo/u1/u1r1 u2 DENIED by fallthru/
reject
# TESTERS can push a tag
git tag t4 HEAD^^
glt push u2 file:///foo/u1/u1r1 t4
POK; /\\[new tag\\] t4 -> t4/
";
# make TESTERS invalid again
put "$ENV{HOME}/g3trc", "\$rc{ROLES}{MANAGERS} = 1;\n";
try "
gitolite compile; ok or die compile failed
# CREATOR can push
glt fetch u1
git reset --hard origin/master
tc y-626 y-627
glt push u1 file:///foo/u1/u1r1 master:master
POK; /master -> master/
# TESTERS is an invalid category
git tag t5 HEAD^^
glt push u2 file:///foo/u1/u1r1 t5
/role 'TESTERS' not allowed, ignoring/
/W any foo/u1/u1r1 u2 DENIED by fallthru/
";