173 lines
2.7 KiB
Perl
Executable File
173 lines
2.7 KiB
Perl
Executable File
#!/usr/bin/perl
|
|
use strict;
|
|
use warnings;
|
|
|
|
# this is hardcoded; change it if needed
|
|
use lib "src/lib";
|
|
use Gitolite::Test;
|
|
|
|
# more on deny-rules
|
|
# ----------------------------------------------------------------------
|
|
|
|
try "plan 126";
|
|
|
|
try "
|
|
DEF GOOD = /refs/\\.\\*/
|
|
DEF BAD = /DENIED/
|
|
|
|
DEF Ryes = gitolite access %1 %2 R any; ok; GOOD
|
|
DEF Rno = gitolite access %1 %2 R any; !ok; BAD
|
|
|
|
DEF Wyes = gitolite access %1 %2 W any; ok; GOOD
|
|
DEF Wno = gitolite access %1 %2 W any; !ok; BAD
|
|
|
|
DEF GWyes = Ryes %1 gitweb
|
|
DEF GWno = Rno %1 gitweb
|
|
|
|
DEF GDyes = Ryes %1 daemon
|
|
DEF GDno = Rno %1 daemon
|
|
";
|
|
|
|
confreset;confadd '
|
|
repo one
|
|
RW+ = u1
|
|
R = u2
|
|
- = u2 u3
|
|
R = @all
|
|
';
|
|
|
|
try "ADMIN_PUSH set1; !/FATAL/" or die text();
|
|
|
|
try "
|
|
Wyes one u1
|
|
|
|
Ryes one u2
|
|
Wno one u2
|
|
|
|
Ryes one u3
|
|
Wno one u3
|
|
|
|
Ryes one u6
|
|
Wno one u6
|
|
|
|
GDyes one
|
|
GWyes one
|
|
";
|
|
|
|
confadd '
|
|
option deny-rules = 1
|
|
';
|
|
|
|
try "ADMIN_PUSH set1; !/FATAL/" or die text();
|
|
|
|
try "
|
|
Wyes one u1
|
|
|
|
Ryes one u2
|
|
Wno one u2
|
|
|
|
Rno one u3
|
|
|
|
Ryes one u6
|
|
Wno one u6
|
|
|
|
GDyes one
|
|
GWyes one
|
|
";
|
|
|
|
confadd '
|
|
repo two
|
|
RW+ = u1
|
|
R = u2
|
|
- = u2 u3 gitweb daemon
|
|
R = @all
|
|
';
|
|
|
|
try "ADMIN_PUSH set1; !/FATAL/" or die text();
|
|
|
|
try "
|
|
GWyes two
|
|
GDyes two
|
|
";
|
|
|
|
confadd '
|
|
option deny-rules = 1
|
|
';
|
|
|
|
try "ADMIN_PUSH set1; !/FATAL/" or die text();
|
|
|
|
try "
|
|
GWno two
|
|
GDno two
|
|
";
|
|
|
|
# set 3 -- allow gitweb to all but admin repo
|
|
|
|
confadd '
|
|
repo gitolite-admin
|
|
- = gitweb daemon
|
|
option deny-rules = 1
|
|
|
|
repo three
|
|
RW+ = u3
|
|
R = gitweb daemon
|
|
';
|
|
|
|
try "ADMIN_PUSH set1; !/FATAL/" or die text();
|
|
|
|
try "
|
|
GDyes three
|
|
GWyes three
|
|
GDno gitolite-admin
|
|
GWno gitolite-admin
|
|
";
|
|
|
|
# set 4 -- allow gitweb to all but admin repo
|
|
|
|
confadd '
|
|
repo four
|
|
RW+ = u4
|
|
- = gitweb daemon
|
|
|
|
repo @all
|
|
R = @all
|
|
';
|
|
try "ADMIN_PUSH set1; !/FATAL/" or die text();
|
|
|
|
try "
|
|
GDyes four
|
|
GWyes four
|
|
GDno gitolite-admin
|
|
GWno gitolite-admin
|
|
";
|
|
|
|
# set 5 -- go wild
|
|
|
|
confreset; confadd '
|
|
repo foo/..*
|
|
C = u1
|
|
RW+ = CREATOR
|
|
- = gitweb daemon
|
|
R = @all
|
|
|
|
repo bar/..*
|
|
C = u2
|
|
RW+ = CREATOR
|
|
- = gitweb daemon
|
|
R = @all
|
|
option deny-rules = 1
|
|
';
|
|
try "ADMIN_PUSH set1; !/FATAL/" or die text();
|
|
|
|
try "
|
|
glt ls-remote u1 file:///foo/one
|
|
glt ls-remote u2 file:///bar/two
|
|
Wyes foo/one u1
|
|
Wyes bar/two u2
|
|
|
|
GDyes foo/one
|
|
GDyes foo/one
|
|
GWno bar/two
|
|
GWno bar/two
|
|
";
|