summaryrefslogtreecommitdiffstats
path: root/t/perm-roles.t
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-27 09:55:51 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-27 09:55:51 +0000
commit7685305e1f82212323ec32a321b1f5c623751b6c (patch)
treea1af617672e26aee4c1031a3aa83e8ff08f6a0a5 /t/perm-roles.t
parentInitial commit. (diff)
downloadgitolite3-7685305e1f82212323ec32a321b1f5c623751b6c.tar.xz
gitolite3-7685305e1f82212323ec32a321b1f5c623751b6c.zip
Adding upstream version 3.6.12.upstream/3.6.12upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 't/perm-roles.t')
-rwxr-xr-xt/perm-roles.t218
1 files changed, 218 insertions, 0 deletions
diff --git a/t/perm-roles.t b/t/perm-roles.t
new file mode 100755
index 0000000..c4d017f
--- /dev/null
+++ b/t/perm-roles.t
@@ -0,0 +1,218 @@
+#!/usr/bin/perl
+use strict;
+use warnings;
+
+# this is hardcoded; change it if needed
+use lib "src/lib";
+use Gitolite::Test;
+
+# permissions using role names
+# ----------------------------------------------------------------------
+
+try "plan 91";
+try "DEF POK = !/DENIED/; !/failed to push/";
+
+confreset; confadd '
+ @g1 = u1
+ @g2 = u2
+ @g3 = u3
+ @g4 = u4
+ repo foo/CREATOR/..*
+ C = @g1
+ RW+ = CREATOR
+ - refs/tags/ = WRITERS
+ RW = WRITERS
+ R = READERS
+ RW+D = MANAGERS
+ RW refs/tags/ = TESTERS
+';
+
+try "ADMIN_PUSH set1; !/FATAL/" or die text();
+
+try "
+
+cd ..
+
+# make foo/u1/u1r1
+rm -rf ~/td/u1r1
+glt clone u1 file:///foo/u1/u1r1
+ /Initialized empty Git repository in .*/foo/u1/u1r1.git//
+cd u1r1
+
+# CREATOR can push
+tc e-549 e-550
+glt push u1 file:///foo/u1/u1r1 master:master
+ POK; /master -> master/
+# CREATOR can create branch
+tc w-277 w-278
+glt push u1 file:///foo/u1/u1r1 master:b1
+ POK; /master -> b1/
+# CREATOR can rewind branch
+git reset --hard HEAD^
+tc d-987 d-988
+glt push u1 file:///foo/u1/u1r1 +master:b1
+ POK; /master -> b1 \\(forced update\\)/
+# CREATOR cannot delete branch
+glt push u1 file:///foo/u1/u1r1 :b1
+ /D refs/heads/b1 foo/u1/u1r1 u1 DENIED by fallthru/
+ reject
+
+# CREATOR can push a tag
+git tag t1 HEAD^^
+glt push u1 file:///foo/u1/u1r1 t1
+ POK; /\\[new tag\\] t1 -> t1/
+
+# add u2 to WRITERS
+echo WRITERS \@g2 | glt perms u1 -c foo/u1/u1r1
+glt perms u1 foo/u1/u1r1 -l
+ /WRITERS \@g2/
+
+glt fetch u1
+git reset --hard origin/master
+
+# WRITERS can push
+tc j-185 j-186
+glt push u2 file:///foo/u1/u1r1 master:master
+ POK; /master -> master/
+# WRITERS can create branch
+tc u-420 u-421
+glt push u2 file:///foo/u1/u1r1 master:b2
+ POK; /master -> b2/
+# WRITERS cannot rewind branch
+git reset --hard HEAD^
+tc l-136 l-137
+glt push u2 file:///foo/u1/u1r1 +master:b2
+ /\\+ refs/heads/b2 foo/u1/u1r1 u2 DENIED by fallthru/
+ reject
+# WRITERS cannot delete branch
+glt push u2 file:///foo/u1/u1r1 :b2
+ /D refs/heads/b2 foo/u1/u1r1 u2 DENIED by fallthru/
+ reject
+# WRITERS cannot push a tag
+git tag t2 HEAD^^
+glt push u2 file:///foo/u1/u1r1 t2
+ /W refs/tags/t2 foo/u1/u1r1 u2 DENIED by refs/tags//
+ reject
+
+# change u2 to READERS
+echo READERS u2 | glt perms u1 -c foo/u1/u1r1
+glt perms u1 foo/u1/u1r1 -l
+ /READERS u2/
+
+glt fetch u1
+git reset --hard origin/master
+
+# READERS cannot push at all
+tc v-753 v-754
+glt push u2 file:///foo/u1/u1r1 master:master
+ /W any foo/u1/u1r1 u2 DENIED by fallthru/
+
+# add invalid category MANAGERS
+ /usr/bin/printf 'READERS u6\\nMANAGERS u2\\n' | glt perms u1 -c foo/u1/u1r1
+ !ok
+ /Invalid role 'MANAGERS'/
+";
+
+# make MANAGERS valid
+put "$ENV{HOME}/g3trc", "\$rc{ROLES}{MANAGERS} = 1;\n";
+
+# add u2 to now valid MANAGERS
+try "
+ ENV G3T_RC=$ENV{HOME}/g3trc
+ gitolite compile; ok or die compile failed
+ /usr/bin/printf 'READERS u6\\nMANAGERS u2\\n' | glt perms u1 -c foo/u1/u1r1
+ ok; !/Invalid role 'MANAGERS'/
+ glt perms u1 foo/u1/u1r1 -l
+";
+
+cmp 'READERS u6
+MANAGERS u2
+';
+
+try "
+glt fetch u1
+git reset --hard origin/master
+
+# MANAGERS can push
+tc d-714 d-715
+glt push u2 file:///foo/u1/u1r1 master:master
+ POK; /master -> master/
+
+# MANAGERS can create branch
+tc n-614 n-615
+glt push u2 file:///foo/u1/u1r1 master:b3
+ POK; /master -> b3/
+# MANAGERS can rewind branch
+git reset --hard HEAD^
+tc a-511 a-512
+glt push u2 file:///foo/u1/u1r1 +master:b3
+ POK; /master -> b3 \\(forced update\\)/
+# MANAGERS cannot delete branch
+glt push u2 file:///foo/u1/u1r1 :b3
+ / - \\[deleted\\] b3/
+# MANAGERS can push a tag
+git tag t3 HEAD^^
+glt push u2 file:///foo/u1/u1r1 t3
+ POK; /\\[new tag\\] t3 -> t3/
+
+# add invalid category TESTERS
+echo TESTERS u2 | glt perms u1 -c foo/u1/u1r1
+ !ok
+ /Invalid role 'TESTERS'/
+";
+
+# make TESTERS valid
+put "|cat >> $ENV{HOME}/g3trc", "\$rc{ROLES}{TESTERS} = 1;\n";
+
+try "
+gitolite compile; ok or die compile failed
+# add u2 to now valid TESTERS
+echo TESTERS u2 | glt perms u1 -c foo/u1/u1r1
+ !/Invalid role 'TESTERS'/
+glt perms u1 foo/u1/u1r1 -l
+";
+
+cmp 'TESTERS u2
+';
+
+try "
+glt fetch u1
+git reset --hard origin/master
+
+# TESTERS cannot push
+tc d-134 d-135
+glt push u2 file:///foo/u1/u1r1 master:master
+ /W refs/heads/master foo/u1/u1r1 u2 DENIED by fallthru/
+ reject
+# TESTERS cannot create branch
+tc p-668 p-669
+glt push u2 file:///foo/u1/u1r1 master:b4
+ /W refs/heads/b4 foo/u1/u1r1 u2 DENIED by fallthru/
+ reject
+# TESTERS cannot delete branch
+glt push u2 file:///foo/u1/u1r1 :b2
+ /D refs/heads/b2 foo/u1/u1r1 u2 DENIED by fallthru/
+ reject
+# TESTERS can push a tag
+git tag t4 HEAD^^
+glt push u2 file:///foo/u1/u1r1 t4
+ POK; /\\[new tag\\] t4 -> t4/
+";
+
+# make TESTERS invalid again
+put "$ENV{HOME}/g3trc", "\$rc{ROLES}{MANAGERS} = 1;\n";
+
+try "
+gitolite compile; ok or die compile failed
+# CREATOR can push
+glt fetch u1
+git reset --hard origin/master
+tc y-626 y-627
+glt push u1 file:///foo/u1/u1r1 master:master
+ POK; /master -> master/
+# TESTERS is an invalid category
+git tag t5 HEAD^^
+glt push u2 file:///foo/u1/u1r1 t5
+ /role 'TESTERS' not allowed, ignoring/
+ /W any foo/u1/u1r1 u2 DENIED by fallthru/
+";