summaryrefslogtreecommitdiffstats
path: root/t/deny-rules-2.t
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 14:17:27 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 14:17:27 +0000
commitaae1a14ea756102251351d96e2567b4986d30e2b (patch)
treea1af617672e26aee4c1031a3aa83e8ff08f6a0a5 /t/deny-rules-2.t
parentInitial commit. (diff)
downloadgitolite3-upstream.tar.xz
gitolite3-upstream.zip
Adding upstream version 3.6.12.upstream/3.6.12upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rwxr-xr-xt/deny-rules-2.t172
1 files changed, 172 insertions, 0 deletions
diff --git a/t/deny-rules-2.t b/t/deny-rules-2.t
new file mode 100755
index 0000000..0ca15fe
--- /dev/null
+++ b/t/deny-rules-2.t
@@ -0,0 +1,172 @@
+#!/usr/bin/perl
+use strict;
+use warnings;
+
+# this is hardcoded; change it if needed
+use lib "src/lib";
+use Gitolite::Test;
+
+# more on deny-rules
+# ----------------------------------------------------------------------
+
+try "plan 126";
+
+try "
+ DEF GOOD = /refs/\\.\\*/
+ DEF BAD = /DENIED/
+
+ DEF Ryes = gitolite access %1 %2 R any; ok; GOOD
+ DEF Rno = gitolite access %1 %2 R any; !ok; BAD
+
+ DEF Wyes = gitolite access %1 %2 W any; ok; GOOD
+ DEF Wno = gitolite access %1 %2 W any; !ok; BAD
+
+ DEF GWyes = Ryes %1 gitweb
+ DEF GWno = Rno %1 gitweb
+
+ DEF GDyes = Ryes %1 daemon
+ DEF GDno = Rno %1 daemon
+";
+
+confreset;confadd '
+ repo one
+ RW+ = u1
+ R = u2
+ - = u2 u3
+ R = @all
+';
+
+try "ADMIN_PUSH set1; !/FATAL/" or die text();
+
+try "
+ Wyes one u1
+
+ Ryes one u2
+ Wno one u2
+
+ Ryes one u3
+ Wno one u3
+
+ Ryes one u6
+ Wno one u6
+
+ GDyes one
+ GWyes one
+";
+
+confadd '
+ option deny-rules = 1
+';
+
+try "ADMIN_PUSH set1; !/FATAL/" or die text();
+
+try "
+ Wyes one u1
+
+ Ryes one u2
+ Wno one u2
+
+ Rno one u3
+
+ Ryes one u6
+ Wno one u6
+
+ GDyes one
+ GWyes one
+";
+
+confadd '
+ repo two
+ RW+ = u1
+ R = u2
+ - = u2 u3 gitweb daemon
+ R = @all
+';
+
+try "ADMIN_PUSH set1; !/FATAL/" or die text();
+
+try "
+ GWyes two
+ GDyes two
+";
+
+confadd '
+ option deny-rules = 1
+';
+
+try "ADMIN_PUSH set1; !/FATAL/" or die text();
+
+try "
+ GWno two
+ GDno two
+";
+
+# set 3 -- allow gitweb to all but admin repo
+
+confadd '
+ repo gitolite-admin
+ - = gitweb daemon
+ option deny-rules = 1
+
+ repo three
+ RW+ = u3
+ R = gitweb daemon
+';
+
+try "ADMIN_PUSH set1; !/FATAL/" or die text();
+
+try "
+ GDyes three
+ GWyes three
+ GDno gitolite-admin
+ GWno gitolite-admin
+";
+
+# set 4 -- allow gitweb to all but admin repo
+
+confadd '
+ repo four
+ RW+ = u4
+ - = gitweb daemon
+
+ repo @all
+ R = @all
+';
+try "ADMIN_PUSH set1; !/FATAL/" or die text();
+
+try "
+ GDyes four
+ GWyes four
+ GDno gitolite-admin
+ GWno gitolite-admin
+";
+
+# set 5 -- go wild
+
+confreset; confadd '
+ repo foo/..*
+ C = u1
+ RW+ = CREATOR
+ - = gitweb daemon
+ R = @all
+
+ repo bar/..*
+ C = u2
+ RW+ = CREATOR
+ - = gitweb daemon
+ R = @all
+ option deny-rules = 1
+';
+try "ADMIN_PUSH set1; !/FATAL/" or die text();
+
+try "
+ glt ls-remote u1 file:///foo/one
+ glt ls-remote u2 file:///bar/two
+ Wyes foo/one u1
+ Wyes bar/two u2
+
+ GDyes foo/one
+ GDyes foo/one
+ GWno bar/two
+ GWno bar/two
+";