diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 14:17:27 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 14:17:27 +0000 |
commit | aae1a14ea756102251351d96e2567b4986d30e2b (patch) | |
tree | a1af617672e26aee4c1031a3aa83e8ff08f6a0a5 /t/deny-rules-2.t | |
parent | Initial commit. (diff) | |
download | gitolite3-upstream.tar.xz gitolite3-upstream.zip |
Adding upstream version 3.6.12.upstream/3.6.12upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rwxr-xr-x | t/deny-rules-2.t | 172 |
1 files changed, 172 insertions, 0 deletions
diff --git a/t/deny-rules-2.t b/t/deny-rules-2.t new file mode 100755 index 0000000..0ca15fe --- /dev/null +++ b/t/deny-rules-2.t @@ -0,0 +1,172 @@ +#!/usr/bin/perl +use strict; +use warnings; + +# this is hardcoded; change it if needed +use lib "src/lib"; +use Gitolite::Test; + +# more on deny-rules +# ---------------------------------------------------------------------- + +try "plan 126"; + +try " + DEF GOOD = /refs/\\.\\*/ + DEF BAD = /DENIED/ + + DEF Ryes = gitolite access %1 %2 R any; ok; GOOD + DEF Rno = gitolite access %1 %2 R any; !ok; BAD + + DEF Wyes = gitolite access %1 %2 W any; ok; GOOD + DEF Wno = gitolite access %1 %2 W any; !ok; BAD + + DEF GWyes = Ryes %1 gitweb + DEF GWno = Rno %1 gitweb + + DEF GDyes = Ryes %1 daemon + DEF GDno = Rno %1 daemon +"; + +confreset;confadd ' + repo one + RW+ = u1 + R = u2 + - = u2 u3 + R = @all +'; + +try "ADMIN_PUSH set1; !/FATAL/" or die text(); + +try " + Wyes one u1 + + Ryes one u2 + Wno one u2 + + Ryes one u3 + Wno one u3 + + Ryes one u6 + Wno one u6 + + GDyes one + GWyes one +"; + +confadd ' + option deny-rules = 1 +'; + +try "ADMIN_PUSH set1; !/FATAL/" or die text(); + +try " + Wyes one u1 + + Ryes one u2 + Wno one u2 + + Rno one u3 + + Ryes one u6 + Wno one u6 + + GDyes one + GWyes one +"; + +confadd ' + repo two + RW+ = u1 + R = u2 + - = u2 u3 gitweb daemon + R = @all +'; + +try "ADMIN_PUSH set1; !/FATAL/" or die text(); + +try " + GWyes two + GDyes two +"; + +confadd ' + option deny-rules = 1 +'; + +try "ADMIN_PUSH set1; !/FATAL/" or die text(); + +try " + GWno two + GDno two +"; + +# set 3 -- allow gitweb to all but admin repo + +confadd ' + repo gitolite-admin + - = gitweb daemon + option deny-rules = 1 + + repo three + RW+ = u3 + R = gitweb daemon +'; + +try "ADMIN_PUSH set1; !/FATAL/" or die text(); + +try " + GDyes three + GWyes three + GDno gitolite-admin + GWno gitolite-admin +"; + +# set 4 -- allow gitweb to all but admin repo + +confadd ' + repo four + RW+ = u4 + - = gitweb daemon + + repo @all + R = @all +'; +try "ADMIN_PUSH set1; !/FATAL/" or die text(); + +try " + GDyes four + GWyes four + GDno gitolite-admin + GWno gitolite-admin +"; + +# set 5 -- go wild + +confreset; confadd ' + repo foo/..* + C = u1 + RW+ = CREATOR + - = gitweb daemon + R = @all + + repo bar/..* + C = u2 + RW+ = CREATOR + - = gitweb daemon + R = @all + option deny-rules = 1 +'; +try "ADMIN_PUSH set1; !/FATAL/" or die text(); + +try " + glt ls-remote u1 file:///foo/one + glt ls-remote u2 file:///bar/two + Wyes foo/one u1 + Wyes bar/two u2 + + GDyes foo/one + GDyes foo/one + GWno bar/two + GWno bar/two +"; |