blob: 0ca15feb95c580089717a39a445ef0c68b96a150 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
|
#!/usr/bin/perl
use strict;
use warnings;
# this is hardcoded; change it if needed
use lib "src/lib";
use Gitolite::Test;
# more on deny-rules
# ----------------------------------------------------------------------
try "plan 126";
try "
DEF GOOD = /refs/\\.\\*/
DEF BAD = /DENIED/
DEF Ryes = gitolite access %1 %2 R any; ok; GOOD
DEF Rno = gitolite access %1 %2 R any; !ok; BAD
DEF Wyes = gitolite access %1 %2 W any; ok; GOOD
DEF Wno = gitolite access %1 %2 W any; !ok; BAD
DEF GWyes = Ryes %1 gitweb
DEF GWno = Rno %1 gitweb
DEF GDyes = Ryes %1 daemon
DEF GDno = Rno %1 daemon
";
confreset;confadd '
repo one
RW+ = u1
R = u2
- = u2 u3
R = @all
';
try "ADMIN_PUSH set1; !/FATAL/" or die text();
try "
Wyes one u1
Ryes one u2
Wno one u2
Ryes one u3
Wno one u3
Ryes one u6
Wno one u6
GDyes one
GWyes one
";
confadd '
option deny-rules = 1
';
try "ADMIN_PUSH set1; !/FATAL/" or die text();
try "
Wyes one u1
Ryes one u2
Wno one u2
Rno one u3
Ryes one u6
Wno one u6
GDyes one
GWyes one
";
confadd '
repo two
RW+ = u1
R = u2
- = u2 u3 gitweb daemon
R = @all
';
try "ADMIN_PUSH set1; !/FATAL/" or die text();
try "
GWyes two
GDyes two
";
confadd '
option deny-rules = 1
';
try "ADMIN_PUSH set1; !/FATAL/" or die text();
try "
GWno two
GDno two
";
# set 3 -- allow gitweb to all but admin repo
confadd '
repo gitolite-admin
- = gitweb daemon
option deny-rules = 1
repo three
RW+ = u3
R = gitweb daemon
';
try "ADMIN_PUSH set1; !/FATAL/" or die text();
try "
GDyes three
GWyes three
GDno gitolite-admin
GWno gitolite-admin
";
# set 4 -- allow gitweb to all but admin repo
confadd '
repo four
RW+ = u4
- = gitweb daemon
repo @all
R = @all
';
try "ADMIN_PUSH set1; !/FATAL/" or die text();
try "
GDyes four
GWyes four
GDno gitolite-admin
GWno gitolite-admin
";
# set 5 -- go wild
confreset; confadd '
repo foo/..*
C = u1
RW+ = CREATOR
- = gitweb daemon
R = @all
repo bar/..*
C = u2
RW+ = CREATOR
- = gitweb daemon
R = @all
option deny-rules = 1
';
try "ADMIN_PUSH set1; !/FATAL/" or die text();
try "
glt ls-remote u1 file:///foo/one
glt ls-remote u2 file:///bar/two
Wyes foo/one u1
Wyes bar/two u2
GDyes foo/one
GDyes foo/one
GWno bar/two
GWno bar/two
";
|
