src/test/java/com/gitblit/tests/Issue0259Test.java - gitblit - Git at Google

 /*
  * Copyright 2013 gitblit.com.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 package com.gitblit.tests;

 import java.io.File;

 import org.junit.Test;

 import com.gitblit.ConfigUserService;
 import com.gitblit.Constants.AccessPermission;
 import com.gitblit.Constants.AccessRestrictionType;
 import com.gitblit.models.RepositoryModel;
 import com.gitblit.models.TeamModel;
 import com.gitblit.models.UserModel;

 /**
  * https://code.google.com/p/gitblit/issues/detail?id=259
  *
  * Reported Problem:
  * We have an user with RWD access rights, but he can’t push.
  *
  * @see src/test/resources/issue0259.conf
  *
  * At the next day he try again and he can push to the project.
  *
  * @author James Moger
  *
  */
 public class Issue0259Test extends GitblitUnitTest {

 	RepositoryModel repo(String name, AccessRestrictionType restriction) {
 		RepositoryModel repo = new RepositoryModel();
 		repo.name = name;
 		repo.accessRestriction = restriction;
 		return repo;
 	}

 	/**
 	 * Test the provided users.conf file for expected access permissions.
 	 *
 	 * @throws Exception
 	 */
 	@Test
 	public void testFile() throws Exception {
 		File realmFile = new File("src/test/resources/issue0259.conf");
 		ConfigUserService service = new ConfigUserService(realmFile);

 		RepositoryModel test = repo("test.git", AccessRestrictionType.VIEW);
 		RepositoryModel projects_test = repo("projects/test.git", AccessRestrictionType.VIEW);

 		UserModel a = service.getUserModel("a");
 		UserModel b = service.getUserModel("b");
 		UserModel c = service.getUserModel("c");

 		// assert RWD or RW+ for projects/test.git
 		assertEquals(AccessPermission.DELETE, a.getRepositoryPermission(projects_test).permission);
 		assertEquals(AccessPermission.DELETE, b.getRepositoryPermission(projects_test).permission);
 		assertEquals(AccessPermission.REWIND, c.getRepositoryPermission(projects_test).permission);

 		assertTrue(a.canPush(projects_test));
 		assertTrue(b.canPush(projects_test));
 		assertTrue(c.canPush(projects_test));

 		assertTrue(a.canDeleteRef(projects_test));
 		assertTrue(b.canDeleteRef(projects_test));
 		assertTrue(c.canDeleteRef(projects_test));

 		assertFalse(a.canRewindRef(projects_test));
 		assertFalse(b.canRewindRef(projects_test));
 		assertTrue(c.canRewindRef(projects_test));

 		// assert R for test.git
 		assertEquals(AccessPermission.CLONE, a.getRepositoryPermission(test).permission);
 		assertEquals(AccessPermission.CLONE, b.getRepositoryPermission(test).permission);
 		assertEquals(AccessPermission.REWIND, c.getRepositoryPermission(test).permission);

 		assertTrue(a.canClone(test));
 		assertTrue(b.canClone(test));

 		assertFalse(a.canPush(test));
 		assertFalse(b.canPush(test));
 		assertTrue(c.canPush(test));
 	}

 	@Test
 	public void testTeamsOrder() throws Exception {
 		testTeams(false);
 	}

 	@Test
 	public void testTeamsReverseOrder() throws Exception {
 		testTeams(true);
 	}

 	/**
 	 * Tests multiple teams each with a regex permisson that will match.  The
 	 * highest matching permission should be used.  Order should be irrelevant.
 	 *
 	 * @param reverseOrder
 	 * @throws Exception
 	 */
 	private void testTeams(boolean reverseOrder) throws Exception {
 		RepositoryModel test = repo("test.git", AccessRestrictionType.VIEW);
 		RepositoryModel projects_test = repo("projects/test.git", AccessRestrictionType.VIEW);

 		TeamModel t1 = new TeamModel("t1");
 		t1.setRepositoryPermission(".*", AccessPermission.CLONE);

 		TeamModel t2 = new TeamModel("t2");
 		t2.setRepositoryPermission("projects/.*", AccessPermission.DELETE);

 		UserModel a = new UserModel("a");
 		if (reverseOrder) {
 			a.teams.add(t2);
 			a.teams.add(t1);
 		} else {
 			a.teams.add(t1);
 			a.teams.add(t2);
 		}

 		// simulate a repository rename
 		a.setRepositoryPermission("projects/renamed.git", null);
 		t1.setRepositoryPermission("projects/renamed.git", null);
 		t2.setRepositoryPermission("projects/renamed.git", null);

 		assertEquals(AccessPermission.CLONE, a.getRepositoryPermission(test).permission);
 		assertEquals(AccessPermission.DELETE, a.getRepositoryPermission(projects_test).permission);

 		assertTrue(a.canClone(test));
 		assertTrue(a.canClone(projects_test));

 		assertFalse(a.canDeleteRef(test));
 		assertTrue(a.canDeleteRef(projects_test));
 	}

 	@Test
 	public void testTeam() throws Exception {
 		testTeam(false);
 	}

 	@Test
 	public void testTeamReverseOrder() throws Exception {
 		testTeam(true);
 	}

 	/**
 	 * Test a single team that has multiple repository permissions that all match.
 	 * Here defined order IS important.  The first permission match wins so it is
 	 * important to define permissions from most-specific match to least-specific
 	 * match.
 	 *
 	 * If the defined permissions are:
 	 *   R:.*
 	 *   RWD:projects/.*
 	 * then the expected result is R for all repositories because it is first.
 	 *
 	 * But if the defined permissions are:
 	 *   RWD:projects/.*
 	 *   R:.*
 	 * then the expected result is RWD for projects/test.git and R for test.git
 	 *
 	 * @param reverseOrder
 	 * @throws Exception
 	 */
 	private void testTeam(boolean reverseOrder) throws Exception {
 		RepositoryModel test = repo("test.git", AccessRestrictionType.VIEW);
 		RepositoryModel projects_test = repo("projects/test.git", AccessRestrictionType.VIEW);

 		TeamModel t1 = new TeamModel("t1");
 		if (reverseOrder) {
 			t1.setRepositoryPermission("projects/.*", AccessPermission.DELETE);
 			t1.setRepositoryPermission(".*", AccessPermission.CLONE);
 		} else {
 			t1.setRepositoryPermission(".*", AccessPermission.CLONE);
 			t1.setRepositoryPermission("projects/.*", AccessPermission.DELETE);
 		}
 		UserModel a = new UserModel("a");
 		a.teams.add(t1);

 		// simulate a repository rename
 		a.setRepositoryPermission("projects/renamed.git", null);
 		t1.setRepositoryPermission("projects/renamed.git", null);

 		assertEquals(AccessPermission.CLONE, a.getRepositoryPermission(test).permission);
 		assertTrue(a.canClone(test));
 		assertFalse(a.canDeleteRef(test));
 		assertTrue(a.canClone(projects_test));

 		if (reverseOrder) {
 			// RWD permission is found first
 			assertEquals(AccessPermission.DELETE, a.getRepositoryPermission(projects_test).permission);
 			assertTrue(a.canDeleteRef(projects_test));
 		} else {
 			// R permission is found first
 			assertEquals(AccessPermission.CLONE, a.getRepositoryPermission(projects_test).permission);
 			assertFalse(a.canDeleteRef(projects_test));
 		}
 	}
 }
	/*
	* Copyright 2013 gitblit.com.
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/
	package com.gitblit.tests;

	import java.io.File;

	import org.junit.Test;

	import com.gitblit.ConfigUserService;
	import com.gitblit.Constants.AccessPermission;
	import com.gitblit.Constants.AccessRestrictionType;
	import com.gitblit.models.RepositoryModel;
	import com.gitblit.models.TeamModel;
	import com.gitblit.models.UserModel;

	/**
	* https://code.google.com/p/gitblit/issues/detail?id=259
	*
	* Reported Problem:
	* We have an user with RWD access rights, but he can’t push.
	*
	* @see src/test/resources/issue0259.conf
	*
	* At the next day he try again and he can push to the project.
	*
	* @author James Moger
	*
	*/
	public class Issue0259Test extends GitblitUnitTest {

	RepositoryModel repo(String name, AccessRestrictionType restriction) {
	RepositoryModel repo = new RepositoryModel();
	repo.name = name;
	repo.accessRestriction = restriction;
	return repo;
	}

	/**
	* Test the provided users.conf file for expected access permissions.
	*
	* @throws Exception
	*/
	@Test
	public void testFile() throws Exception {
	File realmFile = new File("src/test/resources/issue0259.conf");
	ConfigUserService service = new ConfigUserService(realmFile);

	RepositoryModel test = repo("test.git", AccessRestrictionType.VIEW);
	RepositoryModel projects_test = repo("projects/test.git", AccessRestrictionType.VIEW);

	UserModel a = service.getUserModel("a");
	UserModel b = service.getUserModel("b");
	UserModel c = service.getUserModel("c");

	// assert RWD or RW+ for projects/test.git
	assertEquals(AccessPermission.DELETE, a.getRepositoryPermission(projects_test).permission);
	assertEquals(AccessPermission.DELETE, b.getRepositoryPermission(projects_test).permission);
	assertEquals(AccessPermission.REWIND, c.getRepositoryPermission(projects_test).permission);

	assertTrue(a.canPush(projects_test));
	assertTrue(b.canPush(projects_test));
	assertTrue(c.canPush(projects_test));

	assertTrue(a.canDeleteRef(projects_test));
	assertTrue(b.canDeleteRef(projects_test));
	assertTrue(c.canDeleteRef(projects_test));

	assertFalse(a.canRewindRef(projects_test));
	assertFalse(b.canRewindRef(projects_test));
	assertTrue(c.canRewindRef(projects_test));

	// assert R for test.git
	assertEquals(AccessPermission.CLONE, a.getRepositoryPermission(test).permission);
	assertEquals(AccessPermission.CLONE, b.getRepositoryPermission(test).permission);
	assertEquals(AccessPermission.REWIND, c.getRepositoryPermission(test).permission);

	assertTrue(a.canClone(test));
	assertTrue(b.canClone(test));

	assertFalse(a.canPush(test));
	assertFalse(b.canPush(test));
	assertTrue(c.canPush(test));
	}

	@Test
	public void testTeamsOrder() throws Exception {
	testTeams(false);
	}

	@Test
	public void testTeamsReverseOrder() throws Exception {
	testTeams(true);
	}

	/**
	* Tests multiple teams each with a regex permisson that will match. The
	* highest matching permission should be used. Order should be irrelevant.
	*
	* @param reverseOrder
	* @throws Exception
	*/
	private void testTeams(boolean reverseOrder) throws Exception {
	RepositoryModel test = repo("test.git", AccessRestrictionType.VIEW);
	RepositoryModel projects_test = repo("projects/test.git", AccessRestrictionType.VIEW);

	TeamModel t1 = new TeamModel("t1");
	t1.setRepositoryPermission(".*", AccessPermission.CLONE);

	TeamModel t2 = new TeamModel("t2");
	t2.setRepositoryPermission("projects/.*", AccessPermission.DELETE);

	UserModel a = new UserModel("a");
	if (reverseOrder) {
	a.teams.add(t2);
	a.teams.add(t1);
	} else {
	a.teams.add(t1);
	a.teams.add(t2);
	}

	// simulate a repository rename
	a.setRepositoryPermission("projects/renamed.git", null);
	t1.setRepositoryPermission("projects/renamed.git", null);
	t2.setRepositoryPermission("projects/renamed.git", null);

	assertEquals(AccessPermission.CLONE, a.getRepositoryPermission(test).permission);
	assertEquals(AccessPermission.DELETE, a.getRepositoryPermission(projects_test).permission);

	assertTrue(a.canClone(test));
	assertTrue(a.canClone(projects_test));

	assertFalse(a.canDeleteRef(test));
	assertTrue(a.canDeleteRef(projects_test));
	}

	@Test
	public void testTeam() throws Exception {
	testTeam(false);
	}

	@Test
	public void testTeamReverseOrder() throws Exception {
	testTeam(true);
	}

	/**
	* Test a single team that has multiple repository permissions that all match.
	* Here defined order IS important. The first permission match wins so it is
	* important to define permissions from most-specific match to least-specific
	* match.
	*
	* If the defined permissions are:
	* R:.*
	* RWD:projects/.*
	* then the expected result is R for all repositories because it is first.
	*
	* But if the defined permissions are:
	* RWD:projects/.*
	* R:.*
	* then the expected result is RWD for projects/test.git and R for test.git
	*
	* @param reverseOrder
	* @throws Exception
	*/
	private void testTeam(boolean reverseOrder) throws Exception {
	RepositoryModel test = repo("test.git", AccessRestrictionType.VIEW);
	RepositoryModel projects_test = repo("projects/test.git", AccessRestrictionType.VIEW);

	TeamModel t1 = new TeamModel("t1");
	if (reverseOrder) {
	t1.setRepositoryPermission("projects/.*", AccessPermission.DELETE);
	t1.setRepositoryPermission(".*", AccessPermission.CLONE);
	} else {
	t1.setRepositoryPermission(".*", AccessPermission.CLONE);
	t1.setRepositoryPermission("projects/.*", AccessPermission.DELETE);
	}
	UserModel a = new UserModel("a");
	a.teams.add(t1);

	// simulate a repository rename
	a.setRepositoryPermission("projects/renamed.git", null);
	t1.setRepositoryPermission("projects/renamed.git", null);

	assertEquals(AccessPermission.CLONE, a.getRepositoryPermission(test).permission);
	assertTrue(a.canClone(test));
	assertFalse(a.canDeleteRef(test));
	assertTrue(a.canClone(projects_test));

	if (reverseOrder) {
	// RWD permission is found first
	assertEquals(AccessPermission.DELETE, a.getRepositoryPermission(projects_test).permission);
	assertTrue(a.canDeleteRef(projects_test));
	} else {
	// R permission is found first
	assertEquals(AccessPermission.CLONE, a.getRepositoryPermission(projects_test).permission);
	assertFalse(a.canDeleteRef(projects_test));
	}
	}
	}