/* | |
* Copyright 2013 gitblit.com. | |
* | |
* Licensed under the Apache License, Version 2.0 (the "License"); | |
* you may not use this file except in compliance with the License. | |
* You may obtain a copy of the License at | |
* | |
* http://www.apache.org/licenses/LICENSE-2.0 | |
* | |
* Unless required by applicable law or agreed to in writing, software | |
* distributed under the License is distributed on an "AS IS" BASIS, | |
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
* See the License for the specific language governing permissions and | |
* limitations under the License. | |
*/ | |
package com.gitblit.tests; | |
import java.io.File; | |
import org.junit.Test; | |
import com.gitblit.ConfigUserService; | |
import com.gitblit.Constants.AccessPermission; | |
import com.gitblit.Constants.AccessRestrictionType; | |
import com.gitblit.models.RepositoryModel; | |
import com.gitblit.models.TeamModel; | |
import com.gitblit.models.UserModel; | |
/** | |
* https://code.google.com/p/gitblit/issues/detail?id=259 | |
* | |
* Reported Problem: | |
* We have an user with RWD access rights, but he can’t push. | |
* | |
* @see src/test/resources/issue0259.conf | |
* | |
* At the next day he try again and he can push to the project. | |
* | |
* @author James Moger | |
* | |
*/ | |
public class Issue0259Test extends GitblitUnitTest { | |
RepositoryModel repo(String name, AccessRestrictionType restriction) { | |
RepositoryModel repo = new RepositoryModel(); | |
repo.name = name; | |
repo.accessRestriction = restriction; | |
return repo; | |
} | |
/** | |
* Test the provided users.conf file for expected access permissions. | |
* | |
* @throws Exception | |
*/ | |
@Test | |
public void testFile() throws Exception { | |
File realmFile = new File("src/test/resources/issue0259.conf"); | |
ConfigUserService service = new ConfigUserService(realmFile); | |
RepositoryModel test = repo("test.git", AccessRestrictionType.VIEW); | |
RepositoryModel projects_test = repo("projects/test.git", AccessRestrictionType.VIEW); | |
UserModel a = service.getUserModel("a"); | |
UserModel b = service.getUserModel("b"); | |
UserModel c = service.getUserModel("c"); | |
// assert RWD or RW+ for projects/test.git | |
assertEquals(AccessPermission.DELETE, a.getRepositoryPermission(projects_test).permission); | |
assertEquals(AccessPermission.DELETE, b.getRepositoryPermission(projects_test).permission); | |
assertEquals(AccessPermission.REWIND, c.getRepositoryPermission(projects_test).permission); | |
assertTrue(a.canPush(projects_test)); | |
assertTrue(b.canPush(projects_test)); | |
assertTrue(c.canPush(projects_test)); | |
assertTrue(a.canDeleteRef(projects_test)); | |
assertTrue(b.canDeleteRef(projects_test)); | |
assertTrue(c.canDeleteRef(projects_test)); | |
assertFalse(a.canRewindRef(projects_test)); | |
assertFalse(b.canRewindRef(projects_test)); | |
assertTrue(c.canRewindRef(projects_test)); | |
// assert R for test.git | |
assertEquals(AccessPermission.CLONE, a.getRepositoryPermission(test).permission); | |
assertEquals(AccessPermission.CLONE, b.getRepositoryPermission(test).permission); | |
assertEquals(AccessPermission.REWIND, c.getRepositoryPermission(test).permission); | |
assertTrue(a.canClone(test)); | |
assertTrue(b.canClone(test)); | |
assertFalse(a.canPush(test)); | |
assertFalse(b.canPush(test)); | |
assertTrue(c.canPush(test)); | |
} | |
@Test | |
public void testTeamsOrder() throws Exception { | |
testTeams(false); | |
} | |
@Test | |
public void testTeamsReverseOrder() throws Exception { | |
testTeams(true); | |
} | |
/** | |
* Tests multiple teams each with a regex permisson that will match. The | |
* highest matching permission should be used. Order should be irrelevant. | |
* | |
* @param reverseOrder | |
* @throws Exception | |
*/ | |
private void testTeams(boolean reverseOrder) throws Exception { | |
RepositoryModel test = repo("test.git", AccessRestrictionType.VIEW); | |
RepositoryModel projects_test = repo("projects/test.git", AccessRestrictionType.VIEW); | |
TeamModel t1 = new TeamModel("t1"); | |
t1.setRepositoryPermission(".*", AccessPermission.CLONE); | |
TeamModel t2 = new TeamModel("t2"); | |
t2.setRepositoryPermission("projects/.*", AccessPermission.DELETE); | |
UserModel a = new UserModel("a"); | |
if (reverseOrder) { | |
a.teams.add(t2); | |
a.teams.add(t1); | |
} else { | |
a.teams.add(t1); | |
a.teams.add(t2); | |
} | |
// simulate a repository rename | |
a.setRepositoryPermission("projects/renamed.git", null); | |
t1.setRepositoryPermission("projects/renamed.git", null); | |
t2.setRepositoryPermission("projects/renamed.git", null); | |
assertEquals(AccessPermission.CLONE, a.getRepositoryPermission(test).permission); | |
assertEquals(AccessPermission.DELETE, a.getRepositoryPermission(projects_test).permission); | |
assertTrue(a.canClone(test)); | |
assertTrue(a.canClone(projects_test)); | |
assertFalse(a.canDeleteRef(test)); | |
assertTrue(a.canDeleteRef(projects_test)); | |
} | |
@Test | |
public void testTeam() throws Exception { | |
testTeam(false); | |
} | |
@Test | |
public void testTeamReverseOrder() throws Exception { | |
testTeam(true); | |
} | |
/** | |
* Test a single team that has multiple repository permissions that all match. | |
* Here defined order IS important. The first permission match wins so it is | |
* important to define permissions from most-specific match to least-specific | |
* match. | |
* | |
* If the defined permissions are: | |
* R:.* | |
* RWD:projects/.* | |
* then the expected result is R for all repositories because it is first. | |
* | |
* But if the defined permissions are: | |
* RWD:projects/.* | |
* R:.* | |
* then the expected result is RWD for projects/test.git and R for test.git | |
* | |
* @param reverseOrder | |
* @throws Exception | |
*/ | |
private void testTeam(boolean reverseOrder) throws Exception { | |
RepositoryModel test = repo("test.git", AccessRestrictionType.VIEW); | |
RepositoryModel projects_test = repo("projects/test.git", AccessRestrictionType.VIEW); | |
TeamModel t1 = new TeamModel("t1"); | |
if (reverseOrder) { | |
t1.setRepositoryPermission("projects/.*", AccessPermission.DELETE); | |
t1.setRepositoryPermission(".*", AccessPermission.CLONE); | |
} else { | |
t1.setRepositoryPermission(".*", AccessPermission.CLONE); | |
t1.setRepositoryPermission("projects/.*", AccessPermission.DELETE); | |
} | |
UserModel a = new UserModel("a"); | |
a.teams.add(t1); | |
// simulate a repository rename | |
a.setRepositoryPermission("projects/renamed.git", null); | |
t1.setRepositoryPermission("projects/renamed.git", null); | |
assertEquals(AccessPermission.CLONE, a.getRepositoryPermission(test).permission); | |
assertTrue(a.canClone(test)); | |
assertFalse(a.canDeleteRef(test)); | |
assertTrue(a.canClone(projects_test)); | |
if (reverseOrder) { | |
// RWD permission is found first | |
assertEquals(AccessPermission.DELETE, a.getRepositoryPermission(projects_test).permission); | |
assertTrue(a.canDeleteRef(projects_test)); | |
} else { | |
// R permission is found first | |
assertEquals(AccessPermission.CLONE, a.getRepositoryPermission(projects_test).permission); | |
assertFalse(a.canDeleteRef(projects_test)); | |
} | |
} | |
} |