3 files changed, 237 insertions, 1 deletions

diff --git a/src/test/java/com/gitblit/tests/GitBlitSuite.java b/src/test/java/com/gitblit/tests/GitBlitSuite.java
index dca158c2..a2263298 100644
--- a/src/test/java/com/gitblit/tests/GitBlitSuite.java
+++ b/src/test/java/com/gitblit/tests/GitBlitSuite.java
@@ -60,7 +60,7 @@ import com.gitblit.utils.JGitUtils;
 		DiffUtilsTest.class, MetricUtilsTest.class, TicgitUtilsTest.class, X509UtilsTest.class,

 		GitBlitTest.class, FederationTests.class, RpcTests.class, GitServletTest.class, GitDaemonTest.class,

 		GroovyScriptTest.class, LuceneExecutorTest.class, IssuesTest.class, RepositoryModelTest.class,

-		FanoutServiceTest.class })

+		FanoutServiceTest.class, Issue0259Test.class })

 public class GitBlitSuite {

 

 	public static final File REPOSITORIES = new File("data/git");

diff --git a/src/test/java/com/gitblit/tests/Issue0259Test.java b/src/test/java/com/gitblit/tests/Issue0259Test.java
new file mode 100644
index 00000000..174f7cc7
--- /dev/null
+++ b/src/test/java/com/gitblit/tests/Issue0259Test.java
@@ -0,0 +1,204 @@
+/*

+ * Copyright 2013 gitblit.com.

+ *

+ * Licensed under the Apache License, Version 2.0 (the "License");

+ * you may not use this file except in compliance with the License.

+ * You may obtain a copy of the License at

+ *

+ *     http://www.apache.org/licenses/LICENSE-2.0

+ *

+ * Unless required by applicable law or agreed to in writing, software

+ * distributed under the License is distributed on an "AS IS" BASIS,

+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

+ * See the License for the specific language governing permissions and

+ * limitations under the License.

+ */

+package com.gitblit.tests;

+

+import java.io.File;

+

+import org.junit.Assert;

+import org.junit.Test;

+

+import com.gitblit.ConfigUserService;

+import com.gitblit.Constants.AccessPermission;

+import com.gitblit.Constants.AccessRestrictionType;

+import com.gitblit.models.RepositoryModel;

+import com.gitblit.models.TeamModel;

+import com.gitblit.models.UserModel;

+

+/**

+ * https://code.google.com/p/gitblit/issues/detail?id=259

+ * 

+ * Reported Problem:

+ * We have an user with RWD access rights, but he can’t push.

+ * 

+ * @see src/test/resources/issue0259.conf

+ * 

+ * At the next day he try again and he can push to the project.

+ * 

+ * @author James Moger

+ *

+ */

+public class Issue0259Test extends Assert {

+

+	RepositoryModel repo(String name, AccessRestrictionType restriction) {

+		RepositoryModel repo = new RepositoryModel();

+		repo.name = name;

+		repo.accessRestriction = restriction;

+		return repo;

+	}

+	

+	/**

+	 * Test the provided users.conf file for expected access permissions.

+	 *  

+	 * @throws Exception

+	 */

+	@Test

+	public void testFile() throws Exception {

+		File realmFile = new File("src/test/resources/issue0259.conf");

+		ConfigUserService service = new ConfigUserService(realmFile);

+		

+		RepositoryModel test = repo("test.git", AccessRestrictionType.VIEW);

+		RepositoryModel projects_test = repo("projects/test.git", AccessRestrictionType.VIEW);

+		

+		UserModel a = service.getUserModel("a");

+		UserModel b = service.getUserModel("b");

+		UserModel c = service.getUserModel("c");

+		

+		// assert RWD or RW+ for projects/test.git

+		assertEquals(AccessPermission.DELETE, a.getRepositoryPermission(projects_test).permission);

+		assertEquals(AccessPermission.DELETE, b.getRepositoryPermission(projects_test).permission);

+		assertEquals(AccessPermission.REWIND, c.getRepositoryPermission(projects_test).permission);

+		

+		assertTrue(a.canPush(projects_test));

+		assertTrue(b.canPush(projects_test));

+		assertTrue(c.canPush(projects_test));

+

+		assertTrue(a.canDeleteRef(projects_test));

+		assertTrue(b.canDeleteRef(projects_test));

+		assertTrue(c.canDeleteRef(projects_test));

+

+		assertFalse(a.canRewindRef(projects_test));

+		assertFalse(b.canRewindRef(projects_test));

+		assertTrue(c.canRewindRef(projects_test));

+		

+		// assert R for test.git

+		assertEquals(AccessPermission.CLONE, a.getRepositoryPermission(test).permission);

+		assertEquals(AccessPermission.CLONE, b.getRepositoryPermission(test).permission);

+		assertEquals(AccessPermission.REWIND, c.getRepositoryPermission(test).permission);

+

+		assertTrue(a.canClone(test));

+		assertTrue(b.canClone(test));

+

+		assertFalse(a.canPush(test));

+		assertFalse(b.canPush(test));

+		assertTrue(c.canPush(test));

+	}

+	

+	@Test

+	public void testTeamsOrder() throws Exception {

+		testTeams(false);

+	}

+

+	@Test

+	public void testTeamsReverseOrder() throws Exception {

+		testTeams(true);

+	}

+

+	/**

+	 * Tests multiple teams each with a regex permisson that will match.  The

+	 * highest matching permission should be used.  Order should be irrelevant.

+	 *  

+	 * @param reverseOrder

+	 * @throws Exception

+	 */

+	private void testTeams(boolean reverseOrder) throws Exception {

+		RepositoryModel test = repo("test.git", AccessRestrictionType.VIEW);

+		RepositoryModel projects_test = repo("projects/test.git", AccessRestrictionType.VIEW);

+		

+		TeamModel t1 = new TeamModel("t1");

+		t1.setRepositoryPermission(".*", AccessPermission.CLONE);

+		

+		TeamModel t2 = new TeamModel("t2");

+		t2.setRepositoryPermission("projects/.*", AccessPermission.DELETE);		

+		

+		UserModel a = new UserModel("a");

+		if (reverseOrder) {

+			a.teams.add(t2);

+			a.teams.add(t1);

+		} else {

+			a.teams.add(t1);

+			a.teams.add(t2);

+		}

+		

+		assertEquals(AccessPermission.CLONE, a.getRepositoryPermission(test).permission);

+		assertEquals(AccessPermission.DELETE, a.getRepositoryPermission(projects_test).permission);

+		

+		assertTrue(a.canClone(test));

+		assertTrue(a.canClone(projects_test));

+		

+		assertFalse(a.canDeleteRef(test));

+		assertTrue(a.canDeleteRef(projects_test));

+	}

+	

+	@Test

+	public void testTeam() throws Exception {

+		testTeam(false);		

+	}

+	

+	@Test

+	public void testTeamReverseOrder() throws Exception {

+		testTeam(true);

+	}

+	

+	/**

+	 * Test a single team that has multiple repository permissions that all match.

+	 * Here defined order IS important.  The first permission match wins so it is

+	 * important to define permissions from most-specific match to least-specific

+	 * match.

+	 * 

+	 * If the defined permissions are:

+	 *   R:.*

+	 *   RWD:projects/.*

+	 * then the expected result is R for all repositories because it is first.

+	 * 

+	 * But if the defined permissions are:

+	 *   RWD:projects/.*

+	 *   R:.*

+	 * then the expected result is RWD for projects/test.git and R for test.git

+	 *  

+	 * @param reverseOrder

+	 * @throws Exception

+	 */

+	private void testTeam(boolean reverseOrder) throws Exception {

+		RepositoryModel test = repo("test.git", AccessRestrictionType.VIEW);

+		RepositoryModel projects_test = repo("projects/test.git", AccessRestrictionType.VIEW);

+		

+		TeamModel t1 = new TeamModel("t1");

+		if (reverseOrder) {

+			t1.setRepositoryPermission("projects/.*", AccessPermission.DELETE);

+			t1.setRepositoryPermission(".*", AccessPermission.CLONE);

+		} else {

+			t1.setRepositoryPermission(".*", AccessPermission.CLONE);

+			t1.setRepositoryPermission("projects/.*", AccessPermission.DELETE);

+		}

+		UserModel a = new UserModel("a");

+		a.teams.add(t1);

+		

+		assertEquals(AccessPermission.CLONE, a.getRepositoryPermission(test).permission);

+		assertTrue(a.canClone(test));

+		assertFalse(a.canDeleteRef(test));

+		assertTrue(a.canClone(projects_test));

+

+		if (reverseOrder) {

+			// RWD permission is found first

+			assertEquals(AccessPermission.DELETE, a.getRepositoryPermission(projects_test).permission);

+			assertTrue(a.canDeleteRef(projects_test));

+		} else {

+			// R permission is found first

+			assertEquals(AccessPermission.CLONE, a.getRepositoryPermission(projects_test).permission);

+			assertFalse(a.canDeleteRef(projects_test));

+		}

+	}

+}

diff --git a/src/test/resources/issue0259.conf b/src/test/resources/issue0259.conf
new file mode 100644
index 00000000..ad6f0c33
--- /dev/null
+++ b/src/test/resources/issue0259.conf
@@ -0,0 +1,32 @@
+[user "A"]
+	password = "#externalAccount"
+	role = "#none"
+[user "B"]
+	password = "#externalAccount"
+	role = "#none"
+[user "C"]
+	password = "#externalAccount"
+	role = "#admin"
+[team "git_1560"]
+	role = "#none"
+	repository = RWC:trade/.*
+	repository = RWC:dev.support/admin.behelfsskripte.git
+	repository = RWD:projects/.*
+	repository = RWD:birt/.*
+	repository = RWD:fact/.*
+	repository = RWD:of/.*
+	repository = RWD:portal.solutions/.*
+	repository = RWD:rem/.*
+	repository = RWD:transparency/.*
+	repository = RWD:process/.*
+	user = B
+	user = A
+	user = C
+[team "git_EcgUser"]
+	role = "#create"
+	repository = R:.*
+	repository = RWD:test.projects/.*
+	repository = R:~krulls/regressionstests.base.git
+	user = A
+	user = C
+	user = B