123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204 |
- /*
- * Copyright 2013 gitblit.com.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
- package com.gitblit.tests;
-
- import java.io.File;
-
- import org.junit.Assert;
- import org.junit.Test;
-
- import com.gitblit.ConfigUserService;
- import com.gitblit.Constants.AccessPermission;
- import com.gitblit.Constants.AccessRestrictionType;
- import com.gitblit.models.RepositoryModel;
- import com.gitblit.models.TeamModel;
- import com.gitblit.models.UserModel;
-
- /**
- * https://code.google.com/p/gitblit/issues/detail?id=259
- *
- * Reported Problem:
- * We have an user with RWD access rights, but he can’t push.
- *
- * @see src/test/resources/issue0259.conf
- *
- * At the next day he try again and he can push to the project.
- *
- * @author James Moger
- *
- */
- public class Issue0259Test extends Assert {
-
- RepositoryModel repo(String name, AccessRestrictionType restriction) {
- RepositoryModel repo = new RepositoryModel();
- repo.name = name;
- repo.accessRestriction = restriction;
- return repo;
- }
-
- /**
- * Test the provided users.conf file for expected access permissions.
- *
- * @throws Exception
- */
- @Test
- public void testFile() throws Exception {
- File realmFile = new File("src/test/resources/issue0259.conf");
- ConfigUserService service = new ConfigUserService(realmFile);
-
- RepositoryModel test = repo("test.git", AccessRestrictionType.VIEW);
- RepositoryModel projects_test = repo("projects/test.git", AccessRestrictionType.VIEW);
-
- UserModel a = service.getUserModel("a");
- UserModel b = service.getUserModel("b");
- UserModel c = service.getUserModel("c");
-
- // assert RWD or RW+ for projects/test.git
- assertEquals(AccessPermission.DELETE, a.getRepositoryPermission(projects_test).permission);
- assertEquals(AccessPermission.DELETE, b.getRepositoryPermission(projects_test).permission);
- assertEquals(AccessPermission.REWIND, c.getRepositoryPermission(projects_test).permission);
-
- assertTrue(a.canPush(projects_test));
- assertTrue(b.canPush(projects_test));
- assertTrue(c.canPush(projects_test));
-
- assertTrue(a.canDeleteRef(projects_test));
- assertTrue(b.canDeleteRef(projects_test));
- assertTrue(c.canDeleteRef(projects_test));
-
- assertFalse(a.canRewindRef(projects_test));
- assertFalse(b.canRewindRef(projects_test));
- assertTrue(c.canRewindRef(projects_test));
-
- // assert R for test.git
- assertEquals(AccessPermission.CLONE, a.getRepositoryPermission(test).permission);
- assertEquals(AccessPermission.CLONE, b.getRepositoryPermission(test).permission);
- assertEquals(AccessPermission.REWIND, c.getRepositoryPermission(test).permission);
-
- assertTrue(a.canClone(test));
- assertTrue(b.canClone(test));
-
- assertFalse(a.canPush(test));
- assertFalse(b.canPush(test));
- assertTrue(c.canPush(test));
- }
-
- @Test
- public void testTeamsOrder() throws Exception {
- testTeams(false);
- }
-
- @Test
- public void testTeamsReverseOrder() throws Exception {
- testTeams(true);
- }
-
- /**
- * Tests multiple teams each with a regex permisson that will match. The
- * highest matching permission should be used. Order should be irrelevant.
- *
- * @param reverseOrder
- * @throws Exception
- */
- private void testTeams(boolean reverseOrder) throws Exception {
- RepositoryModel test = repo("test.git", AccessRestrictionType.VIEW);
- RepositoryModel projects_test = repo("projects/test.git", AccessRestrictionType.VIEW);
-
- TeamModel t1 = new TeamModel("t1");
- t1.setRepositoryPermission(".*", AccessPermission.CLONE);
-
- TeamModel t2 = new TeamModel("t2");
- t2.setRepositoryPermission("projects/.*", AccessPermission.DELETE);
-
- UserModel a = new UserModel("a");
- if (reverseOrder) {
- a.teams.add(t2);
- a.teams.add(t1);
- } else {
- a.teams.add(t1);
- a.teams.add(t2);
- }
-
- assertEquals(AccessPermission.CLONE, a.getRepositoryPermission(test).permission);
- assertEquals(AccessPermission.DELETE, a.getRepositoryPermission(projects_test).permission);
-
- assertTrue(a.canClone(test));
- assertTrue(a.canClone(projects_test));
-
- assertFalse(a.canDeleteRef(test));
- assertTrue(a.canDeleteRef(projects_test));
- }
-
- @Test
- public void testTeam() throws Exception {
- testTeam(false);
- }
-
- @Test
- public void testTeamReverseOrder() throws Exception {
- testTeam(true);
- }
-
- /**
- * Test a single team that has multiple repository permissions that all match.
- * Here defined order IS important. The first permission match wins so it is
- * important to define permissions from most-specific match to least-specific
- * match.
- *
- * If the defined permissions are:
- * R:.*
- * RWD:projects/.*
- * then the expected result is R for all repositories because it is first.
- *
- * But if the defined permissions are:
- * RWD:projects/.*
- * R:.*
- * then the expected result is RWD for projects/test.git and R for test.git
- *
- * @param reverseOrder
- * @throws Exception
- */
- private void testTeam(boolean reverseOrder) throws Exception {
- RepositoryModel test = repo("test.git", AccessRestrictionType.VIEW);
- RepositoryModel projects_test = repo("projects/test.git", AccessRestrictionType.VIEW);
-
- TeamModel t1 = new TeamModel("t1");
- if (reverseOrder) {
- t1.setRepositoryPermission("projects/.*", AccessPermission.DELETE);
- t1.setRepositoryPermission(".*", AccessPermission.CLONE);
- } else {
- t1.setRepositoryPermission(".*", AccessPermission.CLONE);
- t1.setRepositoryPermission("projects/.*", AccessPermission.DELETE);
- }
- UserModel a = new UserModel("a");
- a.teams.add(t1);
-
- assertEquals(AccessPermission.CLONE, a.getRepositoryPermission(test).permission);
- assertTrue(a.canClone(test));
- assertFalse(a.canDeleteRef(test));
- assertTrue(a.canClone(projects_test));
-
- if (reverseOrder) {
- // RWD permission is found first
- assertEquals(AccessPermission.DELETE, a.getRepositoryPermission(projects_test).permission);
- assertTrue(a.canDeleteRef(projects_test));
- } else {
- // R permission is found first
- assertEquals(AccessPermission.CLONE, a.getRepositoryPermission(projects_test).permission);
- assertFalse(a.canDeleteRef(projects_test));
- }
- }
- }
|