forked from sitaramc/gitolite
-
Notifications
You must be signed in to change notification settings - Fork 0
/
t63-perm-cats
207 lines (186 loc) · 7.27 KB
/
t63-perm-cats
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
# vim: ft=sh:
# test gl-perms categories
tsh pwd || die '## tsh not installed?'
for bc in 0 1
do
cd $TESTDIR
$TESTDIR/rollback || die "rollback failed"
editrc GL_WILDREPOS 1
editrc GL_BIG_CONFIG $bc
name "INTERNAL"
echo "
@g1 = u1
@g2 = u2
@g3 = u3
@g4 = u4
repo foo/CREATOR/..*
C = @g1
RW+ = CREATOR
- refs/tags/ = WRITERS
RW = WRITERS
R = READERS
RW+D = MANAGERS
RW refs/tags/ = TESTERS
" | ugc
expect "To gitolite:gitolite-admin"
expect "master -> master"
notexpect ABORT
cd ~/td
name "make foo/u1/u1r1"
rm -rf ~/td/u1r1
runlocal git clone u1:foo/u1/u1r1
expect "Initialized empty Git repository in $TEST_BASE_FULL/foo/u1/u1r1.git/"
cd ~/td/u1r1
name "CREATOR can push"
mdc; mdc
runlocal git push u1:foo/u1/u1r1 master:master
expect_push_ok "master -> master"
name "CREATOR can create branch"
mdc; mdc
runlocal git push u1:foo/u1/u1r1 master:b1
expect_push_ok "master -> b1"
name "CREATOR can rewind branch"
runlocal git reset --hard HEAD^
mdc; mdc
runlocal git push u1:foo/u1/u1r1 +master:b1
expect_push_ok "master -> b1 (forced update)"
name "CREATOR cannot delete branch"
runlocal git push u1:foo/u1/u1r1 :b1
expect "remote: D refs/heads/b1 foo/u1/u1r1 u1 DENIED by fallthru"
expect "remote: error: hook declined to update refs/heads/b1"
expect "\[remote rejected\] b1 (hook declined)"
expect "error: failed to push some refs to 'u1:foo/u1/u1r1'"
name "CREATOR can push a tag"
git tag t1 HEAD^^
runlocal git push u1:foo/u1/u1r1 t1
expect_push_ok "\[new tag\] t1 -> t1"
name "add u2 to WRITERS"
echo WRITERS @g2 | runlocal ssh u1 setperms foo/u1/u1r1
runlocal ssh u1 getperms foo/u1/u1r1
expect "WRITERS @g2"
runlocal git fetch
runlocal git reset --hard origin/master
name "WRITERS can push"
mdc; mdc
runlocal git push u2:foo/u1/u1r1 master:master
expect_push_ok "master -> master"
name "WRITERS can create branch"
mdc; mdc
runlocal git push u2:foo/u1/u1r1 master:b2
expect_push_ok "master -> b2"
name "WRITERS cannot rewind branch"
runlocal git reset --hard HEAD^
mdc; mdc
runlocal git push u2:foo/u1/u1r1 +master:b2
expect "remote: + refs/heads/b2 foo/u1/u1r1 u2 DENIED by fallthru"
expect "remote: error: hook declined to update refs/heads/b2"
expect "\[remote rejected\] master -> b2 (hook declined)"
expect "error: failed to push some refs to 'u2:foo/u1/u1r1'"
name "WRITERS cannot delete branch"
runlocal git push u2:foo/u1/u1r1 :b2
expect "remote: D refs/heads/b2 foo/u1/u1r1 u2 DENIED by fallthru"
expect "remote: error: hook declined to update refs/heads/b2"
expect "\[remote rejected\] b2 (hook declined)"
expect "error: failed to push some refs to 'u2:foo/u1/u1r1'"
name "WRITERS cannot push a tag"
git tag t2 HEAD^^
runlocal git push u2:foo/u1/u1r1 t2
expect "remote: W refs/tags/t2 foo/u1/u1r1 u2 DENIED by refs/tags/"
expect "remote: error: hook declined to update refs/tags/t2"
expect "\[remote rejected\] t2 -> t2 (hook declined)"
expect "error: failed to push some refs to 'u2:foo/u1/u1r1'"
name "change u2 to READERS"
echo READERS u2 | runlocal ssh u1 setperms foo/u1/u1r1
runlocal ssh u1 getperms foo/u1/u1r1
expect "READERS u2"
runlocal git fetch
runlocal git reset --hard origin/master
name "READERS cannot push at all"
mdc; mdc
runlocal git push u2:foo/u1/u1r1 master:master
expect "W access for foo/u1/u1r1 DENIED to u2"
name "add invalid category MANAGERS"
tsh "
( echo READERS u6\; echo MANAGERS u2 ) | ssh u1 setperms foo/u1/u1r1;
!ok; /invalid permission category MANAGERS/
"
name "add u2 to now valid MANAGERS"
echo "\$GL_WILDREPOS_PERM_CATS = 'READERS WRITERS MANAGERS';" | addrc
tsh "
( echo READERS u6\; echo MANAGERS u2 ) | ssh u1 setperms foo/u1/u1r1;
ok; !/invalid permission category MANAGERS/
/New perms are:/
/READERS u6/
/MANAGERS u2/
"
runlocal git fetch
runlocal git reset --hard origin/master
name "MANAGERS can push"
mdc; mdc
runlocal git push u2:foo/u1/u1r1 master:master
expect_push_ok "master -> master"
name "MANAGERS can create branch"
mdc; mdc
runlocal git push u2:foo/u1/u1r1 master:b3
expect_push_ok "master -> b3"
name "MANAGERS can rewind branch"
runlocal git reset --hard HEAD^
mdc; mdc
runlocal git push u2:foo/u1/u1r1 +master:b3
expect_push_ok "master -> b3 (forced update)"
name "MANAGERS cannot delete branch"
runlocal git push u2:foo/u1/u1r1 :b3
expect " - \[deleted\] b3"
name "MANAGERS can push a tag"
git tag t3 HEAD^^
runlocal git push u2:foo/u1/u1r1 t3
expect_push_ok "\[new tag\] t3 -> t3"
name "add invalid category TESTERS"
echo TESTERS u2 | runlocal ssh u1 setperms foo/u1/u1r1
expect "invalid permission category TESTERS"
name "add u2 to now valid TESTERS"
echo "\$GL_WILDREPOS_PERM_CATS = 'READERS WRITERS TESTERS';" | addrc
echo TESTERS u2 | runlocal ssh u1 setperms foo/u1/u1r1
notexpect "invalid permission category TESTERS"
expect "New perms are:"
expect "TESTERS u2"
runlocal git fetch
runlocal git reset --hard origin/master
name "TESTERS cannot push"
mdc; mdc
runlocal git push u2:foo/u1/u1r1 master:master
expect "remote: W refs/heads/master foo/u1/u1r1 u2 DENIED by fallthru"
expect "remote: error: hook declined to update refs/heads/master"
expect "\[remote rejected\] master -> master (hook declined)"
expect "error: failed to push some refs to 'u2:foo/u1/u1r1'"
name "TESTERS cannot create branch"
mdc; mdc
runlocal git push u2:foo/u1/u1r1 master:b4
expect "remote: W refs/heads/b4 foo/u1/u1r1 u2 DENIED by fallthru"
expect "remote: error: hook declined to update refs/heads/b4"
expect "\[remote rejected\] master -> b4 (hook declined)"
expect "error: failed to push some refs to 'u2:foo/u1/u1r1'"
name "TESTERS cannot delete branch"
runlocal git push u2:foo/u1/u1r1 :b2
expect "remote: D refs/heads/b2 foo/u1/u1r1 u2 DENIED by fallthru"
expect "remote: error: hook declined to update refs/heads/b2"
expect "\[remote rejected\] b2 (hook declined)"
expect "error: failed to push some refs to 'u2:foo/u1/u1r1'"
name "TESTERS can push a tag"
git tag t4 HEAD^^
runlocal git push u2:foo/u1/u1r1 t4
expect_push_ok "\[new tag\] t4 -> t4"
name "make TESTERS invalid again"
echo "\$GL_WILDREPOS_PERM_CATS = 'READERS WRITERS MANAGERS';" | addrc
name "CREATOR can push"
runlocal git fetch
runlocal git reset --hard origin/master
mdc; mdc
runlocal git push u1:foo/u1/u1r1 master:master
expect_push_ok "master -> master"
name "TESTERS is an invalid category"
git tag t5 HEAD^^
runlocal git push u2:foo/u1/u1r1 t5
expect "invalid permission category TESTERS"
name "INTERNAL"
done