search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
fix 'C' and 'M' tests in 'gitolite access'...
[gitolite.git] / t / perm-roles.t
blobc4d017f2dedaa0c9c29457d2c39837ea42daebf0
1 #!/usr/bin/perl
2 use strict;
3 use warnings;
4
5 # this is hardcoded; change it if needed
6 use lib "src/lib";
7 use Gitolite::Test;
8
9 # permissions using role names
10 # ----------------------------------------------------------------------
11
12 try "plan 91";
13 try "DEF POK = !/DENIED/; !/failed to push/";
14
15 confreset; confadd '
16 @g1 = u1
17 @g2 = u2
18 @g3 = u3
19 @g4 = u4
20 repo foo/CREATOR/..*
21 C = @g1
22 RW+ = CREATOR
23 - refs/tags/ = WRITERS
24 RW = WRITERS
25 R = READERS
26 RW+D = MANAGERS
27 RW refs/tags/ = TESTERS
28 ';
29
30 try "ADMIN_PUSH set1; !/FATAL/" or die text();
31
32 try "
33
34 cd ..
35
36 # make foo/u1/u1r1
37 rm -rf ~/td/u1r1
38 glt clone u1 file:///foo/u1/u1r1
39 /Initialized empty Git repository in .*/foo/u1/u1r1.git//
40 cd u1r1
41
42 # CREATOR can push
43 tc e-549 e-550
44 glt push u1 file:///foo/u1/u1r1 master:master
45 POK; /master -> master/
46 # CREATOR can create branch
47 tc w-277 w-278
48 glt push u1 file:///foo/u1/u1r1 master:b1
49 POK; /master -> b1/
50 # CREATOR can rewind branch
51 git reset --hard HEAD^
52 tc d-987 d-988
53 glt push u1 file:///foo/u1/u1r1 +master:b1
54 POK; /master -> b1 \\(forced update\\)/
55 # CREATOR cannot delete branch
56 glt push u1 file:///foo/u1/u1r1 :b1
57 /D refs/heads/b1 foo/u1/u1r1 u1 DENIED by fallthru/
58 reject
59
60 # CREATOR can push a tag
61 git tag t1 HEAD^^
62 glt push u1 file:///foo/u1/u1r1 t1
63 POK; /\\[new tag\\] t1 -> t1/
64
65 # add u2 to WRITERS
66 echo WRITERS \@g2 | glt perms u1 -c foo/u1/u1r1
67 glt perms u1 foo/u1/u1r1 -l
68 /WRITERS \@g2/
69
70 glt fetch u1
71 git reset --hard origin/master
72
73 # WRITERS can push
74 tc j-185 j-186
75 glt push u2 file:///foo/u1/u1r1 master:master
76 POK; /master -> master/
77 # WRITERS can create branch
78 tc u-420 u-421
79 glt push u2 file:///foo/u1/u1r1 master:b2
80 POK; /master -> b2/
81 # WRITERS cannot rewind branch
82 git reset --hard HEAD^
83 tc l-136 l-137
84 glt push u2 file:///foo/u1/u1r1 +master:b2
85 /\\+ refs/heads/b2 foo/u1/u1r1 u2 DENIED by fallthru/
86 reject
87 # WRITERS cannot delete branch
88 glt push u2 file:///foo/u1/u1r1 :b2
89 /D refs/heads/b2 foo/u1/u1r1 u2 DENIED by fallthru/
90 reject
91 # WRITERS cannot push a tag
92 git tag t2 HEAD^^
93 glt push u2 file:///foo/u1/u1r1 t2
94 /W refs/tags/t2 foo/u1/u1r1 u2 DENIED by refs/tags//
95 reject
96
97 # change u2 to READERS
98 echo READERS u2 | glt perms u1 -c foo/u1/u1r1
99 glt perms u1 foo/u1/u1r1 -l
100 /READERS u2/
101
102 glt fetch u1
103 git reset --hard origin/master
104
105 # READERS cannot push at all
106 tc v-753 v-754
107 glt push u2 file:///foo/u1/u1r1 master:master
108 /W any foo/u1/u1r1 u2 DENIED by fallthru/
109
110 # add invalid category MANAGERS
111 /usr/bin/printf 'READERS u6\\nMANAGERS u2\\n' | glt perms u1 -c foo/u1/u1r1
112 !ok
113 /Invalid role 'MANAGERS'/
114 ";
115
116 # make MANAGERS valid
117 put "$ENV{HOME}/g3trc", "\$rc{ROLES}{MANAGERS} = 1;\n";
118
119 # add u2 to now valid MANAGERS
120 try "
121 ENV G3T_RC=$ENV{HOME}/g3trc
122 gitolite compile; ok or die compile failed
123 /usr/bin/printf 'READERS u6\\nMANAGERS u2\\n' | glt perms u1 -c foo/u1/u1r1
124 ok; !/Invalid role 'MANAGERS'/
125 glt perms u1 foo/u1/u1r1 -l
126 ";
127
128 cmp 'READERS u6
129 MANAGERS u2
130 ';
131
132 try "
133 glt fetch u1
134 git reset --hard origin/master
135
136 # MANAGERS can push
137 tc d-714 d-715
138 glt push u2 file:///foo/u1/u1r1 master:master
139 POK; /master -> master/
140
141 # MANAGERS can create branch
142 tc n-614 n-615
143 glt push u2 file:///foo/u1/u1r1 master:b3
144 POK; /master -> b3/
145 # MANAGERS can rewind branch
146 git reset --hard HEAD^
147 tc a-511 a-512
148 glt push u2 file:///foo/u1/u1r1 +master:b3
149 POK; /master -> b3 \\(forced update\\)/
150 # MANAGERS cannot delete branch
151 glt push u2 file:///foo/u1/u1r1 :b3
152 / - \\[deleted\\] b3/
153 # MANAGERS can push a tag
154 git tag t3 HEAD^^
155 glt push u2 file:///foo/u1/u1r1 t3
156 POK; /\\[new tag\\] t3 -> t3/
157
158 # add invalid category TESTERS
159 echo TESTERS u2 | glt perms u1 -c foo/u1/u1r1
160 !ok
161 /Invalid role 'TESTERS'/
162 ";
163
164 # make TESTERS valid
165 put "|cat >> $ENV{HOME}/g3trc", "\$rc{ROLES}{TESTERS} = 1;\n";
166
167 try "
168 gitolite compile; ok or die compile failed
169 # add u2 to now valid TESTERS
170 echo TESTERS u2 | glt perms u1 -c foo/u1/u1r1
171 !/Invalid role 'TESTERS'/
172 glt perms u1 foo/u1/u1r1 -l
173 ";
174
175 cmp 'TESTERS u2
176 ';
177
178 try "
179 glt fetch u1
180 git reset --hard origin/master
181
182 # TESTERS cannot push
183 tc d-134 d-135
184 glt push u2 file:///foo/u1/u1r1 master:master
185 /W refs/heads/master foo/u1/u1r1 u2 DENIED by fallthru/
186 reject
187 # TESTERS cannot create branch
188 tc p-668 p-669
189 glt push u2 file:///foo/u1/u1r1 master:b4
190 /W refs/heads/b4 foo/u1/u1r1 u2 DENIED by fallthru/
191 reject
192 # TESTERS cannot delete branch
193 glt push u2 file:///foo/u1/u1r1 :b2
194 /D refs/heads/b2 foo/u1/u1r1 u2 DENIED by fallthru/
195 reject
196 # TESTERS can push a tag
197 git tag t4 HEAD^^
198 glt push u2 file:///foo/u1/u1r1 t4
199 POK; /\\[new tag\\] t4 -> t4/
200 ";
201
202 # make TESTERS invalid again
203 put "$ENV{HOME}/g3trc", "\$rc{ROLES}{MANAGERS} = 1;\n";
204
205 try "
206 gitolite compile; ok or die compile failed
207 # CREATOR can push
208 glt fetch u1
209 git reset --hard origin/master
210 tc y-626 y-627
211 glt push u1 file:///foo/u1/u1r1 master:master
212 POK; /master -> master/
213 # TESTERS is an invalid category
214 git tag t5 HEAD^^
215 glt push u2 file:///foo/u1/u1r1 t5
216 /role 'TESTERS' not allowed, ignoring/
217 /W any foo/u1/u1r1 u2 DENIED by fallthru/
218 ";