|
1 import os.path as osp |
|
2 from unittest import TestCase |
|
3 |
|
4 from mercurialserver import ruleset |
|
5 |
|
6 class _RuleSetBaseTC(TestCase): |
|
7 alllevels = ["init", "write", "read", "deny", "none"] |
|
8 levels = alllevels[:-1] |
|
9 def setUp(self): |
|
10 self.rs = ruleset.Ruleset() |
|
11 self.rs.buildrules(self.accessrules.splitlines()) |
|
12 |
|
13 def check_level(self, level, **kw): |
|
14 idx = self.alllevels.index(level) |
|
15 msg = ", ".join(["%s=%s"%item for item in self.rs.preset.items()]) |
|
16 msg = msg + ": " |
|
17 if idx > 0: |
|
18 prevlevel = self.levels[idx-1] |
|
19 self.assertFalse(self.rs.allow(prevlevel, **kw), msg+prevlevel) |
|
20 if level != "none": |
|
21 self.assertTrue(self.rs.allow(level, **kw), msg+level) |
|
22 |
|
23 class RuleSetDefaultTC(_RuleSetBaseTC): |
|
24 accessrules = ''' |
|
25 init user=root/** |
|
26 deny repo=hgadmin |
|
27 write user=users/** |
|
28 ''' |
|
29 |
|
30 def test_norules(self): |
|
31 for level in self.levels: |
|
32 self.assertFalse(self.rs.allow(level), level) |
|
33 |
|
34 def test_root(self): |
|
35 self.rs.set(user='root/key') |
|
36 for level in self.levels: |
|
37 self.assertTrue(self.rs.allow(level), level) |
|
38 |
|
39 def test_user_norepo(self): |
|
40 self.rs.set(user='user/key') |
|
41 for level in self.levels: |
|
42 self.assertFalse(self.rs.allow(level), level) |
|
43 |
|
44 def test_user(self): |
|
45 self.rs.set(user='users/key') |
|
46 self.rs.set(repo='some/repo') |
|
47 self.check_level('write') |
|
48 |
|
49 def test_user_kwargs(self): |
|
50 self.check_level('write', user='users/key', repo='some/repo') |
|
51 |
|
52 class RuleSet2TC(_RuleSetBaseTC): |
|
53 accessrules = ''' |
|
54 init user=root/** |
|
55 deny repo=hgadmin |
|
56 init user=users/toto/* repo=toto |
|
57 write user=users/toto/* repo=pub/** |
|
58 write user=users/w/* |
|
59 write repo=allpub/** |
|
60 read user=users/** |
|
61 ''' |
|
62 |
|
63 def test_hgadmin(self): |
|
64 self.rs.set(repo='hgadmin') |
|
65 self.check_level('deny', user='users/key') |
|
66 self.check_level('deny', user='key') |
|
67 |
|
68 def test_user(self): |
|
69 self.check_level('read', user='users/key', repo='some/repo') |
|
70 |
|
71 def test_repo(self): |
|
72 self.check_level('init', user='users/toto/key', repo='toto') |
|
73 |
|
74 def test_write(self): |
|
75 self.rs.set(repo='toto') |
|
76 self.check_level('read', user='users/w') |
|
77 self.check_level('write', user='users/w/key') |
|
78 |
|
79 self.rs.set(repo='pub/stuff') |
|
80 self.check_level('read', user='users/w') |
|
81 self.check_level('write', user='users/w/key') |
|
82 self.check_level('read', user='users/toto') |
|
83 self.check_level('write', user='users/toto/key') |
|
84 |
|
85 self.rs.set(repo='other/repo') |
|
86 self.check_level('read', user='users/toto') |
|
87 self.check_level('read', user='users/toto/key') |
|
88 self.check_level('read', user='users/w') |
|
89 self.check_level('write', user='users/w/key') |
|
90 |
|
91 self.rs.set(repo='allpub/repo') |
|
92 self.check_level('write', user='users/toto') |
|
93 self.check_level('write', user='users/toto/key') |
|
94 self.check_level('write', user='users/w') |
|
95 self.check_level('write', user='users/w/key') |
|
96 |
|
97 self.rs.set(repo='hgadmin') |
|
98 self.check_level('deny', user='users/toto') |
|
99 self.check_level('deny', user='users/toto/key') |
|
100 self.check_level('deny', user='users/w') |
|
101 self.check_level('deny', user='users/w/key') |
|
102 |
|
103 def test_init(self): |
|
104 self.rs.set(repo='toto') |
|
105 self.check_level('read', user='users/toto') |
|
106 self.check_level('init', user='users/toto/key') |
|
107 |
|
108 class RuleSet3TC(_RuleSetBaseTC): |
|
109 accessrules = ''' |
|
110 read user=users/w/* repo=toto |
|
111 deny user=users/w/* repo=no |
|
112 write user=users/w/* |
|
113 read user=users/** |
|
114 ''' |
|
115 |
|
116 def test_user_w(self): |
|
117 self.rs.set(user='users/w/key') |
|
118 self.check_level('read', repo='toto') |
|
119 self.check_level('deny', repo='no') |
|
120 self.check_level('write', repo='other') |
|
121 |
|
122 def test_user_k(self): |
|
123 self.rs.set(user='users/k/key') |
|
124 self.check_level('read', repo='toto') |
|
125 self.check_level('read', repo='no') |
|
126 self.check_level('read', repo='other') |
|
127 |
|
128 def test_otheruser(self): |
|
129 self.rs.set(user='jay/key') |
|
130 self.check_level('none', repo='toto') |
|
131 self.check_level('none', repo='no') |
|
132 self.check_level('none', repo='other') |
|
133 |
|
134 class RuleSet4TC(_RuleSetBaseTC): |
|
135 accessrules = ''' |
|
136 read user=users/w/* repo=toto |
|
137 write user=users/w/* |
|
138 deny user=users/w/* repo=no |
|
139 read user=users/** |
|
140 ''' |
|
141 |
|
142 def test_user_w(self): |
|
143 self.rs.set(user='users/w/key') |
|
144 self.check_level('read', repo='toto') |
|
145 # deny has no effect here, write match first |
|
146 self.check_level('write', repo='no') |
|
147 self.check_level('write', repo='other') |
|
148 |
|
149 class RuleSet5TC(_RuleSetBaseTC): |
|
150 accessrules = ''' |
|
151 read user=users/w/* repo=toto |
|
152 deny user=users/w/* repo=no |
|
153 write user=users/w/* |
|
154 read user=users/** |
|
155 ''' |
|
156 |
|
157 def test_user_w(self): |
|
158 self.rs.set(user='users/w/key') |
|
159 self.check_level('read', repo='toto') |
|
160 # deny takes effect here |
|
161 self.check_level('deny', repo='no') |
|
162 self.check_level('write', repo='other') |
|
163 |
|
164 if __name__ == '__main__': |
|
165 from unittest import main |
|
166 main() |