test/unittest_ruleset.py
author David Douard <david.douard@logilab.fr>
Mon, 03 Nov 2014 11:12:45 +0100
changeset 372 80f78674c56e
parent 371 e9ce904b62a9
permissions -rw-r--r--
Add support for phases This adds a "publish" permission level (between "init" and "write") required to be able to change the phase of a changeset from "draft" to "public". Update documentation accordingly. This is meant to be used for using the changeset evolution feature of mercurial, see http://evolution.experimentalworks.net/doc/

import os.path as osp
from unittest import TestCase

from mercurialserver import ruleset

class _RuleSetBaseTC(TestCase):
    alllevels = ["init", "publish", "write", "read", "deny", "none"]
    levels = alllevels[:-1]
    def setUp(self):
        self.rs = ruleset.Ruleset()
        self.rs.buildrules(self.accessrules.splitlines())

    def check_level(self, level, **kw):
        idx = self.alllevels.index(level)
        msg = ", ".join(["%s=%s"%item for item in self.rs.preset.items()])
        msg = msg + ": "
        if idx > 0:
            prevlevel = self.levels[idx-1]
            self.assertFalse(self.rs.allow(prevlevel, **kw), msg+prevlevel)
        if level != "none":
            self.assertTrue(self.rs.allow(level, **kw), msg+level)

class RuleSetDefaultTC(_RuleSetBaseTC):
    accessrules = '''
init user=root/**
deny repo=hgadmin
write user=users/**
'''

    def test_norules(self):
        for level in self.levels:
            self.assertFalse(self.rs.allow(level), level)

    def test_root(self):
        self.rs.set(user='root/key')
        for level in self.levels:
            self.assertTrue(self.rs.allow(level), level)

    def test_user_norepo(self):
        self.rs.set(user='user/key')
        for level in self.levels:
            self.assertFalse(self.rs.allow(level), level)

    def test_user(self):
        self.rs.set(user='users/key')
        self.rs.set(repo='some/repo')
        self.check_level('write')

    def test_user_kwargs(self):
        self.check_level('write', user='users/key', repo='some/repo')

class RuleSet2TC(_RuleSetBaseTC):
    accessrules = '''
init user=root/**
deny repo=hgadmin
init user=users/toto/* repo=toto
write user=users/toto/* repo=pub/**
write user=users/w/*
write repo=allpub/**
read user=users/**
'''

    def test_hgadmin(self):
        self.rs.set(repo='hgadmin')
        self.check_level('deny', user='users/key')
        self.check_level('deny', user='key')

    def test_user(self):
        self.check_level('read', user='users/key', repo='some/repo')

    def test_repo(self):
        self.check_level('init', user='users/toto/key', repo='toto')

    def test_write(self):
        self.rs.set(repo='toto')
        self.check_level('read', user='users/w')
        self.check_level('write', user='users/w/key')

        self.rs.set(repo='pub/stuff')
        self.check_level('read', user='users/w')
        self.check_level('write', user='users/w/key')
        self.check_level('read', user='users/toto')
        self.check_level('write', user='users/toto/key')

        self.rs.set(repo='other/repo')
        self.check_level('read', user='users/toto')
        self.check_level('read', user='users/toto/key')
        self.check_level('read', user='users/w')
        self.check_level('write', user='users/w/key')

        self.rs.set(repo='allpub/repo')
        self.check_level('write', user='users/toto')
        self.check_level('write', user='users/toto/key')
        self.check_level('write', user='users/w')
        self.check_level('write', user='users/w/key')

        self.rs.set(repo='hgadmin')
        self.check_level('deny', user='users/toto')
        self.check_level('deny', user='users/toto/key')
        self.check_level('deny', user='users/w')
        self.check_level('deny', user='users/w/key')

    def test_init(self):
        self.rs.set(repo='toto')
        self.check_level('read', user='users/toto')
        self.check_level('init', user='users/toto/key')

class RuleSet3TC(_RuleSetBaseTC):
    accessrules = '''
read  user=users/w/* repo=toto
deny  user=users/w/* repo=no
write user=users/w/*
read  user=users/**
'''

    def test_user_w(self):
        self.rs.set(user='users/w/key')
        self.check_level('read', repo='toto')
        self.check_level('deny', repo='no')
        self.check_level('write', repo='other')

    def test_user_k(self):
        self.rs.set(user='users/k/key')
        self.check_level('read', repo='toto')
        self.check_level('read', repo='no')
        self.check_level('read', repo='other')

    def test_otheruser(self):
        self.rs.set(user='jay/key')
        self.check_level('none', repo='toto')
        self.check_level('none', repo='no')
        self.check_level('none', repo='other')

class RuleSet4TC(_RuleSetBaseTC):
    accessrules = '''
read  user=users/w/* repo=toto
write user=users/w/*
deny  user=users/w/* repo=no
read  user=users/**
'''

    def test_user_w(self):
        self.rs.set(user='users/w/key')
        self.check_level('read', repo='toto')
        # deny has no effect here, write match first
        self.check_level('write', repo='no')
        self.check_level('write', repo='other')

class RuleSet5TC(_RuleSetBaseTC):
    accessrules = '''
read  user=users/w/* repo=toto
deny  user=users/w/* repo=no
write user=users/w/*
read  user=users/**
'''

    def test_user_w(self):
        self.rs.set(user='users/w/key')
        self.check_level('read', repo='toto')
        # deny takes effect here
        self.check_level('deny', repo='no')
        self.check_level('write', repo='other')

class RuleSetPublishTC(_RuleSetBaseTC):
    accessrules = '''
init user=root/**
deny repo=hgadmin
init user=users/toto/* repo=toto
publish user=users/toto/* repo=pub/**
publish repo=allpub/**
write user=users/w/*
read user=users/**
'''
    def test_publish(self):
        self.rs.set(user='users/w/key')
        self.check_level('publish', repo='allpub/stuff')
        self.check_level('write', repo='toto')
        self.check_level('write', repo='other/stuff')

        self.rs.set(repo='pub/stuff')
        self.check_level('write', user='users/w/key')
        self.check_level('publish', user='users/toto/key')


if __name__ == '__main__':
    from unittest import main
    main()