Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Fetching contributors…

Octocat-spinner-32-eaf2f5

Cannot retrieve contributors at this time

executable file 173 lines (130 sloc) 2.745 kb
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172
#!/usr/bin/perl
use strict;
use warnings;

# this is hardcoded; change it if needed
use lib "src/lib";
use Gitolite::Test;

# more on deny-rules
# ----------------------------------------------------------------------

try "plan 126";

try "
DEF GOOD = /refs/\\.\\*/
DEF BAD = /DENIED/

DEF Ryes = gitolite access %1 %2 R any; ok; GOOD
DEF Rno = gitolite access %1 %2 R any; !ok; BAD

DEF Wyes = gitolite access %1 %2 W any; ok; GOOD
DEF Wno = gitolite access %1 %2 W any; !ok; BAD

DEF GWyes = Ryes %1 gitweb
DEF GWno = Rno %1 gitweb

DEF GDyes = Ryes %1 daemon
DEF GDno = Rno %1 daemon
";

confreset;confadd '
repo one
RW+ = u1
R = u2
- = u2 u3
R = @all
';

try "ADMIN_PUSH set1; !/FATAL/" or die text();

try "
Wyes one u1

Ryes one u2
Wno one u2

Ryes one u3
Wno one u3

Ryes one u6
Wno one u6

GDyes one
GWyes one
";

confadd '
option deny-rules = 1
';

try "ADMIN_PUSH set1; !/FATAL/" or die text();

try "
Wyes one u1

Ryes one u2
Wno one u2

Rno one u3

Ryes one u6
Wno one u6

GDyes one
GWyes one
";

confadd '
repo two
RW+ = u1
R = u2
- = u2 u3 gitweb daemon
R = @all
';

try "ADMIN_PUSH set1; !/FATAL/" or die text();

try "
GWyes two
GDyes two
";

confadd '
option deny-rules = 1
';

try "ADMIN_PUSH set1; !/FATAL/" or die text();

try "
GWno two
GDno two
";

# set 3 -- allow gitweb to all but admin repo

confadd '
repo gitolite-admin
- = gitweb daemon
option deny-rules = 1

repo three
RW+ = u3
R = gitweb daemon
';

try "ADMIN_PUSH set1; !/FATAL/" or die text();

try "
GDyes three
GWyes three
GDno gitolite-admin
GWno gitolite-admin
";

# set 4 -- allow gitweb to all but admin repo

confadd '
repo four
RW+ = u4
- = gitweb daemon

repo @all
R = @all
';
try "ADMIN_PUSH set1; !/FATAL/" or die text();

try "
GDyes four
GWyes four
GDno gitolite-admin
GWno gitolite-admin
";

# set 5 -- go wild

confreset; confadd '
repo foo/..*
C = u1
RW+ = CREATOR
- = gitweb daemon
R = @all

repo bar/..*
C = u2
RW+ = CREATOR
- = gitweb daemon
R = @all
option deny-rules = 1
';
try "ADMIN_PUSH set1; !/FATAL/" or die text();

try "
glt ls-remote u1 file:///foo/one
glt ls-remote u2 file:///bar/two
Wyes foo/one u1
Wyes bar/two u2

GDyes foo/one
GDyes foo/one
GWno bar/two
GWno bar/two
";
Something went wrong with that request. Please try again.