@Test
public void testInheritDuplicateSections() throws Exception {
allow(util.getParentConfig(), READ, ADMIN, "refs/*");
allow(local, READ, DEVS, "refs/heads/*");
local.getProject().setParentName(util.getParentConfig().getProject().getName());
assertTrue("a can read", util.user(local, "a", ADMIN).isVisible());
local = new ProjectConfig(new Project.NameKey("local"));
local.load(newRepository(localKey));
allow(local, READ, DEVS, "refs/*");
assertTrue("d can read", util.user(local, "d", DEVS).isVisible());
}
@Test
public void testBlockRule_ParentBlocksChild() {
allow(local, PUSH, DEVS, "refs/tags/*");
block(util.getParentConfig(), PUSH, ANONYMOUS_USERS, "refs/tags/*");
ProjectControl u = util.user(local, DEVS);
assertFalse("u can't update tag", u.controlForRef("refs/tags/V10").canUpdate());
}
@Test
public void testUnblockInLocalVisibilityByRegisteredUsers_Fails() {
block(util.getParentConfig(), READ, ANONYMOUS_USERS, "refs/heads/*");
allow(local, READ, REGISTERED_USERS, "refs/heads/*");
ProjectControl u = util.user(local, REGISTERED_USERS);
assertFalse("u can't read", u.controlForRef("refs/heads/master").isVisibleByRegisteredUsers());
}
@Test
public void testInheritRead_OverrideWithDeny() {
allow(util.getParentConfig(), READ, REGISTERED_USERS, "refs/*");
deny(local, READ, REGISTERED_USERS, "refs/*");
ProjectControl u = util.user(local);
assertFalse("can't read", u.isVisible());
}
@Test
public void testUnblockInLocal_Fails() {
block(util.getParentConfig(), PUSH, ANONYMOUS_USERS, "refs/heads/*");
allow(local, PUSH, fixers, "refs/heads/*");
ProjectControl f = util.user(local, fixers);
assertFalse("u can't push", f.controlForRef("refs/heads/master").canUpdate());
}
@Test
public void testSortWithRegex() {
allow(local, READ, DEVS, "^refs/heads/.*");
allow(util.getParentConfig(), READ, ANONYMOUS_USERS, "^refs/heads/.*-QA-.*");
ProjectControl u = util.user(local, DEVS), d = util.user(local, DEVS);
assertTrue("u can read", u.controlForRef("refs/heads/foo-QA-bar").isVisible());
assertTrue("d can read", d.controlForRef("refs/heads/foo-QA-bar").isVisible());
}
@Test
public void testUnblockInParentBlockInLocal() {
block(util.getParentConfig(), PUSH, ANONYMOUS_USERS, "refs/heads/*");
allow(util.getParentConfig(), PUSH, DEVS, "refs/heads/*");
block(local, PUSH, DEVS, "refs/heads/*");
ProjectControl d = util.user(local, DEVS);
assertFalse("u can't push", d.controlForRef("refs/heads/master").canUpdate());
}
@Test
public void testUnblockInLocalForceEditTopicName_Fails() {
block(util.getParentConfig(), EDIT_TOPIC_NAME, ANONYMOUS_USERS, "refs/heads/*");
allow(local, EDIT_TOPIC_NAME, DEVS, "refs/heads/*").setForce(true);
ProjectControl u = util.user(local, REGISTERED_USERS);
assertFalse(
"u can't edit topic name", u.controlForRef("refs/heads/master").canForceEditTopicName());
}
@Test
public void testUnblockInLocalRange_Fails() {
block(util.getParentConfig(), LABEL + "Code-Review", -1, 1, ANONYMOUS_USERS, "refs/heads/*");
allow(local, LABEL + "Code-Review", -2, +2, DEVS, "refs/heads/*");
ProjectControl u = util.user(local, DEVS);
PermissionRange range = u.controlForRef("refs/heads/master").getRange(LABEL + "Code-Review");
assertFalse("u can't vote -2", range.contains(-2));
assertFalse("u can't vote 2", range.contains(2));
}
@Test
public void testInheritSubmit_OverridesAndDeniesOfRef() {
allow(util.getParentConfig(), SUBMIT, REGISTERED_USERS, "refs/*");
deny(local, SUBMIT, REGISTERED_USERS, "refs/*");
allow(local, SUBMIT, REGISTERED_USERS, "refs/heads/*");
ProjectControl u = util.user(local);
assertFalse("can't submit", u.controlForRef("refs/foobar").canSubmit());
assertFalse("can't submit", u.controlForRef("refs/tags/foobar").canSubmit());
assertTrue("can submit", u.controlForRef("refs/heads/foobar").canSubmit());
}
@Test
public void testInheritRead_AppendWithDenyOfRef() {
allow(util.getParentConfig(), READ, REGISTERED_USERS, "refs/*");
deny(local, READ, REGISTERED_USERS, "refs/heads/*");
ProjectControl u = util.user(local);
assertTrue("can read", u.isVisible());
assertTrue("can read", u.controlForRef("refs/master").isVisible());
assertTrue("can read", u.controlForRef("refs/tags/foobar").isVisible());
assertTrue("no master", u.controlForRef("refs/heads/master").isVisible());
}
@Test
public void testBlockPushDrafts() {
allow(util.getParentConfig(), PUSH, REGISTERED_USERS, "refs/for/refs/*");
block(util.getParentConfig(), PUSH, ANONYMOUS_USERS, "refs/drafts/*");
ProjectControl u = util.user(local);
assertTrue("can upload refs/heads/master", u.controlForRef("refs/heads/master").canUpload());
assertTrue(
"push is blocked to refs/drafts/master",
u.controlForRef("refs/drafts/refs/heads/master").isBlocked(PUSH));
}
@Test
public void testCannotUploadToAnyRef() {
allow(util.getParentConfig(), READ, REGISTERED_USERS, "refs/*");
allow(local, READ, DEVS, "refs/heads/*");
allow(local, PUSH, DEVS, "refs/for/refs/heads/*");
ProjectControl u = util.user(local);
assertFalse("cannot upload", u.canPushToAtLeastOneRef() == Capable.OK);
assertFalse(
"cannot upload refs/heads/master", //
u.controlForRef("refs/heads/master").canUpload());
}
@Test
public void testInheritRead_OverridesAndDeniesOfRef() {
allow(util.getParentConfig(), READ, REGISTERED_USERS, "refs/*");
deny(local, READ, REGISTERED_USERS, "refs/*");
allow(local, READ, REGISTERED_USERS, "refs/heads/*");
ProjectControl u = util.user(local);
assertTrue("can read", u.isVisible());
assertFalse("can't read", u.controlForRef("refs/foobar").isVisible());
assertFalse("can't read", u.controlForRef("refs/tags/foobar").isVisible());
assertTrue("can read", u.controlForRef("refs/heads/foobar").isVisible());
}
@Test
public void testBlockLabelRange_ParentBlocksChild() {
allow(local, LABEL + "Code-Review", -2, +2, DEVS, "refs/heads/*");
block(util.getParentConfig(), LABEL + "Code-Review", -2, +2, DEVS, "refs/heads/*");
ProjectControl u = util.user(local, DEVS);
PermissionRange range = u.controlForRef("refs/heads/master").getRange(LABEL + "Code-Review");
assertTrue("u can vote -1", range.contains(-1));
assertTrue("u can vote +1", range.contains(1));
assertFalse("u can't vote -2", range.contains(-2));
assertFalse("u can't vote 2", range.contains(2));
}
@Test
public void testBlockPushDraftsUnblockAdmin() {
block(util.getParentConfig(), PUSH, ANONYMOUS_USERS, "refs/drafts/*");
allow(util.getParentConfig(), PUSH, ADMIN, "refs/drafts/*");
assertTrue(
"push is blocked for anonymous to refs/drafts/master",
util.user(local).controlForRef("refs/drafts/refs/heads/master").isBlocked(PUSH));
assertFalse(
"push is blocked for admin refs/drafts/master",
util.user(local, "a", ADMIN)
.controlForRef("refs/drafts/refs/heads/master")
.isBlocked(PUSH));
}
@Test
public void testInheritRead_SingleBranchDoesNotOverrideInherited() {
allow(util.getParentConfig(), READ, REGISTERED_USERS, "refs/*");
allow(util.getParentConfig(), PUSH, REGISTERED_USERS, "refs/for/refs/*");
allow(local, READ, REGISTERED_USERS, "refs/heads/foobar");
ProjectControl u = util.user(local);
assertTrue("can upload", u.canPushToAtLeastOneRef() == Capable.OK);
assertTrue(
"can upload refs/heads/master", //
u.controlForRef("refs/heads/master").canUpload());
assertTrue(
"can upload refs/heads/foobar", //
u.controlForRef("refs/heads/foobar").canUpload());
}