예제 #1
0
  @Test
  public void testBlockRule_ParentBlocksChildEvenIfAlreadyBlockedInChild() {
    allow(local, PUSH, DEVS, "refs/tags/*");
    block(local, PUSH, ANONYMOUS_USERS, "refs/tags/*");
    block(util.getParentConfig(), PUSH, ANONYMOUS_USERS, "refs/tags/*");

    ProjectControl u = util.user(local, DEVS);
    assertFalse("u can't update tag", u.controlForRef("refs/tags/V10").canUpdate());
  }
예제 #2
0
  @Test
  public void testUnblockInParentBlockInLocal() {
    block(util.getParentConfig(), PUSH, ANONYMOUS_USERS, "refs/heads/*");
    allow(util.getParentConfig(), PUSH, DEVS, "refs/heads/*");
    block(local, PUSH, DEVS, "refs/heads/*");

    ProjectControl d = util.user(local, DEVS);
    assertFalse("u can't push", d.controlForRef("refs/heads/master").canUpdate());
  }
예제 #3
0
  @Test
  public void testBlockLabelRange_ParentBlocksChildEvenIfAlreadyBlockedInChild() {
    allow(local, LABEL + "Code-Review", -2, +2, DEVS, "refs/heads/*");
    block(local, LABEL + "Code-Review", -2, +2, DEVS, "refs/heads/*");
    block(util.getParentConfig(), LABEL + "Code-Review", -2, +2, DEVS, "refs/heads/*");

    ProjectControl u = util.user(local, DEVS);

    PermissionRange range = u.controlForRef("refs/heads/master").getRange(LABEL + "Code-Review");
    assertTrue("u can vote -1", range.contains(-1));
    assertTrue("u can vote +1", range.contains(1));
    assertFalse("u can't vote -2", range.contains(-2));
    assertFalse("u can't vote 2", range.contains(2));
  }
예제 #4
0
  @Test
  public void testUnblockInLocalVisibilityByRegisteredUsers_Fails() {
    block(util.getParentConfig(), READ, ANONYMOUS_USERS, "refs/heads/*");
    allow(local, READ, REGISTERED_USERS, "refs/heads/*");

    ProjectControl u = util.user(local, REGISTERED_USERS);
    assertFalse("u can't read", u.controlForRef("refs/heads/master").isVisibleByRegisteredUsers());
  }
예제 #5
0
  @Test
  public void testUnblockVisibilityByREGISTEREDUsers() {
    block(local, READ, ANONYMOUS_USERS, "refs/heads/*");
    allow(local, READ, REGISTERED_USERS, "refs/heads/*");

    ProjectControl u = util.user(local, REGISTERED_USERS);
    assertTrue("u can read", u.controlForRef("refs/heads/master").isVisibleByRegisteredUsers());
  }
예제 #6
0
  @Test
  public void testUnblockInLocal_Fails() {
    block(util.getParentConfig(), PUSH, ANONYMOUS_USERS, "refs/heads/*");
    allow(local, PUSH, fixers, "refs/heads/*");

    ProjectControl f = util.user(local, fixers);
    assertFalse("u can't push", f.controlForRef("refs/heads/master").canUpdate());
  }
예제 #7
0
  @Test
  public void testUnblockLargerScope_Fails() {
    block(local, PUSH, ANONYMOUS_USERS, "refs/heads/master");
    allow(local, PUSH, DEVS, "refs/heads/*");

    ProjectControl u = util.user(local, DEVS);
    assertFalse("u can't push", u.controlForRef("refs/heads/master").canUpdate());
  }
예제 #8
0
  @Test
  public void testUnblockNoForce() {
    block(local, PUSH, ANONYMOUS_USERS, "refs/heads/*");
    allow(local, PUSH, DEVS, "refs/heads/*");

    ProjectControl u = util.user(local, DEVS);
    assertTrue("u can push", u.controlForRef("refs/heads/master").canUpdate());
  }
예제 #9
0
  @Test
  public void testUnblockInLocalForceEditTopicName_Fails() {
    block(util.getParentConfig(), EDIT_TOPIC_NAME, ANONYMOUS_USERS, "refs/heads/*");
    allow(local, EDIT_TOPIC_NAME, DEVS, "refs/heads/*").setForce(true);

    ProjectControl u = util.user(local, REGISTERED_USERS);
    assertFalse(
        "u can't edit topic name", u.controlForRef("refs/heads/master").canForceEditTopicName());
  }
예제 #10
0
  @Test
  public void testUnblockForceEditTopicName() {
    block(local, EDIT_TOPIC_NAME, ANONYMOUS_USERS, "refs/heads/*");
    allow(local, EDIT_TOPIC_NAME, DEVS, "refs/heads/*").setForce(true);

    ProjectControl u = util.user(local, DEVS);
    assertTrue(
        "u can edit topic name", u.controlForRef("refs/heads/master").canForceEditTopicName());
  }
예제 #11
0
  @Test
  public void testUnblockInLocalRange_Fails() {
    block(util.getParentConfig(), LABEL + "Code-Review", -1, 1, ANONYMOUS_USERS, "refs/heads/*");
    allow(local, LABEL + "Code-Review", -2, +2, DEVS, "refs/heads/*");

    ProjectControl u = util.user(local, DEVS);
    PermissionRange range = u.controlForRef("refs/heads/master").getRange(LABEL + "Code-Review");
    assertFalse("u can't vote -2", range.contains(-2));
    assertFalse("u can't vote 2", range.contains(2));
  }
예제 #12
0
  @Test
  public void testUnblockRangeOnMoreSpecificRef_Fails() {
    block(local, LABEL + "Code-Review", -1, +1, ANONYMOUS_USERS, "refs/heads/*");
    allow(local, LABEL + "Code-Review", -2, +2, DEVS, "refs/heads/master");

    ProjectControl u = util.user(local, DEVS);
    PermissionRange range = u.controlForRef("refs/heads/master").getRange(LABEL + "Code-Review");
    assertFalse("u can't vote -2", range.contains(-2));
    assertFalse("u can't vote +2", range.contains(-2));
  }
예제 #13
0
  @Test
  public void testBlockPushDrafts() {
    allow(util.getParentConfig(), PUSH, REGISTERED_USERS, "refs/for/refs/*");
    block(util.getParentConfig(), PUSH, ANONYMOUS_USERS, "refs/drafts/*");

    ProjectControl u = util.user(local);
    assertTrue("can upload refs/heads/master", u.controlForRef("refs/heads/master").canUpload());
    assertTrue(
        "push is blocked to refs/drafts/master",
        u.controlForRef("refs/drafts/refs/heads/master").isBlocked(PUSH));
  }
예제 #14
0
  @Test
  public void listProjectsFiltersInvisibleProjects() throws Exception {
    setApiUser(user);
    assertThatNameList(gApi.projects().list().get()).contains(project);

    ProjectConfig cfg = projectCache.checkedGet(project).getConfig();
    Util.block(cfg, Permission.READ, REGISTERED_USERS, "refs/*");
    saveProjectConfig(project, cfg);

    assertThatNameList(filter(gApi.projects().list().get())).doesNotContain(project);
  }
예제 #15
0
  @Test
  public void testBlockPushDraftsUnblockAdmin() {
    block(util.getParentConfig(), PUSH, ANONYMOUS_USERS, "refs/drafts/*");
    allow(util.getParentConfig(), PUSH, ADMIN, "refs/drafts/*");

    assertTrue(
        "push is blocked for anonymous to refs/drafts/master",
        util.user(local).controlForRef("refs/drafts/refs/heads/master").isBlocked(PUSH));
    assertFalse(
        "push is blocked for admin refs/drafts/master",
        util.user(local, "a", ADMIN)
            .controlForRef("refs/drafts/refs/heads/master")
            .isBlocked(PUSH));
  }