@Test
public void testBlockRule_ParentBlocksChildEvenIfAlreadyBlockedInChild() {
allow(local, PUSH, DEVS, "refs/tags/*");
block(local, PUSH, ANONYMOUS_USERS, "refs/tags/*");
block(util.getParentConfig(), PUSH, ANONYMOUS_USERS, "refs/tags/*");
ProjectControl u = util.user(local, DEVS);
assertFalse("u can't update tag", u.controlForRef("refs/tags/V10").canUpdate());
}
@Test
public void testUnblockInParentBlockInLocal() {
block(util.getParentConfig(), PUSH, ANONYMOUS_USERS, "refs/heads/*");
allow(util.getParentConfig(), PUSH, DEVS, "refs/heads/*");
block(local, PUSH, DEVS, "refs/heads/*");
ProjectControl d = util.user(local, DEVS);
assertFalse("u can't push", d.controlForRef("refs/heads/master").canUpdate());
}
@Test
public void testBlockLabelRange_ParentBlocksChildEvenIfAlreadyBlockedInChild() {
allow(local, LABEL + "Code-Review", -2, +2, DEVS, "refs/heads/*");
block(local, LABEL + "Code-Review", -2, +2, DEVS, "refs/heads/*");
block(util.getParentConfig(), LABEL + "Code-Review", -2, +2, DEVS, "refs/heads/*");
ProjectControl u = util.user(local, DEVS);
PermissionRange range = u.controlForRef("refs/heads/master").getRange(LABEL + "Code-Review");
assertTrue("u can vote -1", range.contains(-1));
assertTrue("u can vote +1", range.contains(1));
assertFalse("u can't vote -2", range.contains(-2));
assertFalse("u can't vote 2", range.contains(2));
}
@Test
public void testUnblockInLocalVisibilityByRegisteredUsers_Fails() {
block(util.getParentConfig(), READ, ANONYMOUS_USERS, "refs/heads/*");
allow(local, READ, REGISTERED_USERS, "refs/heads/*");
ProjectControl u = util.user(local, REGISTERED_USERS);
assertFalse("u can't read", u.controlForRef("refs/heads/master").isVisibleByRegisteredUsers());
}
@Test
public void testUnblockVisibilityByREGISTEREDUsers() {
block(local, READ, ANONYMOUS_USERS, "refs/heads/*");
allow(local, READ, REGISTERED_USERS, "refs/heads/*");
ProjectControl u = util.user(local, REGISTERED_USERS);
assertTrue("u can read", u.controlForRef("refs/heads/master").isVisibleByRegisteredUsers());
}
@Test
public void testUnblockInLocal_Fails() {
block(util.getParentConfig(), PUSH, ANONYMOUS_USERS, "refs/heads/*");
allow(local, PUSH, fixers, "refs/heads/*");
ProjectControl f = util.user(local, fixers);
assertFalse("u can't push", f.controlForRef("refs/heads/master").canUpdate());
}
@Test
public void testUnblockLargerScope_Fails() {
block(local, PUSH, ANONYMOUS_USERS, "refs/heads/master");
allow(local, PUSH, DEVS, "refs/heads/*");
ProjectControl u = util.user(local, DEVS);
assertFalse("u can't push", u.controlForRef("refs/heads/master").canUpdate());
}
@Test
public void testUnblockNoForce() {
block(local, PUSH, ANONYMOUS_USERS, "refs/heads/*");
allow(local, PUSH, DEVS, "refs/heads/*");
ProjectControl u = util.user(local, DEVS);
assertTrue("u can push", u.controlForRef("refs/heads/master").canUpdate());
}
@Test
public void testUnblockInLocalForceEditTopicName_Fails() {
block(util.getParentConfig(), EDIT_TOPIC_NAME, ANONYMOUS_USERS, "refs/heads/*");
allow(local, EDIT_TOPIC_NAME, DEVS, "refs/heads/*").setForce(true);
ProjectControl u = util.user(local, REGISTERED_USERS);
assertFalse(
"u can't edit topic name", u.controlForRef("refs/heads/master").canForceEditTopicName());
}
@Test
public void testUnblockForceEditTopicName() {
block(local, EDIT_TOPIC_NAME, ANONYMOUS_USERS, "refs/heads/*");
allow(local, EDIT_TOPIC_NAME, DEVS, "refs/heads/*").setForce(true);
ProjectControl u = util.user(local, DEVS);
assertTrue(
"u can edit topic name", u.controlForRef("refs/heads/master").canForceEditTopicName());
}
@Test
public void testUnblockInLocalRange_Fails() {
block(util.getParentConfig(), LABEL + "Code-Review", -1, 1, ANONYMOUS_USERS, "refs/heads/*");
allow(local, LABEL + "Code-Review", -2, +2, DEVS, "refs/heads/*");
ProjectControl u = util.user(local, DEVS);
PermissionRange range = u.controlForRef("refs/heads/master").getRange(LABEL + "Code-Review");
assertFalse("u can't vote -2", range.contains(-2));
assertFalse("u can't vote 2", range.contains(2));
}
@Test
public void testUnblockRangeOnMoreSpecificRef_Fails() {
block(local, LABEL + "Code-Review", -1, +1, ANONYMOUS_USERS, "refs/heads/*");
allow(local, LABEL + "Code-Review", -2, +2, DEVS, "refs/heads/master");
ProjectControl u = util.user(local, DEVS);
PermissionRange range = u.controlForRef("refs/heads/master").getRange(LABEL + "Code-Review");
assertFalse("u can't vote -2", range.contains(-2));
assertFalse("u can't vote +2", range.contains(-2));
}
@Test
public void testBlockPushDrafts() {
allow(util.getParentConfig(), PUSH, REGISTERED_USERS, "refs/for/refs/*");
block(util.getParentConfig(), PUSH, ANONYMOUS_USERS, "refs/drafts/*");
ProjectControl u = util.user(local);
assertTrue("can upload refs/heads/master", u.controlForRef("refs/heads/master").canUpload());
assertTrue(
"push is blocked to refs/drafts/master",
u.controlForRef("refs/drafts/refs/heads/master").isBlocked(PUSH));
}
@Test
public void listProjectsFiltersInvisibleProjects() throws Exception {
setApiUser(user);
assertThatNameList(gApi.projects().list().get()).contains(project);
ProjectConfig cfg = projectCache.checkedGet(project).getConfig();
Util.block(cfg, Permission.READ, REGISTERED_USERS, "refs/*");
saveProjectConfig(project, cfg);
assertThatNameList(filter(gApi.projects().list().get())).doesNotContain(project);
}
@Test
public void testBlockPushDraftsUnblockAdmin() {
block(util.getParentConfig(), PUSH, ANONYMOUS_USERS, "refs/drafts/*");
allow(util.getParentConfig(), PUSH, ADMIN, "refs/drafts/*");
assertTrue(
"push is blocked for anonymous to refs/drafts/master",
util.user(local).controlForRef("refs/drafts/refs/heads/master").isBlocked(PUSH));
assertFalse(
"push is blocked for admin refs/drafts/master",
util.user(local, "a", ADMIN)
.controlForRef("refs/drafts/refs/heads/master")
.isBlocked(PUSH));
}