@Test
  public void testInheritDuplicateSections() throws Exception {
    allow(util.getParentConfig(), READ, ADMIN, "refs/*");
    allow(local, READ, DEVS, "refs/heads/*");
    local.getProject().setParentName(util.getParentConfig().getProject().getName());
    assertTrue("a can read", util.user(local, "a", ADMIN).isVisible());

    local = new ProjectConfig(new Project.NameKey("local"));
    local.load(newRepository(localKey));
    allow(local, READ, DEVS, "refs/*");
    assertTrue("d can read", util.user(local, "d", DEVS).isVisible());
  }
 @Test
 public void testBlockRule_ParentBlocksChild() {
   allow(local, PUSH, DEVS, "refs/tags/*");
   block(util.getParentConfig(), PUSH, ANONYMOUS_USERS, "refs/tags/*");
   ProjectControl u = util.user(local, DEVS);
   assertFalse("u can't update tag", u.controlForRef("refs/tags/V10").canUpdate());
 }
  @Test
  public void testUnblockInLocalVisibilityByRegisteredUsers_Fails() {
    block(util.getParentConfig(), READ, ANONYMOUS_USERS, "refs/heads/*");
    allow(local, READ, REGISTERED_USERS, "refs/heads/*");

    ProjectControl u = util.user(local, REGISTERED_USERS);
    assertFalse("u can't read", u.controlForRef("refs/heads/master").isVisibleByRegisteredUsers());
  }
  @Test
  public void testInheritRead_OverrideWithDeny() {
    allow(util.getParentConfig(), READ, REGISTERED_USERS, "refs/*");
    deny(local, READ, REGISTERED_USERS, "refs/*");

    ProjectControl u = util.user(local);
    assertFalse("can't read", u.isVisible());
  }
  @Test
  public void testUnblockInLocal_Fails() {
    block(util.getParentConfig(), PUSH, ANONYMOUS_USERS, "refs/heads/*");
    allow(local, PUSH, fixers, "refs/heads/*");

    ProjectControl f = util.user(local, fixers);
    assertFalse("u can't push", f.controlForRef("refs/heads/master").canUpdate());
  }
  @Test
  public void testSortWithRegex() {
    allow(local, READ, DEVS, "^refs/heads/.*");
    allow(util.getParentConfig(), READ, ANONYMOUS_USERS, "^refs/heads/.*-QA-.*");

    ProjectControl u = util.user(local, DEVS), d = util.user(local, DEVS);
    assertTrue("u can read", u.controlForRef("refs/heads/foo-QA-bar").isVisible());
    assertTrue("d can read", d.controlForRef("refs/heads/foo-QA-bar").isVisible());
  }
  @Test
  public void testUnblockInParentBlockInLocal() {
    block(util.getParentConfig(), PUSH, ANONYMOUS_USERS, "refs/heads/*");
    allow(util.getParentConfig(), PUSH, DEVS, "refs/heads/*");
    block(local, PUSH, DEVS, "refs/heads/*");

    ProjectControl d = util.user(local, DEVS);
    assertFalse("u can't push", d.controlForRef("refs/heads/master").canUpdate());
  }
  @Test
  public void testUnblockInLocalForceEditTopicName_Fails() {
    block(util.getParentConfig(), EDIT_TOPIC_NAME, ANONYMOUS_USERS, "refs/heads/*");
    allow(local, EDIT_TOPIC_NAME, DEVS, "refs/heads/*").setForce(true);

    ProjectControl u = util.user(local, REGISTERED_USERS);
    assertFalse(
        "u can't edit topic name", u.controlForRef("refs/heads/master").canForceEditTopicName());
  }
  @Test
  public void testUnblockInLocalRange_Fails() {
    block(util.getParentConfig(), LABEL + "Code-Review", -1, 1, ANONYMOUS_USERS, "refs/heads/*");
    allow(local, LABEL + "Code-Review", -2, +2, DEVS, "refs/heads/*");

    ProjectControl u = util.user(local, DEVS);
    PermissionRange range = u.controlForRef("refs/heads/master").getRange(LABEL + "Code-Review");
    assertFalse("u can't vote -2", range.contains(-2));
    assertFalse("u can't vote 2", range.contains(2));
  }
示例#10
0
  @Test
  public void testInheritSubmit_OverridesAndDeniesOfRef() {
    allow(util.getParentConfig(), SUBMIT, REGISTERED_USERS, "refs/*");
    deny(local, SUBMIT, REGISTERED_USERS, "refs/*");
    allow(local, SUBMIT, REGISTERED_USERS, "refs/heads/*");

    ProjectControl u = util.user(local);
    assertFalse("can't submit", u.controlForRef("refs/foobar").canSubmit());
    assertFalse("can't submit", u.controlForRef("refs/tags/foobar").canSubmit());
    assertTrue("can submit", u.controlForRef("refs/heads/foobar").canSubmit());
  }
示例#11
0
  @Test
  public void testInheritRead_AppendWithDenyOfRef() {
    allow(util.getParentConfig(), READ, REGISTERED_USERS, "refs/*");
    deny(local, READ, REGISTERED_USERS, "refs/heads/*");

    ProjectControl u = util.user(local);
    assertTrue("can read", u.isVisible());
    assertTrue("can read", u.controlForRef("refs/master").isVisible());
    assertTrue("can read", u.controlForRef("refs/tags/foobar").isVisible());
    assertTrue("no master", u.controlForRef("refs/heads/master").isVisible());
  }
示例#12
0
  @Test
  public void testBlockPushDrafts() {
    allow(util.getParentConfig(), PUSH, REGISTERED_USERS, "refs/for/refs/*");
    block(util.getParentConfig(), PUSH, ANONYMOUS_USERS, "refs/drafts/*");

    ProjectControl u = util.user(local);
    assertTrue("can upload refs/heads/master", u.controlForRef("refs/heads/master").canUpload());
    assertTrue(
        "push is blocked to refs/drafts/master",
        u.controlForRef("refs/drafts/refs/heads/master").isBlocked(PUSH));
  }
示例#13
0
  @Test
  public void testCannotUploadToAnyRef() {
    allow(util.getParentConfig(), READ, REGISTERED_USERS, "refs/*");
    allow(local, READ, DEVS, "refs/heads/*");
    allow(local, PUSH, DEVS, "refs/for/refs/heads/*");

    ProjectControl u = util.user(local);
    assertFalse("cannot upload", u.canPushToAtLeastOneRef() == Capable.OK);
    assertFalse(
        "cannot upload refs/heads/master", //
        u.controlForRef("refs/heads/master").canUpload());
  }
示例#14
0
  @Test
  public void testInheritRead_OverridesAndDeniesOfRef() {
    allow(util.getParentConfig(), READ, REGISTERED_USERS, "refs/*");
    deny(local, READ, REGISTERED_USERS, "refs/*");
    allow(local, READ, REGISTERED_USERS, "refs/heads/*");

    ProjectControl u = util.user(local);
    assertTrue("can read", u.isVisible());
    assertFalse("can't read", u.controlForRef("refs/foobar").isVisible());
    assertFalse("can't read", u.controlForRef("refs/tags/foobar").isVisible());
    assertTrue("can read", u.controlForRef("refs/heads/foobar").isVisible());
  }
示例#15
0
  @Test
  public void testBlockLabelRange_ParentBlocksChild() {
    allow(local, LABEL + "Code-Review", -2, +2, DEVS, "refs/heads/*");
    block(util.getParentConfig(), LABEL + "Code-Review", -2, +2, DEVS, "refs/heads/*");

    ProjectControl u = util.user(local, DEVS);

    PermissionRange range = u.controlForRef("refs/heads/master").getRange(LABEL + "Code-Review");
    assertTrue("u can vote -1", range.contains(-1));
    assertTrue("u can vote +1", range.contains(1));
    assertFalse("u can't vote -2", range.contains(-2));
    assertFalse("u can't vote 2", range.contains(2));
  }
示例#16
0
  @Test
  public void testBlockPushDraftsUnblockAdmin() {
    block(util.getParentConfig(), PUSH, ANONYMOUS_USERS, "refs/drafts/*");
    allow(util.getParentConfig(), PUSH, ADMIN, "refs/drafts/*");

    assertTrue(
        "push is blocked for anonymous to refs/drafts/master",
        util.user(local).controlForRef("refs/drafts/refs/heads/master").isBlocked(PUSH));
    assertFalse(
        "push is blocked for admin refs/drafts/master",
        util.user(local, "a", ADMIN)
            .controlForRef("refs/drafts/refs/heads/master")
            .isBlocked(PUSH));
  }
示例#17
0
  @Test
  public void testInheritRead_SingleBranchDoesNotOverrideInherited() {
    allow(util.getParentConfig(), READ, REGISTERED_USERS, "refs/*");
    allow(util.getParentConfig(), PUSH, REGISTERED_USERS, "refs/for/refs/*");
    allow(local, READ, REGISTERED_USERS, "refs/heads/foobar");

    ProjectControl u = util.user(local);
    assertTrue("can upload", u.canPushToAtLeastOneRef() == Capable.OK);

    assertTrue(
        "can upload refs/heads/master", //
        u.controlForRef("refs/heads/master").canUpload());

    assertTrue(
        "can upload refs/heads/foobar", //
        u.controlForRef("refs/heads/foobar").canUpload());
  }