tests: comprehensively test HTTP server permissions checking
We didn't have test coverage for numerous web.* config options. We
add that test coverage.
Included in the tests are tests for custom commands. We have commands
that are supposedly read-only and perform writes and a variation of
each that does and does not define its operation type in
hgweb_mod.perms.
The tests reveal a handful of security bugs related to permissions
checking. Subsequent commits will address these security bugs.
[templates]
docheader = '<?xml version="1.0"?>\n<log>\n'
docfooter = '</log>\n'
changeset = '<logentry revision="{rev}" node="{node}">\n{branches}{bookmarks}{tags}{parents}<author email="{author|email|xmlescape}">{author|person|xmlescape}</author>\n<date>{date|rfc3339date}</date>\n<msg xml:space="preserve">{desc|xmlescape}</msg>\n</logentry>\n'
changeset_verbose = '<logentry revision="{rev}" node="{node}">\n{branches}{bookmarks}{tags}{parents}<author email="{author|email|xmlescape}">{author|person|xmlescape}</author>\n<date>{date|rfc3339date}</date>\n<msg xml:space="preserve">{desc|xmlescape}</msg>\n<paths>\n{file_adds}{file_dels}{file_mods}</paths>\n{file_copies}</logentry>\n'
changeset_debug = '<logentry revision="{rev}" node="{node}">\n{branches}{bookmarks}{tags}{parents}<author email="{author|email|xmlescape}">{author|person|xmlescape}</author>\n<date>{date|rfc3339date}</date>\n<msg xml:space="preserve">{desc|xmlescape}</msg>\n<paths>\n{file_adds}{file_dels}{file_mods}</paths>\n{file_copies}{extras}</logentry>\n'
file_add = '<path action="A">{file_add|xmlescape}</path>\n'
file_mod = '<path action="M">{file_mod|xmlescape}</path>\n'
file_del = '<path action="R">{file_del|xmlescape}</path>\n'
start_file_copies = '<copies>\n'
file_copy = '<copy source="{source|xmlescape}">{name|xmlescape}</copy>\n'
end_file_copies = '</copies>\n'
parent = '<parent revision="{rev}" node="{node}" />\n'
branch = '<branch>{branch|xmlescape}</branch>\n'
tag = '<tag>{tag|xmlescape}</tag>\n'
bookmark = '<bookmark>{bookmark|xmlescape}</bookmark>\n'
extra = '<extra key="{key|xmlescape}">{value|xmlescape}</extra>\n'