tests/test-acl
author Matt Mackall <mpm@selenic.com>
Tue, 11 May 2010 17:13:35 -0500
changeset 11162 d6f378562397
parent 11140 1f26cf0a3663
child 11461 2b83c26b29f3
permissions -rwxr-xr-x
Merge with stable

#!/bin/sh

do_push()
{
    user=$1
    shift

    echo "Pushing as user $user"
    echo 'hgrc = """'
    sed -e 1,2d b/.hg/hgrc | grep -v fakegroups.py
    echo '"""'
    if test -f acl.config; then
	echo 'acl.config = """'
	cat acl.config
	echo '"""'
    fi
    # On AIX /etc/profile sets LOGNAME read-only. So
    #  LOGNAME=$user hg --cws a --debug push ../b
    # fails with "This variable is read only."
    # Use env to work around this.
    env LOGNAME=$user hg --cwd a --debug push ../b
    hg --cwd b rollback
    hg --cwd b --quiet tip
    echo
}

init_config()
{
cat > fakegroups.py <<EOF
from hgext import acl
def fakegetusers(ui, group):
    try:
        return acl._getusersorig(ui, group)
    except:
        return ["fred", "betty"]
acl._getusersorig = acl._getusers
acl._getusers = fakegetusers
EOF

rm -f acl.config
cat > $config <<EOF
[hooks]
pretxnchangegroup.acl = python:hgext.acl.hook
[acl]
sources = push
[extensions]
f=$PWD/fakegroups.py
EOF
}

hg init a
cd a
mkdir foo foo/Bar quux
echo 'in foo' > foo/file.txt
echo 'in foo/Bar' > foo/Bar/file.txt
echo 'in quux' > quux/file.py
hg add -q
hg ci -m 'add files' -d '1000000 0'
echo >> foo/file.txt
hg ci -m 'change foo/file' -d '1000001 0'
echo >> foo/Bar/file.txt
hg ci -m 'change foo/Bar/file' -d '1000002 0'
echo >> quux/file.py
hg ci -m 'change quux/file' -d '1000003 0'
hg tip --quiet

cd ..
hg clone -r 0 a b

echo '[extensions]' >> $HGRCPATH
echo 'acl =' >> $HGRCPATH

config=b/.hg/hgrc

echo

echo 'Extension disabled for lack of a hook'
do_push fred

echo '[hooks]' >> $config
echo 'pretxnchangegroup.acl = python:hgext.acl.hook' >> $config

echo 'Extension disabled for lack of acl.sources'
do_push fred

echo 'No [acl.allow]/[acl.deny]'
echo '[acl]' >> $config
echo 'sources = push' >> $config
do_push fred

echo 'Empty [acl.allow]'
echo '[acl.allow]' >> $config
do_push fred

echo 'fred is allowed inside foo/'
echo 'foo/** = fred' >> $config
do_push fred

echo 'Empty [acl.deny]'
echo '[acl.deny]' >> $config
do_push barney

echo 'fred is allowed inside foo/, but not foo/bar/ (case matters)'
echo 'foo/bar/** = fred' >> $config
do_push fred

echo 'fred is allowed inside foo/, but not foo/Bar/'
echo 'foo/Bar/** = fred' >> $config
do_push fred

echo 'barney is not mentioned => not allowed anywhere'
do_push barney

echo 'barney is allowed everywhere'
echo '[acl.allow]' >> $config
echo '** = barney' >> $config
do_push barney

echo 'wilma can change files with a .txt extension'
echo '**/*.txt = wilma' >> $config
do_push wilma

echo 'file specified by acl.config does not exist'
echo '[acl]' >> $config
echo 'config = ../acl.config' >> $config
do_push barney

echo 'betty is allowed inside foo/ by a acl.config file'
echo '[acl.allow]' >> acl.config
echo 'foo/** = betty' >> acl.config
do_push betty

echo 'acl.config can set only [acl.allow]/[acl.deny]'
echo '[hooks]' >> acl.config
echo 'changegroup.acl = false' >> acl.config
do_push barney

# asterisk

init_config

echo 'asterisk test'
echo '[acl.allow]' >> $config
echo "** = fred" >> $config
echo "fred is always allowed"
do_push fred

echo '[acl.deny]' >> $config
echo "foo/Bar/** = *" >> $config
echo "no one is allowed inside foo/Bar/"
do_push fred

# Groups

init_config

echo 'OS-level groups'
echo '[acl.allow]' >> $config
echo "** = @group1" >> $config
echo "@group1 is always allowed"
do_push fred

echo '[acl.deny]' >> $config
echo "foo/Bar/** = @group1" >> $config
echo "@group is allowed inside anything but foo/Bar/"
do_push fred

echo 'Invalid group'
# Disable the fakegroups trick to get real failures
grep -v fakegroups $config > config.tmp
mv config.tmp $config
echo '[acl.allow]' >> $config
echo "** = @unlikelytoexist" >> $config
do_push fred 2>&1 | grep unlikelytoexist

true