Finer-grained repository access permissions (issue 36)

James Moger

2012-10-10 20714aee0d2d2a989d93d6065e081aed8ac85fbf

 tests/com/gitblit/tests/UserServiceTest.java

@@ -25,8 +25,10 @@
import org.junit.Test;



import com.gitblit.ConfigUserService;

import com.gitblit.Constants.AccessRestrictionType;

import com.gitblit.FileUserService;

import com.gitblit.IUserService;

import com.gitblit.models.RepositoryModel;

import com.gitblit.models.TeamModel;

import com.gitblit.models.UserModel;



@@ -74,9 +76,9 @@
      // add new user

      UserModel newUser = new UserModel("test");

      newUser.password = "testPassword";

      newUser.addRepository("repo1");

      newUser.addRepository("repo2");

      newUser.addRepository("sub/repo3");

      newUser.addRepositoryPermission("repo1");

      newUser.addRepositoryPermission("repo2");

      newUser.addRepositoryPermission("sub/repo3");

      service.updateUserModel(newUser);



      // add one more new user and then test reload of first new user

@@ -93,10 +95,10 @@
      // confirm reloaded test user

      newUser = service.getUserModel("test");

      assertEquals("testPassword", newUser.password);

      assertEquals(3, newUser.repositories.size());

      assertTrue(newUser.hasRepository("repo1"));

      assertTrue(newUser.hasRepository("repo2"));

      assertTrue(newUser.hasRepository("sub/repo3"));

      assertEquals(3, newUser.permissions.size());

      assertTrue(newUser.hasRepositoryPermission("repo1"));

      assertTrue(newUser.hasRepositoryPermission("repo2"));

      assertTrue(newUser.hasRepositoryPermission("sub/repo3"));



      // confirm authentication of test user

      UserModel testUser = service.authenticate("test", "testPassword".toCharArray());

@@ -106,7 +108,7 @@
      // delete a repository role and confirm role removal from test user

      service.deleteRepositoryRole("repo2");

      testUser = service.getUserModel("test");

      assertEquals(2, testUser.repositories.size());

      assertEquals(2, testUser.permissions.size());



      // delete garbage user and confirm user count

      service.deleteUser("garbage");

@@ -115,7 +117,7 @@
      // rename repository and confirm role change for test user

      service.renameRepositoryRole("repo1", "newrepo1");

      testUser = service.getUserModel("test");

      assertTrue(testUser.hasRepository("newrepo1"));

      assertTrue(testUser.hasRepositoryPermission("newrepo1"));

   }



   protected void testTeams(IUserService service) {

@@ -124,40 +126,50 @@
      assertEquals(1, service.getAllTeamNames().size());

      assertEquals("admins", service.getAllTeamNames().get(0));



      RepositoryModel newrepo1 = new RepositoryModel("newrepo1", null, null, null);

      newrepo1.accessRestriction = AccessRestrictionType.VIEW;

      RepositoryModel NEWREPO1 = new RepositoryModel("NEWREPO1", null, null, null);

      NEWREPO1.accessRestriction = AccessRestrictionType.VIEW;



      // remove newrepo1 from test user

      // now test user has no repositories

      UserModel user = service.getUserModel("test");

      user.repositories.clear();

      user.permissions.clear();

      service.updateUserModel(user);

      user = service.getUserModel("test");

      assertEquals(0, user.repositories.size());

      assertFalse(user.canAccessRepository("newrepo1"));

      assertFalse(user.canAccessRepository("NEWREPO1"));

      assertEquals(0, user.permissions.size());

      assertFalse(user.canView(newrepo1));

      assertFalse(user.canView(NEWREPO1));



      // create test team and add test user and newrepo1

      TeamModel team = new TeamModel("testteam");

      team.addUser("test");

      team.addRepository("newrepo1");

      team.addRepositoryPermission(newrepo1.name);

      service.updateTeamModel(team);



      // confirm 1 user and 1 repo

      team = service.getTeamModel("testteam");

      assertEquals(1, team.repositories.size());

      assertEquals(1, team.permissions.size());

      assertEquals(1, team.users.size());



      // confirm team membership

      user = service.getUserModel("test");

      assertEquals(0, user.repositories.size());

      assertEquals(0, user.permissions.size());

      assertEquals(1, user.teams.size());



      // confirm team access

      assertTrue(team.hasRepository("newrepo1"));

      assertTrue(user.hasTeamAccess("newrepo1"));

      assertTrue(team.hasRepository("NEWREPO1"));

      assertTrue(user.hasTeamAccess("NEWREPO1"));

      assertTrue(team.hasRepositoryPermission(newrepo1.name));

      assertTrue(user.canView(newrepo1));

      assertTrue(team.hasRepositoryPermission(NEWREPO1.name));

      assertTrue(user.canView(NEWREPO1));



      // rename the team and add new repository

      team.addRepository("newrepo2");

      RepositoryModel newrepo2 = new RepositoryModel("newrepo2", null, null, null);

      newrepo2.accessRestriction = AccessRestrictionType.VIEW;

      RepositoryModel NEWREPO2 = new RepositoryModel("NEWREPO2", null, null, null);

      NEWREPO2.accessRestriction = AccessRestrictionType.VIEW;

		
      team.addRepositoryPermission(newrepo2.name);

      team.name = "testteam2";

      service.updateTeamModel("testteam", team);



@@ -165,11 +177,11 @@
      user = service.getUserModel("test");



      // confirm user and team can access newrepo2

      assertEquals(2, team.repositories.size());

      assertTrue(team.hasRepository("newrepo2"));

      assertTrue(user.hasTeamAccess("newrepo2"));

      assertTrue(team.hasRepository("NEWREPO2"));

      assertTrue(user.hasTeamAccess("NEWREPO2"));

      assertEquals(2, team.permissions.size());

      assertTrue(team.hasRepositoryPermission(newrepo2.name));

      assertTrue(user.canView(newrepo2));

      assertTrue(team.hasRepositoryPermission(NEWREPO2.name));

      assertTrue(user.canView(NEWREPO2));



      // delete testteam2

      service.deleteTeam("testteam2");

@@ -178,28 +190,28 @@


      // confirm team does not exist and user can not access newrepo1 and 2

      assertEquals(null, team);

      assertFalse(user.canAccessRepository("newrepo1"));

      assertFalse(user.canAccessRepository("newrepo2"));

      assertFalse(user.canView(newrepo1));

      assertFalse(user.canView(newrepo2));



      // create new team and add it to user

      // this tests the inverse team creation/team addition

      team = new TeamModel("testteam");

      team.addRepository("NEWREPO1");

      team.addRepository("NEWREPO2");

      team.addRepositoryPermission(NEWREPO1.name);

      team.addRepositoryPermission(NEWREPO2.name);

      user.teams.add(team);

      service.updateUserModel(user);



      // confirm the inverted team addition

      user = service.getUserModel("test");

      team = service.getTeamModel("testteam");

      assertTrue(user.hasTeamAccess("newrepo1"));

      assertTrue(user.hasTeamAccess("newrepo2"));

      assertTrue(user.canView(newrepo1));

      assertTrue(user.canView(newrepo2));

      assertTrue(team.hasUser("test"));



      // drop testteam from user and add nextteam to user

      team = new TeamModel("nextteam");

      team.addRepository("NEWREPO1");

      team.addRepository("NEWREPO2");

      team.addRepositoryPermission(NEWREPO1.name);

      team.addRepositoryPermission(NEWREPO2.name);

      user.teams.clear();

      user.teams.add(team);

      service.updateUserModel(user);

@@ -207,8 +219,8 @@
      // confirm implicit drop

      user = service.getUserModel("test");

      team = service.getTeamModel("testteam");

      assertTrue(user.hasTeamAccess("newrepo1"));

      assertTrue(user.hasTeamAccess("newrepo2"));

      assertTrue(user.canView(newrepo1));

      assertTrue(user.canView(newrepo2));

      assertFalse(team.hasUser("test"));

      team = service.getTeamModel("nextteam");

      assertTrue(team.hasUser("test"));