From 20714aee0d2d2a989d93d6065e081aed8ac85fbf Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Wed, 10 Oct 2012 00:05:34 -0400
Subject: [PATCH] Finer-grained repository access permissions (issue 36)

---
 tests/com/gitblit/tests/UserServiceTest.java |   84 ++++++++++++++++++++++++------------------
 1 files changed, 48 insertions(+), 36 deletions(-)

diff --git a/tests/com/gitblit/tests/UserServiceTest.java b/tests/com/gitblit/tests/UserServiceTest.java
index 03051bd..710d1f3 100644
--- a/tests/com/gitblit/tests/UserServiceTest.java
+++ b/tests/com/gitblit/tests/UserServiceTest.java
@@ -25,8 +25,10 @@
 import org.junit.Test;
 
 import com.gitblit.ConfigUserService;
+import com.gitblit.Constants.AccessRestrictionType;
 import com.gitblit.FileUserService;
 import com.gitblit.IUserService;
+import com.gitblit.models.RepositoryModel;
 import com.gitblit.models.TeamModel;
 import com.gitblit.models.UserModel;
 
@@ -74,9 +76,9 @@
 		// add new user
 		UserModel newUser = new UserModel("test");
 		newUser.password = "testPassword";
-		newUser.addRepository("repo1");
-		newUser.addRepository("repo2");
-		newUser.addRepository("sub/repo3");
+		newUser.addRepositoryPermission("repo1");
+		newUser.addRepositoryPermission("repo2");
+		newUser.addRepositoryPermission("sub/repo3");
 		service.updateUserModel(newUser);
 
 		// add one more new user and then test reload of first new user
@@ -93,10 +95,10 @@
 		// confirm reloaded test user
 		newUser = service.getUserModel("test");
 		assertEquals("testPassword", newUser.password);
-		assertEquals(3, newUser.repositories.size());
-		assertTrue(newUser.hasRepository("repo1"));
-		assertTrue(newUser.hasRepository("repo2"));
-		assertTrue(newUser.hasRepository("sub/repo3"));
+		assertEquals(3, newUser.permissions.size());
+		assertTrue(newUser.hasRepositoryPermission("repo1"));
+		assertTrue(newUser.hasRepositoryPermission("repo2"));
+		assertTrue(newUser.hasRepositoryPermission("sub/repo3"));
 
 		// confirm authentication of test user
 		UserModel testUser = service.authenticate("test", "testPassword".toCharArray());
@@ -106,7 +108,7 @@
 		// delete a repository role and confirm role removal from test user
 		service.deleteRepositoryRole("repo2");
 		testUser = service.getUserModel("test");
-		assertEquals(2, testUser.repositories.size());
+		assertEquals(2, testUser.permissions.size());
 
 		// delete garbage user and confirm user count
 		service.deleteUser("garbage");
@@ -115,7 +117,7 @@
 		// rename repository and confirm role change for test user
 		service.renameRepositoryRole("repo1", "newrepo1");
 		testUser = service.getUserModel("test");
-		assertTrue(testUser.hasRepository("newrepo1"));
+		assertTrue(testUser.hasRepositoryPermission("newrepo1"));
 	}
 
 	protected void testTeams(IUserService service) {
@@ -123,41 +125,51 @@
 		// confirm we have 1 team (admins)
 		assertEquals(1, service.getAllTeamNames().size());
 		assertEquals("admins", service.getAllTeamNames().get(0));
+		
+		RepositoryModel newrepo1 = new RepositoryModel("newrepo1", null, null, null);
+		newrepo1.accessRestriction = AccessRestrictionType.VIEW;
+		RepositoryModel NEWREPO1 = new RepositoryModel("NEWREPO1", null, null, null);
+		NEWREPO1.accessRestriction = AccessRestrictionType.VIEW;
 
 		// remove newrepo1 from test user
 		// now test user has no repositories
 		UserModel user = service.getUserModel("test");
-		user.repositories.clear();
+		user.permissions.clear();
 		service.updateUserModel(user);
 		user = service.getUserModel("test");
-		assertEquals(0, user.repositories.size());
-		assertFalse(user.canAccessRepository("newrepo1"));
-		assertFalse(user.canAccessRepository("NEWREPO1"));
+		assertEquals(0, user.permissions.size());
+		assertFalse(user.canView(newrepo1));
+		assertFalse(user.canView(NEWREPO1));
 
 		// create test team and add test user and newrepo1
 		TeamModel team = new TeamModel("testteam");
 		team.addUser("test");
-		team.addRepository("newrepo1");
+		team.addRepositoryPermission(newrepo1.name);
 		service.updateTeamModel(team);
 
 		// confirm 1 user and 1 repo
 		team = service.getTeamModel("testteam");
-		assertEquals(1, team.repositories.size());
+		assertEquals(1, team.permissions.size());
 		assertEquals(1, team.users.size());
 
 		// confirm team membership
 		user = service.getUserModel("test");
-		assertEquals(0, user.repositories.size());
+		assertEquals(0, user.permissions.size());
 		assertEquals(1, user.teams.size());
 
 		// confirm team access
-		assertTrue(team.hasRepository("newrepo1"));
-		assertTrue(user.hasTeamAccess("newrepo1"));
-		assertTrue(team.hasRepository("NEWREPO1"));
-		assertTrue(user.hasTeamAccess("NEWREPO1"));
+		assertTrue(team.hasRepositoryPermission(newrepo1.name));
+		assertTrue(user.canView(newrepo1));
+		assertTrue(team.hasRepositoryPermission(NEWREPO1.name));
+		assertTrue(user.canView(NEWREPO1));
 
 		// rename the team and add new repository
-		team.addRepository("newrepo2");
+		RepositoryModel newrepo2 = new RepositoryModel("newrepo2", null, null, null);
+		newrepo2.accessRestriction = AccessRestrictionType.VIEW;
+		RepositoryModel NEWREPO2 = new RepositoryModel("NEWREPO2", null, null, null);
+		NEWREPO2.accessRestriction = AccessRestrictionType.VIEW;
+		
+		team.addRepositoryPermission(newrepo2.name);
 		team.name = "testteam2";
 		service.updateTeamModel("testteam", team);
 
@@ -165,11 +177,11 @@
 		user = service.getUserModel("test");
 
 		// confirm user and team can access newrepo2
-		assertEquals(2, team.repositories.size());
-		assertTrue(team.hasRepository("newrepo2"));
-		assertTrue(user.hasTeamAccess("newrepo2"));
-		assertTrue(team.hasRepository("NEWREPO2"));
-		assertTrue(user.hasTeamAccess("NEWREPO2"));
+		assertEquals(2, team.permissions.size());
+		assertTrue(team.hasRepositoryPermission(newrepo2.name));
+		assertTrue(user.canView(newrepo2));
+		assertTrue(team.hasRepositoryPermission(NEWREPO2.name));
+		assertTrue(user.canView(NEWREPO2));
 
 		// delete testteam2
 		service.deleteTeam("testteam2");
@@ -178,28 +190,28 @@
 
 		// confirm team does not exist and user can not access newrepo1 and 2
 		assertEquals(null, team);
-		assertFalse(user.canAccessRepository("newrepo1"));
-		assertFalse(user.canAccessRepository("newrepo2"));
+		assertFalse(user.canView(newrepo1));
+		assertFalse(user.canView(newrepo2));
 
 		// create new team and add it to user
 		// this tests the inverse team creation/team addition
 		team = new TeamModel("testteam");
-		team.addRepository("NEWREPO1");
-		team.addRepository("NEWREPO2");
+		team.addRepositoryPermission(NEWREPO1.name);
+		team.addRepositoryPermission(NEWREPO2.name);
 		user.teams.add(team);
 		service.updateUserModel(user);
 
 		// confirm the inverted team addition
 		user = service.getUserModel("test");
 		team = service.getTeamModel("testteam");
-		assertTrue(user.hasTeamAccess("newrepo1"));
-		assertTrue(user.hasTeamAccess("newrepo2"));
+		assertTrue(user.canView(newrepo1));
+		assertTrue(user.canView(newrepo2));
 		assertTrue(team.hasUser("test"));
 
 		// drop testteam from user and add nextteam to user
 		team = new TeamModel("nextteam");
-		team.addRepository("NEWREPO1");
-		team.addRepository("NEWREPO2");
+		team.addRepositoryPermission(NEWREPO1.name);
+		team.addRepositoryPermission(NEWREPO2.name);
 		user.teams.clear();
 		user.teams.add(team);
 		service.updateUserModel(user);
@@ -207,8 +219,8 @@
 		// confirm implicit drop
 		user = service.getUserModel("test");
 		team = service.getTeamModel("testteam");
-		assertTrue(user.hasTeamAccess("newrepo1"));
-		assertTrue(user.hasTeamAccess("newrepo2"));
+		assertTrue(user.canView(newrepo1));
+		assertTrue(user.canView(newrepo2));
 		assertFalse(team.hasUser("test"));
 		team = service.getTeamModel("nextteam");
 		assertTrue(team.hasUser("test"));

--
Gitblit v1.9.1