From 27ae9095639bb228a1b7ff86a3ebe4264abf05be Mon Sep 17 00:00:00 2001
From: mschaefers <mschaefers@scoop-gmbh.de>
Date: Thu, 29 Nov 2012 12:33:09 -0500
Subject: [PATCH] feature: when using LdapUserService one can configure Gitblit to fetch all users from ldap that can possibly login. This allows to see newly generated LDAP users instantly in Gitblit. By now an LDAP user had to log in once to appear in GitBlit.

---
 tests/com/gitblit/tests/PermissionsTest.java |  199 +++++++++++++++++++++++++++++++++++++++++++++++++
 1 files changed, 199 insertions(+), 0 deletions(-)

diff --git a/tests/com/gitblit/tests/PermissionsTest.java b/tests/com/gitblit/tests/PermissionsTest.java
index cb9925e..b6ffa62 100644
--- a/tests/com/gitblit/tests/PermissionsTest.java
+++ b/tests/com/gitblit/tests/PermissionsTest.java
@@ -2329,6 +2329,7 @@
 		UserModel user = new UserModel("test");
 		repository.owner = user.username;
 
+		assertFalse("user SHOULD NOT HAVE a repository permission!", user.hasRepositoryPermission(repository.name));
 		assertTrue("owner CAN NOT view!", user.canView(repository));
 		assertTrue("owner CAN NOT clone!", user.canClone(repository));
 		assertTrue("owner CAN NOT push!", user.canPush(repository));
@@ -2352,6 +2353,7 @@
 		UserModel user = new UserModel("test");
 		repository.owner = user.username;
 
+		assertFalse("user SHOULD NOT HAVE a repository permission!", user.hasRepositoryPermission(repository.name));
 		assertTrue("user CAN NOT view!", user.canView(repository));
 		assertTrue("user CAN NOT clone!", user.canClone(repository));
 		assertTrue("user CAN NOT push!", user.canPush(repository));
@@ -2375,6 +2377,7 @@
 		UserModel user = new UserModel("visitor");
 		repository.owner = "test";
 
+		assertFalse("user HAS a repository permission!", user.hasRepositoryPermission(repository.name));
 		assertFalse("user CAN view!", user.canView(repository));
 		assertFalse("user CAN clone!", user.canClone(repository));
 		assertFalse("user CAN push!", user.canPush(repository));
@@ -2388,4 +2391,200 @@
 		assertFalse("user CAN delete!", user.canDelete(repository));
 		assertFalse("user CAN edit!", user.canEdit(repository));
 	}
+	
+	@Test
+	public void testRegexMatching() throws Exception {
+		RepositoryModel repository = new RepositoryModel("ubercool/_my-r/e~po.git", null, null, new Date());
+		repository.authorizationControl = AuthorizationControl.NAMED;
+		repository.accessRestriction = AccessRestrictionType.VIEW;
+
+		UserModel user = new UserModel("test");
+		user.setRepositoryPermission("ubercool/[A-Z0-9-~_\\./]+", AccessPermission.CLONE);
+
+		assertTrue("user DOES NOT HAVE a repository permission!", user.hasRepositoryPermission(repository.name));
+		assertTrue("user CAN NOT view!", user.canView(repository));
+		assertTrue("user CAN NOT clone!", user.canClone(repository));
+		assertFalse("user CAN push!", user.canPush(repository));
+		
+		assertFalse("user CAN create ref!", user.canCreateRef(repository));
+		assertFalse("user CAN delete ref!", user.canDeleteRef(repository));
+		assertFalse("user CAN rewind ref!", user.canRewindRef(repository));
+
+		assertFalse("user CAN fork!", user.canFork(repository));
+		
+		assertFalse("user CAN delete!", user.canDelete(repository));
+		assertFalse("user CAN edit!", user.canEdit(repository));
+	}
+
+	@Test
+	public void testRegexIncludeCommonExcludePersonal() throws Exception {
+		
+		UserModel user = new UserModel("test");
+		user.setRepositoryPermission("[^~].*", AccessPermission.CLONE);
+
+		// common
+		RepositoryModel common = new RepositoryModel("ubercool/_my-r/e~po.git", null, null, new Date());
+		common.authorizationControl = AuthorizationControl.NAMED;
+		common.accessRestriction = AccessRestrictionType.VIEW;
+		
+		assertTrue("user DOES NOT HAVE a repository permission!", user.hasRepositoryPermission(common.name));
+		assertTrue("user CAN NOT view!", user.canView(common));
+		assertTrue("user CAN NOT clone!", user.canClone(common));
+		assertFalse("user CAN push!", user.canPush(common));
+		
+		assertFalse("user CAN create ref!", user.canCreateRef(common));
+		assertFalse("user CAN delete ref!", user.canDeleteRef(common));
+		assertFalse("user CAN rewind ref!", user.canRewindRef(common));
+
+		assertFalse("user CAN fork!", user.canFork(common));
+		
+		assertFalse("user CAN delete!", user.canDelete(common));
+		assertFalse("user CAN edit!", user.canEdit(common));
+
+		// personal
+		RepositoryModel personal = new RepositoryModel("~ubercool/_my-r/e~po.git", null, null, new Date());
+		personal.authorizationControl = AuthorizationControl.NAMED;
+		personal.accessRestriction = AccessRestrictionType.VIEW;
+		
+		assertFalse("user HAS a repository permission!", user.hasRepositoryPermission(personal.name));
+		assertFalse("user CAN NOT view!", user.canView(personal));
+		assertFalse("user CAN NOT clone!", user.canClone(personal));
+		assertFalse("user CAN push!", user.canPush(personal));
+		
+		assertFalse("user CAN create ref!", user.canCreateRef(personal));
+		assertFalse("user CAN delete ref!", user.canDeleteRef(personal));
+		assertFalse("user CAN rewind ref!", user.canRewindRef(personal));
+
+		assertFalse("user CAN fork!", user.canFork(personal));
+		
+		assertFalse("user CAN delete!", user.canDelete(personal));
+		assertFalse("user CAN edit!", user.canEdit(personal));
+	}
+	
+	@Test
+	public void testRegexMatching2() throws Exception {
+		RepositoryModel personal = new RepositoryModel("~ubercool/_my-r/e~po.git", null, null, new Date());
+		personal.authorizationControl = AuthorizationControl.NAMED;
+		personal.accessRestriction = AccessRestrictionType.VIEW;
+
+		UserModel user = new UserModel("test");
+		// permit all repositories excluding all personal rpeositories
+		user.setRepositoryPermission("[^~].*", AccessPermission.CLONE);
+		// permitall  ~ubercool repositories
+		user.setRepositoryPermission("~ubercool/.*", AccessPermission.CLONE);
+		
+		// personal
+		assertTrue("user DOES NOT HAVE a repository permission!", user.hasRepositoryPermission(personal.name));
+		assertTrue("user CAN NOT view!", user.canView(personal));
+		assertTrue("user CAN NOT clone!", user.canClone(personal));
+		assertFalse("user CAN push!", user.canPush(personal));
+		
+		assertFalse("user CAN create ref!", user.canCreateRef(personal));
+		assertFalse("user CAN delete ref!", user.canDeleteRef(personal));
+		assertFalse("user CAN rewind ref!", user.canRewindRef(personal));
+
+		assertFalse("user CAN fork!", user.canFork(personal));
+		
+		assertFalse("user CAN delete!", user.canDelete(personal));
+		assertFalse("user CAN edit!", user.canEdit(personal));
+	}
+	
+	@Test
+	public void testRegexOrder() throws Exception {
+		RepositoryModel personal = new RepositoryModel("~ubercool/_my-r/e~po.git", null, null, new Date());
+		personal.authorizationControl = AuthorizationControl.NAMED;
+		personal.accessRestriction = AccessRestrictionType.VIEW;
+
+		UserModel user = new UserModel("test");
+		user.setRepositoryPermission(".*", AccessPermission.PUSH);
+		user.setRepositoryPermission("~ubercool/.*", AccessPermission.CLONE);
+		
+		// has PUSH access because first match is PUSH permission 
+		assertTrue("user HAS a repository permission!", user.hasRepositoryPermission(personal.name));
+		assertTrue("user CAN NOT view!", user.canView(personal));
+		assertTrue("user CAN NOT clone!", user.canClone(personal));
+		assertTrue("user CAN NOT push!", user.canPush(personal));
+		
+		assertFalse("user CAN create ref!", user.canCreateRef(personal));
+		assertFalse("user CAN delete ref!", user.canDeleteRef(personal));
+		assertFalse("user CAN rewind ref!", user.canRewindRef(personal));
+
+		assertFalse("user CAN fork!", user.canFork(personal));
+		
+		assertFalse("user CAN delete!", user.canDelete(personal));
+		assertFalse("user CAN edit!", user.canEdit(personal));
+				
+		user.permissions.clear();
+		user.setRepositoryPermission("~ubercool/.*", AccessPermission.CLONE);
+		user.setRepositoryPermission(".*", AccessPermission.PUSH);
+		
+		// has CLONE access because first match is CLONE permission
+		assertTrue("user HAS a repository permission!", user.hasRepositoryPermission(personal.name));
+		assertTrue("user CAN NOT view!", user.canView(personal));
+		assertTrue("user CAN NOT clone!", user.canClone(personal));
+		assertFalse("user CAN push!", user.canPush(personal));
+				
+		assertFalse("user CAN create ref!", user.canCreateRef(personal));
+		assertFalse("user CAN delete ref!", user.canDeleteRef(personal));
+		assertFalse("user CAN rewind ref!", user.canRewindRef(personal));
+
+		assertFalse("user CAN fork!", user.canFork(personal));
+				
+		assertFalse("user CAN delete!", user.canDelete(personal));
+		assertFalse("user CAN edit!", user.canEdit(personal));
+	}
+	
+	@Test
+	public void testExclusion() throws Exception {
+		RepositoryModel personal = new RepositoryModel("~ubercool/_my-r/e~po.git", null, null, new Date());
+		personal.authorizationControl = AuthorizationControl.NAMED;
+		personal.accessRestriction = AccessRestrictionType.VIEW;
+
+		UserModel user = new UserModel("test");
+		user.setRepositoryPermission("~ubercool/.*", AccessPermission.EXCLUDE);
+		user.setRepositoryPermission(".*", AccessPermission.PUSH);
+		
+		// has EXCLUDE access because first match is EXCLUDE permission
+		assertTrue("user DOES NOT HAVE a repository permission!", user.hasRepositoryPermission(personal.name));
+		assertFalse("user CAN NOT view!", user.canView(personal));
+		assertFalse("user CAN NOT clone!", user.canClone(personal));
+		assertFalse("user CAN push!", user.canPush(personal));
+				
+		assertFalse("user CAN create ref!", user.canCreateRef(personal));
+		assertFalse("user CAN delete ref!", user.canDeleteRef(personal));
+		assertFalse("user CAN rewind ref!", user.canRewindRef(personal));
+
+		assertFalse("user CAN fork!", user.canFork(personal));
+				
+		assertFalse("user CAN delete!", user.canDelete(personal));
+		assertFalse("user CAN edit!", user.canEdit(personal));
+	}
+
+	@Test
+	public void testAdminTeamInheritance() throws Exception {
+		UserModel user = new UserModel("test");
+		TeamModel team = new TeamModel("team");
+		team.canAdmin = true;
+		user.teams.add(team);
+		assertTrue("User did not inherit admin privileges", user.canAdmin());
+	}
+	
+	@Test
+	public void testForkTeamInheritance() throws Exception {
+		UserModel user = new UserModel("test");
+		TeamModel team = new TeamModel("team");
+		team.canFork = true;
+		user.teams.add(team);
+		assertTrue("User did not inherit fork privileges", user.canFork());
+	}
+
+	@Test
+	public void testCreateTeamInheritance() throws Exception {
+		UserModel user = new UserModel("test");
+		TeamModel team = new TeamModel("team");
+		team.canCreate= true;
+		user.teams.add(team);
+		assertTrue("User did not inherit create privileges", user.canCreate());
+	}
+
 }

--
Gitblit v1.9.1