diff options
author | Nasser Grainawi <nasser@codeaurora.org> | 2021-11-11 15:58:26 -0700 |
---|---|---|
committer | Nasser Grainawi <nasser@codeaurora.org> | 2021-11-12 11:08:27 -0700 |
commit | eef81aae356771d835032eeb408a782e37ccb633 (patch) | |
tree | a63d37de8f2065fac6c378a473b36ea0f2d5147a | |
parent | 9e15f445e32dd0bea1241683be638954c0d658e3 (diff) |
AccessIT: Add tests for when group appears twice for same rule
A fix for this was added in Change Ia20714cc8 but that branch didn't
have ITs in that area yet.
Change-Id: I9fb72d14293a3ad55baa85aa69bf5adf65c5fb2e
-rw-r--r-- | javatests/com/google/gerrit/acceptance/rest/project/AccessIT.java | 89 |
1 files changed, 89 insertions, 0 deletions
diff --git a/javatests/com/google/gerrit/acceptance/rest/project/AccessIT.java b/javatests/com/google/gerrit/acceptance/rest/project/AccessIT.java index 27226489ca..3e5a43c76f 100644 --- a/javatests/com/google/gerrit/acceptance/rest/project/AccessIT.java +++ b/javatests/com/google/gerrit/acceptance/rest/project/AccessIT.java @@ -17,12 +17,16 @@ import static com.google.common.truth.Truth.assertThat; import static com.google.common.truth.Truth8.assertThat; import static com.google.gerrit.extensions.client.ListChangesOption.MESSAGES; import static com.google.gerrit.server.group.SystemGroupBackend.REGISTERED_USERS; +import static java.util.Arrays.asList; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.fail; import com.google.gerrit.acceptance.AbstractDaemonTest; import com.google.gerrit.acceptance.GitUtil; import com.google.gerrit.acceptance.PushOneCommit; import com.google.gerrit.common.data.AccessSection; import com.google.gerrit.common.data.GlobalCapability; +import com.google.gerrit.common.data.GroupReference; import com.google.gerrit.common.data.Permission; import com.google.gerrit.extensions.api.access.AccessSectionInfo; import com.google.gerrit.extensions.api.access.PermissionInfo; @@ -49,6 +53,7 @@ import com.google.gerrit.server.group.SystemGroupBackend; import com.google.gerrit.server.project.ProjectConfig; import com.google.inject.Inject; import java.util.HashMap; +import java.util.List; import java.util.Map; import org.eclipse.jgit.internal.storage.dfs.InMemoryRepository; import org.eclipse.jgit.junit.TestRepository; @@ -683,6 +688,90 @@ public class AccessIT extends AbstractDaemonTest { return gApi.projects().name(newProjectName.get()); } + @Test + public void grantAllowAndDenyForSameGroup() throws Exception { + GroupReference registeredUsers = systemGroupBackend.getGroup(REGISTERED_USERS); + String access = "access"; + List<String> allowThenDeny = + asList(registeredUsers.toConfigValue(), "deny " + registeredUsers.toConfigValue()); + // Clone repository to forcefully add permission + TestRepository<InMemoryRepository> allProjectsRepo = cloneProject(allProjects, admin); + + // Fetch permission ref + GitUtil.fetch(allProjectsRepo, "refs/meta/config:cfg"); + allProjectsRepo.reset("cfg"); + + // Load current permissions + String config = + gApi.projects() + .name(allProjects.get()) + .branch(RefNames.REFS_CONFIG) + .file(ProjectConfig.PROJECT_CONFIG) + .asString(); + + // Append and push allowThenDeny permissions + Config cfg = new Config(); + cfg.fromText(config); + cfg.setStringList(access, AccessSection.HEADS, Permission.READ, allowThenDeny); + config = cfg.toText(); + PushOneCommit push = + pushFactory.create( + db, admin.getIdent(), allProjectsRepo, "Subject", ProjectConfig.PROJECT_CONFIG, config); + push.to(RefNames.REFS_CONFIG).assertOkStatus(); + + ProjectAccessInfo pai = gApi.projects().name(allProjects.get()).access(); + Map<String, AccessSectionInfo> local = pai.local; + AccessSectionInfo heads = local.get(AccessSection.HEADS); + Map<String, PermissionInfo> permissions = heads.permissions; + PermissionInfo read = permissions.get(Permission.READ); + Map<String, PermissionRuleInfo> rules = read.rules; + assertEquals( + rules.get(registeredUsers.getUUID().get()), + new PermissionRuleInfo(PermissionRuleInfo.Action.ALLOW, false)); + } + + @Test + public void grantDenyAndAllowForSameGroup() throws Exception { + GroupReference registeredUsers = systemGroupBackend.getGroup(REGISTERED_USERS); + String access = "access"; + List<String> denyThenAllow = + asList("deny " + registeredUsers.toConfigValue(), registeredUsers.toConfigValue()); + // Clone repository to forcefully add permission + TestRepository<InMemoryRepository> allProjectsRepo = cloneProject(allProjects, admin); + + // Fetch permission ref + GitUtil.fetch(allProjectsRepo, "refs/meta/config:cfg"); + allProjectsRepo.reset("cfg"); + + // Load current permissions + String config = + gApi.projects() + .name(allProjects.get()) + .branch(RefNames.REFS_CONFIG) + .file(ProjectConfig.PROJECT_CONFIG) + .asString(); + + // Append and push denyThenAllow permissions + Config cfg = new Config(); + cfg.fromText(config); + cfg.setStringList(access, AccessSection.HEADS, Permission.READ, denyThenAllow); + config = cfg.toText(); + PushOneCommit push = + pushFactory.create( + db, admin.getIdent(), allProjectsRepo, "Subject", ProjectConfig.PROJECT_CONFIG, config); + push.to(RefNames.REFS_CONFIG).assertOkStatus(); + + ProjectAccessInfo pai = gApi.projects().name(allProjects.get()).access(); + Map<String, AccessSectionInfo> local = pai.local; + AccessSectionInfo heads = local.get(AccessSection.HEADS); + Map<String, PermissionInfo> permissions = heads.permissions; + PermissionInfo read = permissions.get(Permission.READ); + Map<String, PermissionRuleInfo> rules = read.rules; + assertEquals( + rules.get(registeredUsers.getUUID().get()), + new PermissionRuleInfo(PermissionRuleInfo.Action.DENY, false)); + } + private ProjectAccessInput newProjectAccessInput() { ProjectAccessInput p = new ProjectAccessInput(); p.add = new HashMap<>(); |