diff options
Diffstat (limited to 'gerrit-server/src/test/java/com/google/gerrit/server/project/CommitsCollectionTest.java')
-rw-r--r-- | gerrit-server/src/test/java/com/google/gerrit/server/project/CommitsCollectionTest.java | 266 |
1 files changed, 0 insertions, 266 deletions
diff --git a/gerrit-server/src/test/java/com/google/gerrit/server/project/CommitsCollectionTest.java b/gerrit-server/src/test/java/com/google/gerrit/server/project/CommitsCollectionTest.java deleted file mode 100644 index 7f1b233831..0000000000 --- a/gerrit-server/src/test/java/com/google/gerrit/server/project/CommitsCollectionTest.java +++ /dev/null @@ -1,266 +0,0 @@ -// Copyright (C) 2014 The Android Open Source Project -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package com.google.gerrit.server.project; - -import static com.google.gerrit.common.data.Permission.READ; -import static com.google.gerrit.server.group.SystemGroupBackend.REGISTERED_USERS; -import static org.junit.Assert.assertFalse; -import static org.junit.Assert.assertTrue; - -import com.google.gerrit.common.data.AccessSection; -import com.google.gerrit.common.data.Permission; -import com.google.gerrit.lifecycle.LifecycleManager; -import com.google.gerrit.reviewdb.client.Account; -import com.google.gerrit.reviewdb.client.AccountGroup; -import com.google.gerrit.reviewdb.client.Project; -import com.google.gerrit.reviewdb.server.ReviewDb; -import com.google.gerrit.server.CurrentUser; -import com.google.gerrit.server.IdentifiedUser; -import com.google.gerrit.server.account.AccountManager; -import com.google.gerrit.server.account.AuthRequest; -import com.google.gerrit.server.account.GroupCache; -import com.google.gerrit.server.config.AllProjectsName; -import com.google.gerrit.server.git.MetaDataUpdate; -import com.google.gerrit.server.git.ProjectConfig; -import com.google.gerrit.server.schema.SchemaCreator; -import com.google.gerrit.server.util.RequestContext; -import com.google.gerrit.server.util.ThreadLocalRequestContext; -import com.google.gerrit.testutil.InMemoryDatabase; -import com.google.gerrit.testutil.InMemoryModule; -import com.google.gerrit.testutil.InMemoryRepositoryManager; -import com.google.inject.Guice; -import com.google.inject.Inject; -import com.google.inject.Injector; -import com.google.inject.Provider; -import com.google.inject.util.Providers; -import org.eclipse.jgit.internal.storage.dfs.InMemoryRepository; -import org.eclipse.jgit.junit.TestRepository; -import org.eclipse.jgit.lib.ObjectId; -import org.eclipse.jgit.lib.Repository; -import org.eclipse.jgit.revwalk.RevCommit; -import org.eclipse.jgit.revwalk.RevWalk; -import org.junit.After; -import org.junit.Before; -import org.junit.Test; - -/** Unit tests for {@link CommitsCollection}. */ -public class CommitsCollectionTest { - @Inject private AccountManager accountManager; - @Inject private IdentifiedUser.GenericFactory userFactory; - @Inject private InMemoryDatabase schemaFactory; - @Inject private InMemoryRepositoryManager repoManager; - @Inject private SchemaCreator schemaCreator; - @Inject private ThreadLocalRequestContext requestContext; - @Inject protected ProjectCache projectCache; - @Inject protected MetaDataUpdate.Server metaDataUpdateFactory; - @Inject protected AllProjectsName allProjects; - @Inject protected GroupCache groupCache; - @Inject private CommitsCollection commits; - - private LifecycleManager lifecycle; - private ReviewDb db; - private TestRepository<InMemoryRepository> repo; - private ProjectConfig project; - private IdentifiedUser user; - private AccountGroup.UUID admins; - - @Before - public void setUp() throws Exception { - Injector injector = Guice.createInjector(new InMemoryModule()); - injector.injectMembers(this); - lifecycle = new LifecycleManager(); - lifecycle.add(injector); - lifecycle.start(); - - db = schemaFactory.open(); - schemaCreator.create(db); - // Need to create at least one user to be admin before creating a "normal" - // registered user. - // See AccountManager#create(). - accountManager.authenticate(AuthRequest.forUser("admin")).getAccountId(); - admins = groupCache.get(new AccountGroup.NameKey("Administrators")).orElse(null).getGroupUUID(); - setUpPermissions(); - - Account.Id userId = accountManager.authenticate(AuthRequest.forUser("user")).getAccountId(); - user = userFactory.create(userId); - - Project.NameKey name = new Project.NameKey("project"); - InMemoryRepository inMemoryRepo = repoManager.createRepository(name); - project = new ProjectConfig(name); - project.load(inMemoryRepo); - repo = new TestRepository<>(inMemoryRepo); - - requestContext.setContext( - new RequestContext() { - @Override - public CurrentUser getUser() { - return user; - } - - @Override - public Provider<ReviewDb> getReviewDbProvider() { - return Providers.of(db); - } - }); - } - - @After - public void tearDown() { - if (repo != null) { - repo.getRepository().close(); - } - if (lifecycle != null) { - lifecycle.stop(); - } - requestContext.setContext(null); - if (db != null) { - db.close(); - } - InMemoryDatabase.drop(schemaFactory); - } - - @Test - public void canReadCommitWhenAllRefsVisible() throws Exception { - allow(project, READ, REGISTERED_USERS, "refs/*"); - ObjectId id = repo.branch("master").commit().create(); - ProjectState state = readProjectState(); - RevWalk rw = repo.getRevWalk(); - Repository r = repo.getRepository(); - - assertTrue(commits.canRead(state, r, rw.parseCommit(id))); - } - - @Test - public void canReadCommitIfTwoRefsVisible() throws Exception { - allow(project, READ, REGISTERED_USERS, "refs/heads/branch1"); - allow(project, READ, REGISTERED_USERS, "refs/heads/branch2"); - - ObjectId id1 = repo.branch("branch1").commit().create(); - ObjectId id2 = repo.branch("branch2").commit().create(); - - ProjectState state = readProjectState(); - RevWalk rw = repo.getRevWalk(); - Repository r = repo.getRepository(); - - assertTrue(commits.canRead(state, r, rw.parseCommit(id1))); - assertTrue(commits.canRead(state, r, rw.parseCommit(id2))); - } - - @Test - public void canReadCommitIfRefVisible() throws Exception { - allow(project, READ, REGISTERED_USERS, "refs/heads/branch1"); - deny(project, READ, REGISTERED_USERS, "refs/heads/branch2"); - - ObjectId id1 = repo.branch("branch1").commit().create(); - ObjectId id2 = repo.branch("branch2").commit().create(); - - ProjectState state = readProjectState(); - RevWalk rw = repo.getRevWalk(); - Repository r = repo.getRepository(); - - assertTrue(commits.canRead(state, r, rw.parseCommit(id1))); - assertFalse(commits.canRead(state, r, rw.parseCommit(id2))); - } - - @Test - public void canReadCommitIfReachableFromVisibleRef() throws Exception { - allow(project, READ, REGISTERED_USERS, "refs/heads/branch1"); - deny(project, READ, REGISTERED_USERS, "refs/heads/branch2"); - - RevCommit parent1 = repo.commit().create(); - repo.branch("branch1").commit().parent(parent1).create(); - - RevCommit parent2 = repo.commit().create(); - repo.branch("branch2").commit().parent(parent2).create(); - - ProjectState state = readProjectState(); - RevWalk rw = repo.getRevWalk(); - Repository r = repo.getRepository(); - assertTrue(commits.canRead(state, r, rw.parseCommit(parent1))); - assertFalse(commits.canRead(state, r, rw.parseCommit(parent2))); - } - - @Test - public void cannotReadAfterRollbackWithRestrictedRead() throws Exception { - allow(project, READ, REGISTERED_USERS, "refs/heads/branch1"); - - RevCommit parent1 = repo.commit().create(); - ObjectId id1 = repo.branch("branch1").commit().parent(parent1).create(); - - ProjectState state = readProjectState(); - RevWalk rw = repo.getRevWalk(); - Repository r = repo.getRepository(); - - assertTrue(commits.canRead(state, r, rw.parseCommit(parent1))); - assertTrue(commits.canRead(state, r, rw.parseCommit(id1))); - - repo.branch("branch1").update(parent1); - assertTrue(commits.canRead(state, r, rw.parseCommit(parent1))); - assertFalse(commits.canRead(state, r, rw.parseCommit(id1))); - } - - @Test - public void canReadAfterRollbackWithAllRefsVisible() throws Exception { - allow(project, READ, REGISTERED_USERS, "refs/*"); - - RevCommit parent1 = repo.commit().create(); - ObjectId id1 = repo.branch("branch1").commit().parent(parent1).create(); - - ProjectState state = readProjectState(); - RevWalk rw = repo.getRevWalk(); - Repository r = repo.getRepository(); - - assertTrue(commits.canRead(state, r, rw.parseCommit(parent1))); - assertTrue(commits.canRead(state, r, rw.parseCommit(id1))); - - repo.branch("branch1").update(parent1); - assertTrue(commits.canRead(state, r, rw.parseCommit(parent1))); - assertFalse(commits.canRead(state, r, rw.parseCommit(id1))); - } - - private ProjectState readProjectState() throws Exception { - return projectCache.get(project.getName()); - } - - protected void allow(ProjectConfig project, String permission, AccountGroup.UUID id, String ref) - throws Exception { - Util.allow(project, permission, id, ref); - saveProjectConfig(project); - } - - protected void deny(ProjectConfig project, String permission, AccountGroup.UUID id, String ref) - throws Exception { - Util.deny(project, permission, id, ref); - saveProjectConfig(project); - } - - protected void saveProjectConfig(ProjectConfig cfg) throws Exception { - try (MetaDataUpdate md = metaDataUpdateFactory.create(cfg.getName())) { - cfg.commit(md); - } - projectCache.evict(cfg.getProject()); - } - - private void setUpPermissions() throws Exception { - // Remove read permissions for all users besides admin, because by default - // Anonymous user group has ALLOW READ permission in refs/*. - // This method is idempotent, so is safe to call on every test setup. - ProjectConfig pc = projectCache.checkedGet(allProjects).getConfig(); - for (AccessSection sec : pc.getAccessSections()) { - sec.removePermission(Permission.READ); - } - allow(pc, Permission.READ, admins, "refs/*"); - } -} |