subversion/tests/cmdline/iprop_authz_tests.py - subversion - Git at Google

 #!/usr/bin/env python
 #
 #  iprop_authz_tests.py:  iprop tests that need to write an authz file
 #
 #  Subversion is a tool for revision control.
 #  See http://subversion.apache.org for more information.
 #
 # ====================================================================
 #    Licensed to the Apache Software Foundation (ASF) under one
 #    or more contributor license agreements.  See the NOTICE file
 #    distributed with this work for additional information
 #    regarding copyright ownership.  The ASF licenses this file
 #    to you under the Apache License, Version 2.0 (the
 #    "License"); you may not use this file except in compliance
 #    with the License.  You may obtain a copy of the License at
 #
 #      http://www.apache.org/licenses/LICENSE-2.0
 #
 #    Unless required by applicable law or agreed to in writing,
 #    software distributed under the License is distributed on an
 #    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 #    KIND, either express or implied.  See the License for the
 #    specific language governing permissions and limitations
 #    under the License.
 ######################################################################

 # General modules
 import os

 # Our testing module
 import svntest

 # (abbreviation)
 Skip = svntest.testcase.Skip_deco

 from svntest.main import write_restrictive_svnserve_conf
 from svntest.main import write_authz_file

 ######################################################################
 # Tests

 #----------------------------------------------------------------------
 # Property inheritance with read restrictions on parent paths.
 @Skip(svntest.main.is_ra_type_file)
 def iprops_authz(sbox):
   "property inheritance and read restricted parents"

   sbox.build()
   wc_dir = sbox.wc_dir

   # r2 - Set properties at various levels.
   sbox.simple_propset('RootProp', 'Root-Prop-Val', '.')
   sbox.simple_propset('BranchProp', 'Branch-Prop-Val', 'A')
   sbox.simple_propset('RandomProp1', 'Random-Prop-Val-1', 'A/D')
   sbox.simple_propset('RandomProp2', 'Random-Prop-Val-2', 'A/D/H')
   sbox.simple_propset('FileProp1', 'File-Prop-Val-1', 'A/D/H/psi')
   svntest.main.run_svn(None, 'commit', '-m', 'Add some properties',
                        wc_dir)

   write_restrictive_svnserve_conf(sbox.repo_dir)

   # Check that a restricted user can only see inherited props from
   # parent paths which he has read access to.

   # Grant access only to ^/A/D/H/psi.  No inherited properties should
   # be shown.
   write_authz_file(sbox, {
     "/A/D/H/psi" : svntest.main.wc_author + "=rw",})

   expected_iprops = {}
   expected_explicit_props = {'FileProp1' : 'File-Prop-Val-1'}
   svntest.actions.run_and_verify_inherited_prop_xml(
     sbox.repo_url + '/A/D/H/psi', expected_iprops, expected_explicit_props)

   # Grant access to ^/A/D/H/psi and the repos root but not the intermediate
   # paths between the two.
   write_authz_file(sbox, {
     "/"          : svntest.main.wc_author + "=rw",
     "/A"         : svntest.main.wc_author + "=",
     "/A/D/H/psi" : svntest.main.wc_author + "=rw",})

   expected_iprops = {
     sbox.repo_url : {'RootProp' : 'Root-Prop-Val'}}
   svntest.actions.run_and_verify_inherited_prop_xml(
     sbox.repo_url + '/A/D/H/psi', expected_iprops, expected_explicit_props)

   # Grant access to ^/A/D/H/psi, the repos root, and the intermediate path
   # ^/A/D.  Everything else is still blocked.
   write_authz_file(sbox, {
     "/"          : svntest.main.wc_author + "=rw",
     "/A"         : svntest.main.wc_author + "=",
     "/A/D"       : svntest.main.wc_author + "=rw",
     "/A/D/H"     : svntest.main.wc_author + "=",
     "/A/D/H/psi" : svntest.main.wc_author + "=rw",})

   expected_iprops = {
     sbox.repo_url : {'RootProp' : 'Root-Prop-Val'},
     sbox.repo_url + '/A/D': {'RandomProp1' : 'Random-Prop-Val-1'}}
   svntest.actions.run_and_verify_inherited_prop_xml(
     sbox.repo_url + '/A/D/H/psi', expected_iprops, expected_explicit_props)

   # Grant read access to everything except ^/A/D/H/psi.  In this case we
   # should get an authorization failed error.  It doesn't matter that we can
   # read the parents.
   write_authz_file(sbox, {
     "/"          : svntest.main.wc_author + "=rw",
     "/A/D/H/psi" : svntest.main.wc_author + "=",})
   if sbox.repo_url.startswith("http"):
     expected_err = ".*[Ff]orbidden.*"
   else:
     expected_err = ".*svn: E170001: Authorization failed.*"
   svntest.actions.run_and_verify_svn(
     None, expected_err, 'proplist', '-v',
     '--show-inherited-props', sbox.repo_url + '/A/D/H/psi')

 ########################################################################
 # Run the tests

 # list all tests here, starting with None:
 test_list = [ None,
               iprops_authz,
             ]

 serial_only = True

 if __name__ == '__main__':
   svntest.main.run_tests(test_list)
   # NOTREACHED

 ### End of file.
	#!/usr/bin/env python
	#
	# iprop_authz_tests.py: iprop tests that need to write an authz file
	#
	# Subversion is a tool for revision control.
	# See http://subversion.apache.org for more information.
	#
	# ====================================================================
	# Licensed to the Apache Software Foundation (ASF) under one
	# or more contributor license agreements. See the NOTICE file
	# distributed with this work for additional information
	# regarding copyright ownership. The ASF licenses this file
	# to you under the Apache License, Version 2.0 (the
	# "License"); you may not use this file except in compliance
	# with the License. You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing,
	# software distributed under the License is distributed on an
	# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	# KIND, either express or implied. See the License for the
	# specific language governing permissions and limitations
	# under the License.
	######################################################################

	# General modules
	import os

	# Our testing module
	import svntest

	# (abbreviation)
	Skip = svntest.testcase.Skip_deco

	from svntest.main import write_restrictive_svnserve_conf
	from svntest.main import write_authz_file

	######################################################################
	# Tests

	#----------------------------------------------------------------------
	# Property inheritance with read restrictions on parent paths.
	@Skip(svntest.main.is_ra_type_file)
	def iprops_authz(sbox):
	"property inheritance and read restricted parents"

	sbox.build()
	wc_dir = sbox.wc_dir

	# r2 - Set properties at various levels.
	sbox.simple_propset('RootProp', 'Root-Prop-Val', '.')
	sbox.simple_propset('BranchProp', 'Branch-Prop-Val', 'A')
	sbox.simple_propset('RandomProp1', 'Random-Prop-Val-1', 'A/D')
	sbox.simple_propset('RandomProp2', 'Random-Prop-Val-2', 'A/D/H')
	sbox.simple_propset('FileProp1', 'File-Prop-Val-1', 'A/D/H/psi')
	svntest.main.run_svn(None, 'commit', '-m', 'Add some properties',
	wc_dir)

	write_restrictive_svnserve_conf(sbox.repo_dir)

	# Check that a restricted user can only see inherited props from
	# parent paths which he has read access to.

	# Grant access only to ^/A/D/H/psi. No inherited properties should
	# be shown.
	write_authz_file(sbox, {
	"/A/D/H/psi" : svntest.main.wc_author + "=rw",})

	expected_iprops = {}
	expected_explicit_props = {'FileProp1' : 'File-Prop-Val-1'}
	svntest.actions.run_and_verify_inherited_prop_xml(
	sbox.repo_url + '/A/D/H/psi', expected_iprops, expected_explicit_props)

	# Grant access to ^/A/D/H/psi and the repos root but not the intermediate
	# paths between the two.
	write_authz_file(sbox, {
	"/" : svntest.main.wc_author + "=rw",
	"/A" : svntest.main.wc_author + "=",
	"/A/D/H/psi" : svntest.main.wc_author + "=rw",})

	expected_iprops = {
	sbox.repo_url : {'RootProp' : 'Root-Prop-Val'}}
	svntest.actions.run_and_verify_inherited_prop_xml(
	sbox.repo_url + '/A/D/H/psi', expected_iprops, expected_explicit_props)

	# Grant access to ^/A/D/H/psi, the repos root, and the intermediate path
	# ^/A/D. Everything else is still blocked.
	write_authz_file(sbox, {
	"/" : svntest.main.wc_author + "=rw",
	"/A" : svntest.main.wc_author + "=",
	"/A/D" : svntest.main.wc_author + "=rw",
	"/A/D/H" : svntest.main.wc_author + "=",
	"/A/D/H/psi" : svntest.main.wc_author + "=rw",})

	expected_iprops = {
	sbox.repo_url : {'RootProp' : 'Root-Prop-Val'},
	sbox.repo_url + '/A/D': {'RandomProp1' : 'Random-Prop-Val-1'}}
	svntest.actions.run_and_verify_inherited_prop_xml(
	sbox.repo_url + '/A/D/H/psi', expected_iprops, expected_explicit_props)

	# Grant read access to everything except ^/A/D/H/psi. In this case we
	# should get an authorization failed error. It doesn't matter that we can
	# read the parents.
	write_authz_file(sbox, {
	"/" : svntest.main.wc_author + "=rw",
	"/A/D/H/psi" : svntest.main.wc_author + "=",})
	if sbox.repo_url.startswith("http"):
	expected_err = ".[Ff]orbidden."
	else:
	expected_err = ".svn: E170001: Authorization failed."
	svntest.actions.run_and_verify_svn(
	None, expected_err, 'proplist', '-v',
	'--show-inherited-props', sbox.repo_url + '/A/D/H/psi')

	########################################################################
	# Run the tests

	# list all tests here, starting with None:
	test_list = [ None,
	iprops_authz,
	]

	serial_only = True

	if __name__ == '__main__':
	svntest.main.run_tests(test_list)
	# NOTREACHED

	### End of file.