|
|
#!/bin/sh
|
|
|
|
|
|
do_push()
|
|
|
{
|
|
|
user=$1
|
|
|
shift
|
|
|
|
|
|
echo "Pushing as user $user"
|
|
|
echo 'hgrc = """'
|
|
|
sed -e 1,2d b/.hg/hgrc | grep -v fakegroups.py
|
|
|
echo '"""'
|
|
|
if test -f acl.config; then
|
|
|
echo 'acl.config = """'
|
|
|
cat acl.config
|
|
|
echo '"""'
|
|
|
fi
|
|
|
# On AIX /etc/profile sets LOGNAME read-only. So
|
|
|
# LOGNAME=$user hg --cws a --debug push ../b
|
|
|
# fails with "This variable is read only."
|
|
|
# Use env to work around this.
|
|
|
env LOGNAME=$user hg --cwd a --debug push ../b
|
|
|
hg --cwd b rollback
|
|
|
hg --cwd b --quiet tip
|
|
|
echo
|
|
|
}
|
|
|
|
|
|
init_config()
|
|
|
{
|
|
|
cat > fakegroups.py <<EOF
|
|
|
from hgext import acl
|
|
|
def fakegetusers(ui, group):
|
|
|
try:
|
|
|
return acl._getusersorig(ui, group)
|
|
|
except:
|
|
|
return ["fred", "betty"]
|
|
|
acl._getusersorig = acl._getusers
|
|
|
acl._getusers = fakegetusers
|
|
|
EOF
|
|
|
|
|
|
rm -f acl.config
|
|
|
cat > $config <<EOF
|
|
|
[hooks]
|
|
|
pretxnchangegroup.acl = python:hgext.acl.hook
|
|
|
[acl]
|
|
|
sources = push
|
|
|
[extensions]
|
|
|
f=`pwd`/fakegroups.py
|
|
|
EOF
|
|
|
}
|
|
|
|
|
|
hg init a
|
|
|
cd a
|
|
|
mkdir foo foo/Bar quux
|
|
|
echo 'in foo' > foo/file.txt
|
|
|
echo 'in foo/Bar' > foo/Bar/file.txt
|
|
|
echo 'in quux' > quux/file.py
|
|
|
hg add -q
|
|
|
hg ci -m 'add files' -d '1000000 0'
|
|
|
echo >> foo/file.txt
|
|
|
hg ci -m 'change foo/file' -d '1000001 0'
|
|
|
echo >> foo/Bar/file.txt
|
|
|
hg ci -m 'change foo/Bar/file' -d '1000002 0'
|
|
|
echo >> quux/file.py
|
|
|
hg ci -m 'change quux/file' -d '1000003 0'
|
|
|
hg tip --quiet
|
|
|
|
|
|
cd ..
|
|
|
hg clone -r 0 a b
|
|
|
|
|
|
echo '[extensions]' >> $HGRCPATH
|
|
|
echo 'acl =' >> $HGRCPATH
|
|
|
|
|
|
config=b/.hg/hgrc
|
|
|
|
|
|
echo
|
|
|
|
|
|
echo 'Extension disabled for lack of a hook'
|
|
|
do_push fred
|
|
|
|
|
|
echo '[hooks]' >> $config
|
|
|
echo 'pretxnchangegroup.acl = python:hgext.acl.hook' >> $config
|
|
|
|
|
|
echo 'Extension disabled for lack of acl.sources'
|
|
|
do_push fred
|
|
|
|
|
|
echo 'No [acl.allow]/[acl.deny]'
|
|
|
echo '[acl]' >> $config
|
|
|
echo 'sources = push' >> $config
|
|
|
do_push fred
|
|
|
|
|
|
echo 'Empty [acl.allow]'
|
|
|
echo '[acl.allow]' >> $config
|
|
|
do_push fred
|
|
|
|
|
|
echo 'fred is allowed inside foo/'
|
|
|
echo 'foo/** = fred' >> $config
|
|
|
do_push fred
|
|
|
|
|
|
echo 'Empty [acl.deny]'
|
|
|
echo '[acl.deny]' >> $config
|
|
|
do_push barney
|
|
|
|
|
|
echo 'fred is allowed inside foo/, but not foo/bar/ (case matters)'
|
|
|
echo 'foo/bar/** = fred' >> $config
|
|
|
do_push fred
|
|
|
|
|
|
echo 'fred is allowed inside foo/, but not foo/Bar/'
|
|
|
echo 'foo/Bar/** = fred' >> $config
|
|
|
do_push fred
|
|
|
|
|
|
echo 'barney is not mentioned => not allowed anywhere'
|
|
|
do_push barney
|
|
|
|
|
|
echo 'barney is allowed everywhere'
|
|
|
echo '[acl.allow]' >> $config
|
|
|
echo '** = barney' >> $config
|
|
|
do_push barney
|
|
|
|
|
|
echo 'wilma can change files with a .txt extension'
|
|
|
echo '**/*.txt = wilma' >> $config
|
|
|
do_push wilma
|
|
|
|
|
|
echo 'file specified by acl.config does not exist'
|
|
|
echo '[acl]' >> $config
|
|
|
echo 'config = ../acl.config' >> $config
|
|
|
do_push barney
|
|
|
|
|
|
echo 'betty is allowed inside foo/ by a acl.config file'
|
|
|
echo '[acl.allow]' >> acl.config
|
|
|
echo 'foo/** = betty' >> acl.config
|
|
|
do_push betty
|
|
|
|
|
|
echo 'acl.config can set only [acl.allow]/[acl.deny]'
|
|
|
echo '[hooks]' >> acl.config
|
|
|
echo 'changegroup.acl = false' >> acl.config
|
|
|
do_push barney
|
|
|
|
|
|
# asterisk
|
|
|
|
|
|
init_config
|
|
|
|
|
|
echo 'asterisk test'
|
|
|
echo '[acl.allow]' >> $config
|
|
|
echo "** = fred" >> $config
|
|
|
echo "fred is always allowed"
|
|
|
do_push fred
|
|
|
|
|
|
echo '[acl.deny]' >> $config
|
|
|
echo "foo/Bar/** = *" >> $config
|
|
|
echo "no one is allowed inside foo/Bar/"
|
|
|
do_push fred
|
|
|
|
|
|
# Groups
|
|
|
|
|
|
init_config
|
|
|
|
|
|
echo 'OS-level groups'
|
|
|
echo '[acl.allow]' >> $config
|
|
|
echo "** = @group1" >> $config
|
|
|
echo "@group1 is always allowed"
|
|
|
do_push fred
|
|
|
|
|
|
echo '[acl.deny]' >> $config
|
|
|
echo "foo/Bar/** = @group1" >> $config
|
|
|
echo "@group is allowed inside anything but foo/Bar/"
|
|
|
do_push fred
|
|
|
|
|
|
echo 'Invalid group'
|
|
|
# Disable the fakegroups trick to get real failures
|
|
|
grep -v fakegroups $config > config.tmp
|
|
|
mv config.tmp $config
|
|
|
echo '[acl.allow]' >> $config
|
|
|
echo "** = @unlikelytoexist" >> $config
|
|
|
do_push fred 2>&1 | grep unlikelytoexist
|
|
|
|
|
|
true
|
|
|
|