diff options
Diffstat (limited to 'subversion/tests/cmdline/iprop_authz_tests.py')
| -rwxr-xr-x | subversion/tests/cmdline/iprop_authz_tests.py | 130 |
1 files changed, 130 insertions, 0 deletions
diff --git a/subversion/tests/cmdline/iprop_authz_tests.py b/subversion/tests/cmdline/iprop_authz_tests.py new file mode 100755 index 0000000..e306373 --- /dev/null +++ b/subversion/tests/cmdline/iprop_authz_tests.py @@ -0,0 +1,130 @@ +#!/usr/bin/env python +# +# iprop_authz_tests.py: iprop tests that need to write an authz file +# +# Subversion is a tool for revision control. +# See http://subversion.apache.org for more information. +# +# ==================================================================== +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +###################################################################### + +# General modules +import os + +# Our testing module +import svntest + +# (abbreviation) +Skip = svntest.testcase.Skip_deco + +from svntest.main import write_restrictive_svnserve_conf +from svntest.main import write_authz_file + +###################################################################### +# Tests + +#---------------------------------------------------------------------- +# Property inheritance with read restrictions on parent paths. +@Skip(svntest.main.is_ra_type_file) +def iprops_authz(sbox): + "property inheritance and read restricted parents" + + sbox.build() + wc_dir = sbox.wc_dir + + # r2 - Set properties at various levels. + sbox.simple_propset('RootProp', 'Root-Prop-Val', '.') + sbox.simple_propset('BranchProp', 'Branch-Prop-Val', 'A') + sbox.simple_propset('RandomProp1', 'Random-Prop-Val-1', 'A/D') + sbox.simple_propset('RandomProp2', 'Random-Prop-Val-2', 'A/D/H') + sbox.simple_propset('FileProp1', 'File-Prop-Val-1', 'A/D/H/psi') + svntest.main.run_svn(None, 'commit', '-m', 'Add some properties', + wc_dir) + + write_restrictive_svnserve_conf(sbox.repo_dir) + + # Check that a restricted user can only see inherited props from + # parent paths which he has read access to. + + # Grant access only to ^/A/D/H/psi. No inherited properties should + # be shown. + write_authz_file(sbox, { + "/A/D/H/psi" : svntest.main.wc_author + "=rw",}) + + expected_iprops = {} + expected_explicit_props = {'FileProp1' : 'File-Prop-Val-1'} + svntest.actions.run_and_verify_inherited_prop_xml( + sbox.repo_url + '/A/D/H/psi', expected_iprops, expected_explicit_props) + + # Grant access to ^/A/D/H/psi and the repos root but not the intermediate + # paths between the two. + write_authz_file(sbox, { + "/" : svntest.main.wc_author + "=rw", + "/A" : svntest.main.wc_author + "=", + "/A/D/H/psi" : svntest.main.wc_author + "=rw",}) + + expected_iprops = { + sbox.repo_url : {'RootProp' : 'Root-Prop-Val'}} + svntest.actions.run_and_verify_inherited_prop_xml( + sbox.repo_url + '/A/D/H/psi', expected_iprops, expected_explicit_props) + + # Grant access to ^/A/D/H/psi, the repos root, and the intermediate path + # ^/A/D. Everything else is still blocked. + write_authz_file(sbox, { + "/" : svntest.main.wc_author + "=rw", + "/A" : svntest.main.wc_author + "=", + "/A/D" : svntest.main.wc_author + "=rw", + "/A/D/H" : svntest.main.wc_author + "=", + "/A/D/H/psi" : svntest.main.wc_author + "=rw",}) + + expected_iprops = { + sbox.repo_url : {'RootProp' : 'Root-Prop-Val'}, + sbox.repo_url + '/A/D': {'RandomProp1' : 'Random-Prop-Val-1'}} + svntest.actions.run_and_verify_inherited_prop_xml( + sbox.repo_url + '/A/D/H/psi', expected_iprops, expected_explicit_props) + + # Grant read access to everything except ^/A/D/H/psi. In this case we + # should get an authorization failed error. It doesn't matter that we can + # read the parents. + write_authz_file(sbox, { + "/" : svntest.main.wc_author + "=rw", + "/A/D/H/psi" : svntest.main.wc_author + "=",}) + if sbox.repo_url.startswith("http"): + expected_err = ".*[Ff]orbidden.*" + else: + expected_err = ".*svn: E170001: Authorization failed.*" + svntest.actions.run_and_verify_svn( + None, None, expected_err, 'proplist', '-v', + '--show-inherited-props', sbox.repo_url + '/A/D/H/psi') + +######################################################################## +# Run the tests + +# list all tests here, starting with None: +test_list = [ None, + iprops_authz, + ] + +serial_only = True + +if __name__ == '__main__': + svntest.main.run_tests(test_list) + # NOTREACHED + +### End of file. |