authz_tests.py
来自「subversion-1.4.5.tar.gz 配置svn的源码」· Python 代码 · 共 927 行 · 第 1/3 页
PY
927 行
fp.write("[authz_partial_export_test:/]\n" + "* = r\n" + "[authz_partial_export_test:/A/B]\n" + "* =\n") else: fp.write("[/]\n" + "* = r\n" + "[/A/B]\n" + "* =\n") fp.close() # export a working copy, should not dl /A/B expected_output = svntest.main.greek_state.copy() expected_output.wc_dir = local_dir expected_output.desc[''] = Item() expected_output.tweak(status='A ', contents=None) expected_output.remove('A/B', 'A/B/lambda', 'A/B/E', 'A/B/E/alpha', 'A/B/E/beta', 'A/B/F') expected_wc = svntest.main.greek_state.copy() expected_wc.remove('A/B', 'A/B/lambda', 'A/B/E', 'A/B/E/alpha', 'A/B/E/beta', 'A/B/F') svntest.actions.run_and_verify_export(sbox.repo_url, local_dir, expected_output, expected_wc)#----------------------------------------------------------------------def authz_log_and_tracing_test(sbox): "test authz for log and tracing path changes" skip_test_when_no_authz_available() sbox.build("authz_log_test") wc_dir = sbox.wc_dir write_restrictive_svnserve_conf(svntest.main.current_repo_dir) # write an authz file with *=rw on / fp = open(sbox.authz_file, 'w') if sbox.repo_url.startswith('http'): fp.write("[authz_log_test:/]\n" + "* = rw\n") expected_err = ".*403 Forbidden.*" else: fp.write("[/]\n" + "* = rw\n") expected_err = ".*svn: Authorization failed.*" fp.close() root_url = svntest.main.current_repo_url D_url = root_url + '/A/D' G_url = D_url + '/G' # check if log doesn't spill any info on which you don't have read access rho_path = os.path.join(wc_dir, 'A', 'D', 'G', 'rho') svntest.main.file_append (rho_path, 'new appended text for rho') svntest.actions.run_and_verify_svn(None, None, [], 'ci', '-m', 'add file rho', sbox.wc_dir) svntest.main.file_append (rho_path, 'extra change in rho') svntest.actions.run_and_verify_svn(None, None, [], 'ci', '-m', 'changed file rho', sbox.wc_dir) # copy a remote file svntest.actions.run_and_verify_svn("", None, [], 'cp', '--username', svntest.main.wc_author, '--password', svntest.main.wc_passwd, rho_path, D_url, '-m', 'copy rho to readable area') # now disable read access on the first version of rho, keep the copy in # /A/D readable. fp = open(sbox.authz_file, 'w') if sbox.repo_url.startswith('http'): fp.write("[authz_log_test:/]\n" + "* = rw\n" + "[authz_log_test:/A/D/G]\n" + "* =\n") expected_err = ".*403 Forbidden.*" else: fp.write("[/]\n" + "* = rw\n" + "[/A/D/G]\n" + "* =\n") expected_err = ".*svn: Authorization failed.*" fp.close() ## log # changed file in this rev. is not readable anymore, so author and date # should be hidden, like this: # r2 | (no author) | (no date) | 1 line svntest.actions.run_and_verify_svn("", ".*(no author).*(no date).*", [], 'log', '-r', '2', '--limit', '1', wc_dir) if sbox.repo_url.startswith('http'): expected_err2 = expected_err else: expected_err2 = ".*svn: Item is not readable.*" # if we do the same thing directly on the unreadable file, we get: # svn: Item is not readable svntest.actions.run_and_verify_svn("", None, expected_err2, 'log', rho_path) # while the HEAD rev of the copy is readable in /A/D, its parent in # /A/D/G is not, so don't spill any info there either. svntest.actions.run_and_verify_svn("", ".*(no author).*(no date).*", [], 'log', '-r', '2', '--limit', '1', D_url) ## cat # now see if we can look at the older version of rho svntest.actions.run_and_verify_svn("", None, expected_err, 'cat', '-r', '2', D_url+'/rho') if sbox.repo_url.startswith('http'): expected_err2 = expected_err else: expected_err2 = ".*svn: Unreadable path encountered; access denied.*" svntest.actions.run_and_verify_svn("", None, expected_err2, 'cat', '-r', '2', G_url+'/rho') ## diff # we shouldn't see the diff of a file in an unreadable path svntest.actions.run_and_verify_svn("", None, expected_err, 'diff', '-r', 'HEAD', G_url+'/rho') svntest.actions.run_and_verify_svn("", None, expected_err, 'diff', '-r', '2', D_url+'/rho') svntest.actions.run_and_verify_svn("", None, expected_err, 'diff', '-r', '2:4', D_url+'/rho') def authz_validate(sbox): "test the authz validation rules" skip_test_when_no_authz_available() sbox.build(create_wc = False) write_restrictive_svnserve_conf(sbox.repo_dir) A_url = sbox.repo_url + '/A' # If any of the validate rules fail, the authz isn't loaded so there's no # access at all to the repository. # Test 1: Undefined group write_authz_file(sbox, { "/" : "* = r", "/A/B" : "@undefined_group = rw" }) if sbox.repo_url.startswith("http"): expected_err = ".*403 Forbidden.*" else: expected_err = ".*@undefined_group.*" # validation of this authz file should fail, so no repo access svntest.actions.run_and_verify_svn("ls remote folder", None, expected_err, 'ls', '--username', svntest.main.wc_author, '--password', svntest.main.wc_passwd, A_url) # Test 2: Circular dependency write_authz_file(sbox, { "/" : "* = r" }, { "groups" : """admins = admin1, admin2, @devsdevs1 = @admins, dev1devs2 = @admins, dev2devs = @devs1, dev3, dev4""" }) if sbox.repo_url.startswith("http"): expected_err = ".*403 Forbidden.*" else: expected_err = ".*Circular dependency.*" # validation of this authz file should fail, so no repo access svntest.actions.run_and_verify_svn("ls remote folder", None, expected_err, 'ls', '--username', svntest.main.wc_author, '--password', svntest.main.wc_passwd, A_url) # Test 3: Group including other group 2 times (issue 2684) write_authz_file(sbox, { "/" : "* = r" }, { "groups" : """admins = admin1, admin2devs1 = @admins, dev1devs2 = @admins, dev2users = @devs1, @devs2, user1, user2""" }) # validation of this authz file should fail, so no repo access svntest.actions.run_and_verify_svn("ls remote folder", ['B/\n', 'C/\n', 'D/\n', 'mu\n'], [], 'ls', '--username', svntest.main.wc_author, '--password', svntest.main.wc_passwd, A_url)# test locking/unlocking with authzdef authz_locking(sbox): "test authz for locking" skip_test_when_no_authz_available() sbox.build() write_authz_file(sbox, {"/": "", "/A": "jrandom = rw"}) write_restrictive_svnserve_conf(sbox.repo_dir) if sbox.repo_url.startswith('http'): expected_err = ".*403 Forbidden.*" else: expected_err = ".*svn: Authorization failed.*" root_url = sbox.repo_url wc_dir = sbox.wc_dir iota_url = root_url + '/iota' iota_path = os.path.join(wc_dir, 'iota') A_url = root_url + '/A' mu_path = os.path.join(wc_dir, 'A', 'mu') # lock a file url, target is readonly: should fail svntest.actions.run_and_verify_svn(None, None, expected_err, 'lock', '--username', svntest.main.wc_author, '--password', svntest.main.wc_passwd, '-m', 'lock msg', iota_url) # lock a file path, target is readonly: should fail svntest.actions.run_and_verify_svn(None, None, expected_err, 'lock', '--username', svntest.main.wc_author, '--password', svntest.main.wc_passwd, '-m', 'lock msg', iota_path) # Test for issue 2700: we have write access in folder /A, but not in root. # Get a lock on /A/mu and try to commit it. # lock a file path, target is writeable: should succeed svntest.actions.run_and_verify_svn(None, None, [], 'lock', '--username', svntest.main.wc_author, '--password', svntest.main.wc_passwd, '-m', 'lock msg', mu_path) svntest.main.file_append(mu_path, "hi") expected_output = svntest.wc.State(wc_dir, { 'A/mu' : Item(verb='Sending'), }) svntest.actions.run_and_verify_commit(wc_dir, expected_output, [], None, None, None, None, None, mu_path) ######################################################################### Run the testsdef is_this_dav(): return svntest.main.test_area_url.startswith('http')# list all tests here, starting with None:test_list = [ None, authz_open_root, XFail(authz_open_directory, is_this_dav), broken_authz_file, authz_read_access, authz_write_access, authz_checkout_test, authz_log_and_tracing_test, authz_checkout_and_update_test, authz_partial_export_test, authz_validate, authz_locking, ]if __name__ == '__main__': svntest.main.run_tests(test_list) # NOTREACHED### End of file.⌨️ 快捷键说明
复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?