gitolite-dtg 0.1.0

data/spec/configs/complicated.conf

@@ -0,0 +1,302 @@
+# example conf file for gitolite
+
+# ----------------------------------------------------------------------------
+# overall syntax:
+#     - everything is space-separated; no commas, semicolons, etc (except in
+#       the description string for gitweb)
+#     - comments in the normal shell-ish style; no surprises there
+#     - there are NO continuation lines of any kind
+#     - user/repo names as simple as possible; they must start with an
+#       alphanumeric, but after that they can also contain ".", "_", "-".
+#         - usernames can optionally be followed by an "@" and a domainname
+#           containing at least one "." (this allows you to use an email
+#           address as someone's username)
+#         - reponames can contain "/" characters (this allows you to
+#           put your repos in a tree-structure for convenience)
+
+# objectives, over and above gitosis:
+#     - simpler syntax
+#     - easier gitweb/daemon control
+#     - specify who can push a branch/tag
+#     - specify who can rewind a branch/rewrite a tag
+
+# ----------------------------------------------------------------------------
+
+# GROUPS
+# ------
+
+# syntax:
+#   @groupname = [one or more names]
+
+# groups let you club (user or group) names together for convenience
+
+# * a group is like a #define in C except that it can *accumulate* values
+# * the config file is parsed in a single-pass, so later *additions* to a
+#   group name cannot affect earlier *uses* of it
+
+# The following examples should illustrate all this:
+
+                # you can have a group of people...
+@staff      =   sitaram some_dev another-dev
+
+                # ...or a group of repos
+@oss_repos  =   gitolite linux git perl rakudo entrans vkc
+
+                # ...or even a group of refexes
+@important  =   master$ QA_done refs/tags/v[0-9]
+                # (see later for what "refex"s are; I'm only mentioning it
+                # here to emphasise that you can group them too)
+
+                # even sliced and diced differently
+@admins     =   sitaram admin2
+                # notice that sitaram is in 2 groups (staff and admins)
+
+                # if you repeat a group name in another definition line, the
+                # new ones get added to the old ones (they accumulate)
+@staff      =   au.thor
+                # so now "@staff" expands to all 4 names
+
+                # groups can include other groups, and the included group will
+                # be expanded to whatever value it currently has
+@interns    =   indy james
+@staff      =   bob @interns
+                # "@staff" expands to 7 names now
+@interns    =   han
+                # "@interns" now has 3 names in it, but note that this does
+                # not change @staff
+
+# REPO AND BRANCH PERMISSIONS
+# ---------------------------
+
+# syntax:
+#   start line:
+#       repo [one or more repos and/or repo groups]
+#   followed by one or more permissions lines:
+#       (C|R|RW|RW+|RWC|RW+C|RWD|RW+D|RWCD|RW+CD) [zero or more refexes] = [one or more users]
+
+# there are 6 types of permissions: R, RW, and RW+ are simple (the "+" means
+# permission to "rewind" -- force push a non-fast forward to -- a branch).
+# The *standalone* C permission pertains to creating a REPO and is described
+# in doc/wildcard-repositories.mkd.  The C and D *suffixes* to the RW/RW+
+# permissions pertain to creating or deleting a BRANCH, and are described in
+# doc/3-faq-tips-etc.mkd, in the sections on "separating push and create
+# rights" and "separating delete and rewind rights" respectively.
+
+# how permissions are matched:
+#     - user, repo, and access (W or +) are known.  For that combination, if
+#       any of the refexes match the refname being updated, the push succeeds.
+#       If none of them match, it fails
+
+# what's a refex?  a regex to match against the ref being updated (get it?)
+# See next section for more on refexes
+
+# BASIC PERMISSIONS (repo level only; apply to all branches/tags in repo)
+
+                # most important rule of all -- specify who can make changes
+                # to *this* file take effect
+repo    gitolite-admin
+        RW+                             =   @admins
+
+                # "@all" is a special, predefined, group name of all users
+                # (everyone who has a pubkey in keydir)
+repo    testing
+        RW+                             =   @all
+
+                # this repo is visible to staff but only sitaram can write to it
+repo    gitolite
+        R                               =   @staff
+        RW+                             =   sitaram
+
+                # you can split up access rules for a repo for convenience
+                # (notice that @oss_repos contains gitolite also)
+repo    @oss_repos
+        R                               =   @all
+
+                # set permissions to all repos.  *Please* do see
+                # doc/3-faq-tips-etc.mkd for notes on this feature
+repo    @all
+        RW+                             =   @admins
+
+# SPECIFYING AND USING A REFEX
+
+#     - refexes are specified in perl regex syntax
+#     - refexes are prefix-matched (they are internally anchored with "^"
+#       before being used), which means a refex like "refs/tags/v[0-9]"
+#       matches anything *starting with* that pattern.  There may be text
+#       after it (example: refs/tags/v4-r3/p7), and it will still match
+
+# ADVANCED PERMISSIONS USING REFEXES
+
+#     - if no refex appears, the rule applies to all refs in that repo
+#     - a refex is automatically prefixed by "refs/heads/" if it doesn't start
+#       with "refs/" (so tags have to be explicitly named as
+#       refs/tags/pattern)
+
+                # here's the example from
+                # Documentation/howto/update-hook-example.txt:
+
+                #       refs/heads/master junio
+                #       +refs/heads/pu          junio
+                #       refs/heads/cogito$      pasky
+                #       refs/heads/bw/.*        linus
+                #       refs/heads/tmp/.*       .*
+                #       refs/tags/v[0-9].*      junio
+
+                # and here're the equivalent gitolite refexes
+repo    git
+        RW                              =   bobzilla
+        RW      master                  =   junio
+        RW+     pu                      =   junio
+        RW      cogito$                 =   pasky
+        RW      bw/                     =   linus
+        RW      tmp/                    =   @all
+        RW      refs/tags/v[0-9]        =   junio
+
+# DENY/EXCLUDE RULES
+
+# ***IMPORTANT NOTES ABOUT "DENY" RULES***:
+
+# - deny rules do NOT affect read access.  They only apply to write access.
+#
+# - when using deny rules, the order of your rules starts to matter, where
+#   earlier it did not.  The first matching rule applies, where "matching" is
+#   defined as either permitting the operation you're attempting (`W` or `+`),
+#   which results in success, or a "deny" (`-`), which results in failure.
+#   (As before, a fallthrough also results in failure).
+
+# in the example above, you cannot easily say "anyone can write any tag,
+# except version tags can only be written by junio".  The following might look
+# like it works but it doesn't:
+
+    #   RW      refs/tags/v[0-9]        =   junio
+    #   RW      refs/tags/              =   junio linus pasky @others
+
+# if you use "deny" rules, however, you can do this (a "deny" rule just uses
+# "-" instead of "R" or "RW" or "RW+" in the permission field)
+
+        RW      refs/tags/v[0-9]        =   junio
+        -       refs/tags/v[0-9]        =   linus pasky @others
+        RW      refs/tags/              =   junio linus pasky @others
+
+# FILE/DIR NAME BASED RESTRICTIONS
+# --------------------------------
+
+# Here's a hopefully self-explanatory example.  Assume the project has the
+# following contents at the top level: a README, a "doc/" directory, and an
+# "src/" directory.
+
+repo foo
+        RW+                             =   lead_dev                # rule 1
+        RW                              =   dev1 dev2 dev3 dev4     # rule 2
+
+        RW  NAME/                       =   lead_dev                # rule 3
+        RW  NAME/doc/                   =   dev1 dev2               # rule 4
+        RW  NAME/src/                   =   dev1 dev2 dev3 dev4     # rule 5
+
+# Notes
+
+# - the "NAME/" is part of the syntax; think of it as a keyword if you like.
+#   The rest of it is treated as a refex to match against each file being
+#   touched (see "SPECIFYING AND USING A REFEX" above for details)
+
+# - file/dir NAME-based restrictions are *in addition* to normal (branch-name
+#   based) restrictions; they are not a *replacement* for them.  This is why
+#   rule #2 (or something like it, maybe with a more specific branch-name) is
+#   needed; without it, dev1/2/3/4 cannot push any branches.
+
+# - if a repo has *any* NAME/ rules, then NAME-based restrictions are checked
+#   for *all* users.  This is why rule 3 is needed, even though we don't
+#   actually have any NAME-based restrictions on lead_dev.  Notice the pattern
+#   on rule 3.
+
+# - *each* file touched by the commits being pushed is checked against those
+#   rules.  So, lead_dev can push changes to any files, dev1/2 can push
+#   changes to files in "doc/" and "src/" (but not the top level README), and
+#   dev3/4 can only push changes to files in "src/".
+
+# GITWEB AND DAEMON STUFF
+# -----------------------
+
+# No specific syntax for gitweb and daemon access; just make the repo readable
+# ("R" access) to the special users "gitweb" and "daemon"
+
+                # make "@oss_repos" (all 7 of them!) accessible via git daemon
+repo    @oss_repos
+        R                               =   daemon
+
+                # make the two *large* repos accessible via gitweb
+repo    linux perl
+        R                               =   gitweb
+
+# REPO OWNER/DESCRIPTION LINE FOR GITWEB
+
+# syntax, one of:
+#   reponame = "some description string in double quotes"
+#   reponame "owner name" = "some description string in double quotes"
+
+# note: setting a description also gives gitweb access; you do not have to
+# give gitweb access as described above if you're specifying a description
+
+gitolite "Sitaram Chamarty" = "fast, secure, access control for git in a corporate environment"
+foo = "Foo is a nice test repo"
+foobar "Bob Zilla" = "Foobar is top secret"
+bar = "A nice place to get drinks"
+
+# REPO SPECIFIC GITCONFIG
+# -----------------------
+
+# update 2010-02-06; this won't work unless the rc file has the right
+# settings; please see comments around the variable $GL_GITCONFIG_KEYS in
+# conf/example.gitolite.rc for details and security information.
+
+# (Thanks to teemu dot matilainen at iki dot fi)
+
+# this should be specified within a "repo" stanza
+
+# syntax:
+#   config sectionname.keyname = [optional value_string]
+
+# example usage: if you placed a hook in hooks/common that requires
+# configuration information that is specific to each repo, you could do this:
+
+repo gitolite
+    config hooks.mailinglist = gitolite-commits@example.tld
+    config hooks.emailprefix = "[gitolite] "
+    config foo.bar = ""
+    config foo.baz =
+
+# This does either a plain "git config section.key value" (for the first 3
+# examples above) or "git config --unset-all section.key" (for the last
+# example).  Other forms (--add, the value_regex, etc) are not supported.
+
+# INCLUDE SOME OTHER FILE
+# -----------------------
+
+    include     "foo.conf"
+    subconf     "bar.conf"
+
+# this includes the contents of $GL_ADMINDIR/conf/foo.conf here
+
+# Notes:
+# - the include statement is not allowed inside delegated fragments for
+#   security reasons.
+# - you can also use an absolute path if you like, although in the interests
+#   of cloning the admin-repo sanely you should avoid doing this!
+
+# EXTERNAL COMMAND HELPERS -- RSYNC
+# ---------------------------------
+
+# If $RSYNC_BASE is non-empty, the following config entries come into play
+# (otherwise they are ignored):
+
+# a "fake" git repository to collect rsync rules.  Gitolite does not
+# auto-create any repo whose name starts with EXTCMD/
+repo    EXTCMD/rsync
+# grant permissions to files/dirs within the $RSYNC_BASE tree.  A leading
+# NAME/ is required as a prefix; the actual path starts after that.  Matching
+# follows the same rules as given in "FILE/DIR NAME BASED RESTRICTIONS" above
+        RW  NAME/                       =   sitaram
+        RW  NAME/foo/                   =   user1
+        R   NAME/bar/                   =   user2
+# just to remind you that these are perl regexes, not shell globs
+        RW  NAME/baz/.*/*.c             =   user3

data/spec/configs/simple.conf

@@ -0,0 +1,5 @@
+repo    gitolite-admin
+        RW+     =   bobzilla
+
+repo    testing
+        RW+     =   @all

data/spec/gitolite_admin_spec.rb

@@ -0,0 +1,4 @@
+require 'gitolite/gitolite_admin'
+
+describe Gitolite::GitoliteAdmin do
+end

data/spec/group_spec.rb

@@ -0,0 +1,126 @@
+require 'gitolite/config/group'
+require 'spec_helper'
+
+describe Gitolite::Config::Group do
+  describe "#new" do
+    it "should create a new group with an empty list of users" do
+      group = Gitolite::Config::Group.new("testgroup")
+      group.users.empty?.should be true
+      group.name.should == "testgroup"
+    end
+
+    it "should create a new group with a name containing #{Gitolite::Config::Group::PREPEND_CHAR}" do
+      name = "#{Gitolite::Config::Group::PREPEND_CHAR}testgroup"
+      group = Gitolite::Config::Group.new(name)
+      group.name.should == "testgroup"
+    end
+  end
+
+  describe "users" do
+    before :each do
+      @group = Gitolite::Config::Group.new('testgroup')
+    end
+
+    describe "#add_user" do
+      it "should allow adding one user with a string" do
+        @group.add_user("bob")
+        @group.size.should == 1
+        @group.users.first.should == "bob"
+      end
+
+      it "should allow adding one user with a symbol" do
+        @group.add_user(:bob)
+        @group.size.should == 1
+        @group.users.first.should == "bob"
+      end
+
+      it "should not add the same user twice" do
+        @group.add_user("bob")
+        @group.size.should == 1
+        @group.add_user(:bob)
+        @group.size.should == 1
+        @group.users.first.should == "bob"
+      end
+
+      it "should maintain users in sorted order" do
+        @group.add_user("susan")
+        @group.add_user("peyton")
+        @group.add_user("bob")
+        @group.users.first.should == "bob"
+        @group.users.last.should == "susan"
+      end
+    end
+
+    describe "#add_users" do
+      it "should allow adding multiple users at once" do
+        @group.add_users("bob", "joe", "sue", "sam", "dan")
+        @group.size.should == 5
+      end
+
+      it "should allow adding multiple users in nested arrays" do
+        @group.add_users(["bob", "joe", ["sam", "sue", "dan"]], "bill")
+        @group.size.should == 6
+      end
+
+      it "should allow adding users of symbols and strings" do
+        @group.add_users("bob", :joe, :sue, "sam")
+        @group.size.should == 4
+      end
+
+      it "should not add the same user twice" do
+        @group.add_users("bob", :bob, "bob", "sam")
+        @group.size.should == 2
+      end
+    end
+
+    describe "#rm_user" do
+      before :each do
+        @group.add_users("bob", "joe", "susan", "sam", "alex")
+      end
+
+      it "should support removing a user via a String" do
+        @group.rm_user("bob")
+        @group.size.should == 4
+      end
+
+      it "should support removing a user via a Symbol" do
+        @group.rm_user(:bob)
+        @group.size.should == 4
+      end
+    end
+
+    describe "#empty!" do
+      it "should clear all users from the group" do
+        @group.add_users("bob", "joe", "sue", "jim")
+        @group.size.should == 4
+        @group.empty!
+        @group.size.should == 0
+      end
+    end
+
+    describe "#size" do
+      it "should reflect how many users are in the group" do
+        @group.add_users("bob", "joe", "sue", "jim")
+        @group.users.length.should == @group.size
+      end
+    end
+
+    describe "#has_user?" do
+      it "should search for a user via a String" do
+        @group.add_user("bob")
+        @group.has_user?("bob").should be true
+      end
+
+      it "should search for a user via a Symbol" do
+        @group.add_user(:bob)
+        @group.has_user?(:bob).should be true
+      end
+    end
+  end
+
+  describe "#to_s" do
+    group = Gitolite::Config::Group.new("testgroup")
+    group.add_users("bob", "joe", "sam", "sue")
+    group.to_s.should == "@testgroup          = bob joe sam sue\n" #10 spaces after @testgroup
+  end
+end

data/spec/repo_spec.rb

@@ -0,0 +1,184 @@
+require 'hashery'
+require 'gitolite/config/repo'
+require 'spec_helper'
+
+describe Gitolite::Config::Repo do
+  before(:each) do
+    @repo = Gitolite::Config::Repo.new("CoolRepo")
+  end
+
+  describe '#new' do
+    it 'should create a repo called "CoolRepo"' do
+      @repo.name.should == "CoolRepo"
+    end
+  end
+
+  describe "deny rules" do
+    it 'should maintain the order of rules for a repository' do
+      @repo.add_permission("RW+", "", "bob", "joe", "sam")
+      @repo.add_permission("R", "", "sue", "jen", "greg")
+      @repo.add_permission("-", "refs/tags/test[0-9]", "@students", "jessica")
+      @repo.add_permission("RW", "refs/tags/test[0-9]", "@teachers", "bill", "todd")
+      @repo.add_permission("R", "refs/tags/test[0-9]", "@profs")
+
+      @repo.permissions.length.should == 2
+      @repo.permissions[0].size.should == 2
+      @repo.permissions[1].size.should == 3
+    end
+  end
+
+  describe '#add_permission' do
+    it 'should allow adding a permission to the permissions list' do
+      @repo.add_permission("RW+")
+      @repo.permissions.length.should == 1
+      @repo.permissions.first.keys.first.should == "RW+"
+    end
+
+    it 'should allow adding a permission while specifying a refex' do
+      @repo.add_permission("RW+", "refs/heads/master")
+      @repo.permissions.length.should == 1
+      @repo.permissions.first.keys.first.should == "RW+"
+      @repo.permissions.first.values.last.first.first.should == "refs/heads/master"
+    end
+
+    it 'should allow specifying users individually' do
+      @repo.add_permission("RW+", "", "bob", "joe", "susan", "sam", "bill")
+      @repo.permissions.first["RW+"][""].should == %w[bob joe susan sam bill]
+    end
+
+    it 'should allow specifying users as an array' do
+      users = %w[bob joe susan sam bill]
+
+      @repo.add_permission("RW+", "", users)
+      @repo.permissions.first["RW+"][""].should == users
+    end
+
+    it 'should not allow adding an invalid permission via an InvalidPermissionError' do
+      expect {@repo.add_permission("BadPerm")}.to raise_error
+    end
+  end
+
+  describe "permissions" do
+    before(:each) do
+      @repo = Gitolite::Config::Repo.new("CoolRepo")
+    end
+
+    it 'should allow adding the permission C' do
+      @repo.add_permission("C", "", "bob")
+    end
+
+    it 'should allow adding the permission -' do
+      @repo.add_permission("-", "", "bob")
+    end
+
+    it 'should allow adding the permission R' do
+      @repo.add_permission("R", "", "bob")
+    end
+
+    it 'should allow adding the permission RM' do
+      @repo.add_permission("RM", "", "bob")
+    end
+
+    it 'should allow adding the permission RW' do
+      @repo.add_permission("RW", "", "bob")
+    end
+
+    it 'should allow adding the permission RWM' do
+      @repo.add_permission("RWM", "", "bob")
+    end
+
+    it 'should allow adding the permission RW+' do
+      @repo.add_permission("RW+", "", "bob")
+    end
+
+    it 'should allow adding the permission RW+M' do
+      @repo.add_permission("RW+M", "", "bob")
+    end
+
+    it 'should allow adding the permission RWC' do
+      @repo.add_permission("RWC", "", "bob")
+    end
+
+    it 'should allow adding the permission RWCM' do
+      @repo.add_permission("RWCM", "", "bob")
+    end
+
+    it 'should allow adding the permission RW+C' do
+      @repo.add_permission("RW+C", "", "bob")
+    end
+
+    it 'should allow adding the permission RW+CM' do
+      @repo.add_permission("RW+CM", "", "bob")
+    end
+
+    it 'should allow adding the permission RWD' do
+      @repo.add_permission("RWD", "", "bob")
+    end
+
+    it 'should allow adding the permission RWDM' do
+      @repo.add_permission("RWDM", "", "bob")
+    end
+
+    it 'should allow adding the permission RW+D' do
+      @repo.add_permission("RW+D", "", "bob")
+    end
+
+    it 'should allow adding the permission RW+DM' do
+      @repo.add_permission("RW+DM", "", "bob")
+    end
+
+    it 'should allow adding the permission RWCD' do
+      @repo.add_permission("RWCD", "", "bob")
+    end
+
+    it 'should allow adding the permission RWCDM' do
+      @repo.add_permission("RWCDM", "", "bob")
+    end
+
+    it 'should allow adding the permission RW+CD' do
+      @repo.add_permission("RW+CD", "", "bob")
+    end
+
+    it 'should allow adding the permission RW+CDM' do
+      @repo.add_permission("RW+CDM", "", "bob")
+    end
+  end
+
+  describe 'git config options' do
+    it 'should allow setting a git configuration option' do
+      email = "bob@zilla.com"
+      @repo.set_git_config("email", email).should == email
+    end
+
+    it 'should allow deletion of an existing git configuration option' do
+      email = "bob@zilla.com"
+      @repo.set_git_config("email", email)
+      @repo.unset_git_config("email").should == email
+    end
+
+  end
+
+  describe 'permission management' do
+    it 'should combine two entries for the same permission and refex' do
+      users = %w[bob joe susan sam bill]
+      more_users = %w[sally peyton andrew erin]
+
+      @repo.add_permission("RW+", "", users)
+      @repo.add_permission("RW+", "", more_users)
+      @repo.permissions.first["RW+"][""].should == users.concat(more_users)
+      @repo.permissions.first["RW+"][""].length.should == 9
+    end
+
+    it 'should not list the same users twice for the same permission level' do
+      users = %w[bob joe susan sam bill]
+      more_users = %w[bob peyton andrew erin]
+      even_more_users = %w[bob jim wayne courtney]
+
+      @repo.add_permission("RW+", "", users)
+      @repo.add_permission("RW+", "", more_users)
+      @repo.add_permission("RW+", "", even_more_users)
+      @repo.permissions.first["RW+"][""].should == users.concat(more_users).concat(even_more_users).uniq!
+      @repo.permissions.first["RW+"][""].length.should == 11
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,2 @@
+require 'forgery'
+require 'tmpdir'