Author: pburba
Date: Mon Sep 10 16:10:18 2012
New Revision: 1382961
URL: http://svn.apache.org/viewvc?rev=1382961&view=rev
Log:
On the inheritable-props branch: Add a test which checks that property
inheritance is disallowed from parents which the user doesn't have read
access to.
* subversion/tests/cmdline/iprop_authz_tests.py: New.
Added:
subversion/branches/inheritable-props/subversion/tests/cmdline/iprop_authz_tests.py
(with props)
Added:
subversion/branches/inheritable-props/subversion/tests/cmdline/iprop_authz_tests.py
URL:
http://svn.apache.org/viewvc/subversion/branches/inheritable-props/subversion/tests/cmdline/iprop_authz_tests.py?rev=1382961&view=auto
==============================================================================
---
subversion/branches/inheritable-props/subversion/tests/cmdline/iprop_authz_tests.py
(added)
+++
subversion/branches/inheritable-props/subversion/tests/cmdline/iprop_authz_tests.py
Mon Sep 10 16:10:18 2012
@@ -0,0 +1,130 @@
+#!/usr/bin/env python
+#
+# iprop_authz_tests.py: iprop tests that need to write an authz file
+#
+# Subversion is a tool for revision control.
+# See http://subversion.apache.org for more information.
+#
+# ====================================================================
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+######################################################################
+
+# General modules
+import os
+
+# Our testing module
+import svntest
+
+# (abbreviation)
+Skip = svntest.testcase.Skip_deco
+
+from svntest.main import write_restrictive_svnserve_conf
+from svntest.main import write_authz_file
+
+######################################################################
+# Tests
+
+#----------------------------------------------------------------------
+# Property inheritance with read restrictions on parent paths.
+@Skip(svntest.main.is_ra_type_file)
+def iprops_authz(sbox):
+ "property inheritance and read restricted parents"
+
+ sbox.build()
+ wc_dir = sbox.wc_dir
+
+ # r2 - Set properties at various levels.
+ sbox.simple_propset('RootProp', 'Root-Prop-Val', '.')
+ sbox.simple_propset('BranchProp', 'Branch-Prop-Val', 'A')
+ sbox.simple_propset('RandomProp1', 'Random-Prop-Val-1', 'A/D')
+ sbox.simple_propset('RandomProp2', 'Random-Prop-Val-2', 'A/D/H')
+ sbox.simple_propset('FileProp1', 'File-Prop-Val-1', 'A/D/H/psi')
+ svntest.main.run_svn(None, 'commit', '-m', 'Add some properties',
+ wc_dir)
+
+ write_restrictive_svnserve_conf(sbox.repo_dir)
+
+ # Check that a restricted user can only see inherited props from
+ # parent paths which he has read access to.
+
+ # Grant access only to ^/A/D/H/psi. No inherited properties should
+ # be shown.
+ write_authz_file(sbox, {
+ "/A/D/H/psi" : svntest.main.wc_author + "=rw",})
+
+ expected_iprops = {}
+ expected_explicit_props = {'FileProp1' : 'File-Prop-Val-1'}
+ svntest.actions.run_and_verify_inherited_prop_xml(
+ sbox.repo_url + '/A/D/H/psi', expected_iprops, expected_explicit_props)
+
+ # Grant access to ^/A/D/H/psi and the repos root but not the intermediate
+ # paths between the two.
+ write_authz_file(sbox, {
+ "/" : svntest.main.wc_author + "=rw",
+ "/A" : svntest.main.wc_author + "=",
+ "/A/D/H/psi" : svntest.main.wc_author + "=rw",})
+
+ expected_iprops = {
+ sbox.repo_url : {'RootProp' : 'Root-Prop-Val'}}
+ svntest.actions.run_and_verify_inherited_prop_xml(
+ sbox.repo_url + '/A/D/H/psi', expected_iprops, expected_explicit_props)
+
+ # Grant access to ^/A/D/H/psi, the repos root, and the intermediate path
+ # ^/A/D. Everything else is still blocked.
+ write_authz_file(sbox, {
+ "/" : svntest.main.wc_author + "=rw",
+ "/A" : svntest.main.wc_author + "=",
+ "/A/D" : svntest.main.wc_author + "=rw",
+ "/A/D/H" : svntest.main.wc_author + "=",
+ "/A/D/H/psi" : svntest.main.wc_author + "=rw",})
+
+ expected_iprops = {
+ sbox.repo_url : {'RootProp' : 'Root-Prop-Val'},
+ sbox.repo_url + '/A/D': {'RandomProp1' : 'Random-Prop-Val-1'}}
+ svntest.actions.run_and_verify_inherited_prop_xml(
+ sbox.repo_url + '/A/D/H/psi', expected_iprops, expected_explicit_props)
+
+ # Grant read access to everything except ^/A/D/H/psi. In this case we
+ # should get an authorization failed error. It doesn't matter that we can
+ # read the parents.
+ write_authz_file(sbox, {
+ "/" : svntest.main.wc_author + "=rw",
+ "/A/D/H/psi" : svntest.main.wc_author + "=",})
+ if sbox.repo_url.startswith("http"):
+ expected_err = ".*[Ff]orbidden.*"
+ else:
+ expected_err = ".*svn: E170001: Authorization failed.*"
+ svntest.actions.run_and_verify_svn(
+ None, None, expected_err, 'proplist', '-v',
+ '--show-inherited-props', sbox.repo_url + '/A/D/H/psi')
+
+########################################################################
+# Run the tests
+
+# list all tests here, starting with None:
+test_list = [ None,
+ iprops_authz,
+ ]
+
+serial_only = True
+
+if __name__ == '__main__':
+ svntest.main.run_tests(test_list)
+ # NOTREACHED
+
+### End of file.
Propchange:
subversion/branches/inheritable-props/subversion/tests/cmdline/iprop_authz_tests.py
------------------------------------------------------------------------------
svn:eol-style = native
Propchange:
subversion/branches/inheritable-props/subversion/tests/cmdline/iprop_authz_tests.py
------------------------------------------------------------------------------
svn:executable = *
