Index: subversion/tests/cmdline/authz_tests.py =================================================================== --- subversion/tests/cmdline/authz_tests.py (revision 19531) +++ subversion/tests/cmdline/authz_tests.py (working copy) @@ -17,7 +17,7 @@ ###################################################################### # General modules -import os +import os, re # Our testing module import svntest @@ -32,7 +32,7 @@ # def write_restrictive_svnserve_conf(repo_dir): - "Create a restrictive authz file ( no anynomous access )." + "Create a restrictive svn conf file ( no anynomous access )." fp = open(svntest.main.get_svnserve_conf_file_path(repo_dir), 'w') fp.write("[general]\nanon-access = none\nauth-access = write\n" @@ -57,22 +57,22 @@ def authz_open_root(sbox): "authz issue #2486 - open root" sbox.build() - + skip_test_when_no_authz_available() - + fp = open(sbox.authz_file, 'w') fp.write("[/]\n\n[/A]\njrandom = rw\n") fp.close() - + write_restrictive_svnserve_conf(svntest.main.current_repo_dir) # we have write access in folder /A, but not in root. Test on too # restrictive access needed in open_root by modifying a file in /A wc_dir = sbox.wc_dir - + mu_path = os.path.join(wc_dir, 'A', 'mu') svntest.main.file_append(mu_path, "hi") - + # Create expected output tree. expected_output = svntest.wc.State(wc_dir, { 'A/mu' : Item(verb='Sending'), @@ -94,25 +94,25 @@ def authz_open_directory(sbox): "authz issue #2486 - open directory" sbox.build() - + skip_test_when_no_authz_available() - + fp = open(sbox.authz_file, 'w') fp.write("[/]\n*=rw\n[/A/B]\n*=\n[/A/B/E]\njrandom = rw\n") fp.close() - + write_restrictive_svnserve_conf(svntest.main.current_repo_dir) # we have write access in folder /A/B/E, but not in /A/B. Test on too # restrictive access needed in open_directory by moving file /A/mu to # /A/B/E wc_dir = sbox.wc_dir - + mu_path = os.path.join(wc_dir, 'A', 'mu') E_path = os.path.join(wc_dir, 'A', 'B', 'E') - + svntest.main.run_svn(None, 'mv', mu_path, E_path) - + # Create expected output tree. expected_output = svntest.wc.State(wc_dir, { 'A/mu' : Item(verb='Deleting'), @@ -151,6 +151,217 @@ if not err: raise svntest.actions.SVNUnexpectedStderr("Missing stderr") +# test whether read access is correctly granted and denied +def authz_read_access(sbox): + "test authz for read operations" + + sbox.build() + wc_dir = sbox.wc_dir + + # write the authentication file + fp = open(sbox.authz_file, 'w') + fp.write("[/]\n*=r\n[/A/B]\n*=\n[/A/D]\n*=rw\n") + fp.close() + + skip_test_when_no_authz_available() + + write_restrictive_svnserve_conf(svntest.main.current_repo_dir) + + root_url = svntest.main.current_repo_url + A_url = root_url + '/A' + B_url = A_url + '/B' + C_url = A_url + '/C' + E_url = B_url + '/E' + mu_url = A_url + '/mu' + iota_url = root_url + '/iota' + lambda_url = B_url + '/lambda' + alpha_url = E_url + '/alpha' + D_url = A_url + '/D' + + # read a remote file + svntest.actions.run_and_verify_svn(None, ["This is the file 'iota'.\n"], + [], 'cat', + '--username', svntest.main.wc_author, + '--password', svntest.main.wc_passwd, + iota_url) + + # read a remote file, unreadable: should fail + svntest.actions.run_and_verify_svn("", + None, ".*svn: Authorization failed.*", + 'cat', + '--username', svntest.main.wc_author, + '--password', svntest.main.wc_passwd, + lambda_url) + + # read a remote file, unreadable through recursion: should fail + output, errput = svntest.actions.run_and_verify_svn("", + None, ".*svn: Authorization failed.*", + 'cat', + '--username', svntest.main.wc_author, + '--password', svntest.main.wc_passwd, + alpha_url) + + # open a remote folder(ls) + svntest.actions.run_and_verify_svn("ls remote root folder", + ["A/\n", "iota\n"], + [], 'ls', + '--username', svntest.main.wc_author, + '--password', svntest.main.wc_passwd, + root_url) + + # open a remote folder(ls), unreadable: should fail + output, errput = svntest.actions.run_and_verify_svn("", + None, svntest.SVNAnyOutput, 'ls', + '--username', svntest.main.wc_author, + '--password', svntest.main.wc_passwd, + B_url) + + # open a remote folder(ls), unreadable through recursion: should fail + output, errput = svntest.actions.run_and_verify_svn("", + None, ".*svn: Authorization failed.*", + 'ls', + '--username', svntest.main.wc_author, + '--password', svntest.main.wc_passwd, + E_url) + + # copy a remote file + svntest.actions.run_and_verify_svn("", None, [], 'cp', + '--username', svntest.main.wc_author, + '--password', svntest.main.wc_passwd, + iota_url, D_url, + '-m', 'logmsg') + + # copy a remote file, source is unreadable: should fail + svntest.actions.run_and_verify_svn("", + None, ".*svn: Authorization failed.*", + 'cp', + '--username', svntest.main.wc_author, + '--password', svntest.main.wc_passwd, + '-m', 'logmsg', + lambda_url, D_url) + + # copy a remote folder + svntest.actions.run_and_verify_svn("", None, [], 'cp', + '--username', svntest.main.wc_author, + '--password', svntest.main.wc_passwd, + C_url, D_url, + '-m', 'logmsg') + + # copy a remote folder, source is unreadable: should fail + svntest.actions.run_and_verify_svn("", + None, ".*svn: Authorization failed.*", + 'cp', + '--username', svntest.main.wc_author, + '--password', svntest.main.wc_passwd, + '-m', 'logmsg', + E_url, D_url) + +# test whether write access is correctly granted and denied +def authz_write_access(sbox): + "test authz for write operations" + + sbox.build() + wc_dir = sbox.wc_dir + + fp = open(sbox.authz_file, 'w') + fp.write("[/]\n*=r\n[/A/B]\n*=rw\n[/A/C]\n*=rw\n") + fp.close() + + skip_test_when_no_authz_available() + + write_restrictive_svnserve_conf(svntest.main.current_repo_dir) + + root_url = svntest.main.current_repo_url + A_url = root_url + '/A' + B_url = A_url + '/B' + C_url = A_url + '/C' + E_url = B_url + '/E' + mu_url = A_url + '/mu' + iota_url = root_url + '/iota' + lambda_url = B_url + '/lambda' + D_url = A_url + '/D' + + # copy a remote file, target is readonly: should fail + svntest.actions.run_and_verify_svn("", + None, ".*svn: Access denied.*", + 'cp', + '--username', svntest.main.wc_author, + '--password', svntest.main.wc_passwd, + '-m', 'logmsg', + lambda_url, D_url) + + # copy a remote folder, target is readonly: should fail + svntest.actions.run_and_verify_svn("", + None, ".*svn: Access denied.*", + 'cp', + '--username', svntest.main.wc_author, + '--password', svntest.main.wc_passwd, + '-m', 'logmsg', + E_url, D_url) + + # delete a file, target is readonly: should fail + svntest.actions.run_and_verify_svn("", + None, ".*svn: Access denied.*", + 'rm', + '--username', svntest.main.wc_author, + '--password', svntest.main.wc_passwd, + '-m', 'logmsg', + iota_url) + + # delete a folder, target is readonly: should fail + svntest.actions.run_and_verify_svn("", + None, ".*svn: Access denied.*", + 'rm', + '--username', svntest.main.wc_author, + '--password', svntest.main.wc_passwd, + '-m', 'logmsg', + D_url) + + # create a folder, target is readonly: should fail + svntest.actions.run_and_verify_svn("", + None, ".*svn: Access denied.*", + 'mkdir', + '--username', svntest.main.wc_author, + '--password', svntest.main.wc_passwd, + '-m', 'logmsg', + A_url+'/newfolder') + + # move a remote file, source is readonly: should fail + svntest.actions.run_and_verify_svn("", + None, ".*svn: Access denied.*", + 'mv', + '--username', svntest.main.wc_author, + '--password', svntest.main.wc_passwd, + '-m', 'logmsg', + mu_url, C_url) + + # move a remote folder, source is readonly: should fail + svntest.actions.run_and_verify_svn("", + None, ".*svn: Access denied.*", + 'mv', + '--username', svntest.main.wc_author, + '--password', svntest.main.wc_passwd, + '-m', 'logmsg', + D_url, C_url) + + # move a remote file, target is readonly: should fail + svntest.actions.run_and_verify_svn("", + None, ".*svn: Access denied.*", + 'mv', + '--username', svntest.main.wc_author, + '--password', svntest.main.wc_passwd, + '-m', 'logmsg', + lambda_url, D_url) + + # move a remote folder, target is readonly: should fail + svntest.actions.run_and_verify_svn("", + None, ".*svn: Access denied.*", + 'mv', + '--username', svntest.main.wc_author, + '--password', svntest.main.wc_passwd, + '-m', 'logmsg', + B_url, D_url) + ######################################################################## # Run the tests @@ -162,6 +373,8 @@ authz_open_root, XFail(authz_open_directory, is_this_dav), broken_authz_file, + authz_read_access, + authz_write_access ] if __name__ == '__main__':