def assertPathPerm(self, result, user, reponame=None, path=None): """Assert that `user` is granted access `result` to `path` within the repository `reponame`. """ policy = AuthzSourcePolicy(self.env) resource = None if reponame is not None: resource = Resource('source', path, parent=Resource('repository', reponame)) for perm in ('BROWSER_VIEW', 'FILE_VIEW', 'LOG_VIEW'): check = policy.check_permission(perm, user, resource, None) self.assertEqual(result, check)
def test_get_authz_file_removed_raises(self): """ConfigurationError exception is raised if file is removed.""" policy = AuthzSourcePolicy(self.env) os.remove(self.authz_file) self.assertRaises(ConfigurationError, policy.check_permission, 'BROWSER_VIEW', 'user', None, None)
def setUp(self): self.env = EnvironmentStub(path=mkdtemp()) self.env.config.filename = os.path.join(self.env.path, 'trac.ini') AuthzSourcePolicy(self.env) RepositoryManager(self.env)
def setUp(self): tmpdir = os.path.realpath(tempfile.gettempdir()) self.authz = os.path.join(tmpdir, 'trac-authz') create_file(self.authz, """\ [groups] group1 = user group2 = @group1 cycle1 = @cycle2 cycle2 = @cycle3 cycle3 = @cycle1, user alias1 = &jekyll alias2 = @alias1 [aliases] jekyll = Mr Hyde # Read / write permissions [/readonly] user = r [/writeonly] user = w [/readwrite] user = rw [/empty] user = # Trailing slashes [/trailing_a] user = r [/trailing_b/] user = r # Sub-paths [/sub/path] user = r # Module usage [module:/module_a] user = r [other:/module_b] user = r [/module_c] user = r [module:/module_d] user = [/module_d] user = r # Wildcards [/wildcard] * = r # Special tokens [/special/anonymous] $anonymous = r [/special/authenticated] $authenticated = r # Groups [/groups_a] @group1 = r [/groups_b] @group2 = r [/cyclic] @cycle1 = r # Precedence [module:/precedence_a] user = [/precedence_a] user = r [/precedence_b] user = r [/precedence_b/sub] user = [/precedence_b/sub/test] user = r [/precedence_c] user = @group1 = r [/precedence_d] @group1 = r user = # Aliases [/aliases_a] &jekyll = r [/aliases_b] @alias2 = r # Scoped repository [scoped:/scope/dir1] joe = r [scoped:/scope/dir2] jane = r """) self.env = EnvironmentStub(enable=[AuthzSourcePolicy]) self.env.config.set('trac', 'authz_file', self.authz) self.policy = AuthzSourcePolicy(self.env) # Monkey-subclass RepositoryManager to serve mock repositories rm = RepositoryManager(self.env) class TestRepositoryManager(rm.__class__): def get_real_repositories(self): return set([Mock(reponame='module'), Mock(reponame='other'), Mock(reponame='scoped')]) def get_repository(self, reponame): if reponame == 'scoped': def get_changeset(rev): if rev == 123: def get_changes(): yield ('/dir1/file',) elif rev == 456: def get_changes(): yield ('/dir2/file',) else: def get_changes(): return iter([]) return Mock(get_changes=get_changes) return Mock(scope='/scope', get_changeset=get_changeset) return Mock(scope='/') rm.__class__ = TestRepositoryManager
def update_auth_files(self): """Rewrites all configured auth files for all managed repositories. """ types = self.get_supported_types() all_repositories = [] for repo in self.manager.get_real_repositories(): try: convert_managed_repository(self.env, repo) all_repositories.append(repo) except: pass for type in types: repos = [repo for repo in all_repositories if repo.type == type] self._get_repository_connector(type).update_auth_files(repos) authz_source_file = AuthzSourcePolicy(self.env).authz_file if authz_source_file: authz_source_path = os.path.join(self.env.path, authz_source_file) authz = ConfigParser() groups = set() for repo in all_repositories: groups |= { name for name in repo.maintainers() if name[0] == '@' } groups |= {name for name in repo.writers() if name[0] == '@'} groups |= {name for name in repo.readers() if name[0] == '@'} authz.add_section('groups') for group in groups: members = expand_user_set(self.env, [group]) authz.set('groups', group[1:], ', '.join(sorted(members))) authenticated = sorted({u[0] for u in self.env.get_known_users()}) authz.set('groups', 'authenticated', ', '.join(authenticated)) for repo in all_repositories: section = repo.reponame + ':/' authz.add_section(section) r = repo.maintainers() | repo.writers() | repo.readers() def apply_user_list(users, action): if not users: return if 'anonymous' in users: authz.set(section, '*', action) return if 'authenticated' in users: authz.set(section, '@authenticated', action) return for user in sorted(users): authz.set(section, user, action) apply_user_list(r, 'r') self._prepare_base_directory(authz_source_path) with open(authz_source_path, 'wb') as authz_file: authz.write(authz_file) try: modes = stat.S_IRUSR | stat.S_IWUSR | stat.S_IRGRP | stat.S_IWGRP os.chmod(authz_source_path, modes) except: pass