def assertPathPerm(self, result, user, reponame=None, path=None):
"""Assert that `user` is granted access `result` to `path` within
the repository `reponame`.
"""
policy = AuthzSourcePolicy(self.env)
resource = None
if reponame is not None:
resource = Resource('source',
path,
parent=Resource('repository', reponame))
for perm in ('BROWSER_VIEW', 'FILE_VIEW', 'LOG_VIEW'):
check = policy.check_permission(perm, user, resource, None)
self.assertEqual(result, check)
def test_get_authz_file_removed_raises(self):
"""ConfigurationError exception is raised if file is removed."""
policy = AuthzSourcePolicy(self.env)
os.remove(self.authz_file)
self.assertRaises(ConfigurationError, policy.check_permission,
'BROWSER_VIEW', 'user', None, None)
def setUp(self):
self.env = EnvironmentStub(path=mkdtemp())
self.env.config.filename = os.path.join(self.env.path, 'trac.ini')
AuthzSourcePolicy(self.env)
RepositoryManager(self.env)
def setUp(self):
tmpdir = os.path.realpath(tempfile.gettempdir())
self.authz = os.path.join(tmpdir, 'trac-authz')
create_file(self.authz, """\
[groups]
group1 = user
group2 = @group1
cycle1 = @cycle2
cycle2 = @cycle3
cycle3 = @cycle1, user
alias1 = &jekyll
alias2 = @alias1
[aliases]
jekyll = Mr Hyde
# Read / write permissions
[/readonly]
user = r
[/writeonly]
user = w
[/readwrite]
user = rw
[/empty]
user =
# Trailing slashes
[/trailing_a]
user = r
[/trailing_b/]
user = r
# Sub-paths
[/sub/path]
user = r
# Module usage
[module:/module_a]
user = r
[other:/module_b]
user = r
[/module_c]
user = r
[module:/module_d]
user =
[/module_d]
user = r
# Wildcards
[/wildcard]
* = r
# Special tokens
[/special/anonymous]
$anonymous = r
[/special/authenticated]
$authenticated = r
# Groups
[/groups_a]
@group1 = r
[/groups_b]
@group2 = r
[/cyclic]
@cycle1 = r
# Precedence
[module:/precedence_a]
user =
[/precedence_a]
user = r
[/precedence_b]
user = r
[/precedence_b/sub]
user =
[/precedence_b/sub/test]
user = r
[/precedence_c]
user =
@group1 = r
[/precedence_d]
@group1 = r
user =
# Aliases
[/aliases_a]
&jekyll = r
[/aliases_b]
@alias2 = r
# Scoped repository
[scoped:/scope/dir1]
joe = r
[scoped:/scope/dir2]
jane = r
""")
self.env = EnvironmentStub(enable=[AuthzSourcePolicy])
self.env.config.set('trac', 'authz_file', self.authz)
self.policy = AuthzSourcePolicy(self.env)
# Monkey-subclass RepositoryManager to serve mock repositories
rm = RepositoryManager(self.env)
class TestRepositoryManager(rm.__class__):
def get_real_repositories(self):
return set([Mock(reponame='module'),
Mock(reponame='other'),
Mock(reponame='scoped')])
def get_repository(self, reponame):
if reponame == 'scoped':
def get_changeset(rev):
if rev == 123:
def get_changes():
yield ('/dir1/file',)
elif rev == 456:
def get_changes():
yield ('/dir2/file',)
else:
def get_changes():
return iter([])
return Mock(get_changes=get_changes)
return Mock(scope='/scope',
get_changeset=get_changeset)
return Mock(scope='/')
rm.__class__ = TestRepositoryManager
def update_auth_files(self):
"""Rewrites all configured auth files for all managed
repositories.
"""
types = self.get_supported_types()
all_repositories = []
for repo in self.manager.get_real_repositories():
try:
convert_managed_repository(self.env, repo)
all_repositories.append(repo)
except:
pass
for type in types:
repos = [repo for repo in all_repositories if repo.type == type]
self._get_repository_connector(type).update_auth_files(repos)
authz_source_file = AuthzSourcePolicy(self.env).authz_file
if authz_source_file:
authz_source_path = os.path.join(self.env.path, authz_source_file)
authz = ConfigParser()
groups = set()
for repo in all_repositories:
groups |= {
name
for name in repo.maintainers() if name[0] == '@'
}
groups |= {name for name in repo.writers() if name[0] == '@'}
groups |= {name for name in repo.readers() if name[0] == '@'}
authz.add_section('groups')
for group in groups:
members = expand_user_set(self.env, [group])
authz.set('groups', group[1:], ', '.join(sorted(members)))
authenticated = sorted({u[0] for u in self.env.get_known_users()})
authz.set('groups', 'authenticated', ', '.join(authenticated))
for repo in all_repositories:
section = repo.reponame + ':/'
authz.add_section(section)
r = repo.maintainers() | repo.writers() | repo.readers()
def apply_user_list(users, action):
if not users:
return
if 'anonymous' in users:
authz.set(section, '*', action)
return
if 'authenticated' in users:
authz.set(section, '@authenticated', action)
return
for user in sorted(users):
authz.set(section, user, action)
apply_user_list(r, 'r')
self._prepare_base_directory(authz_source_path)
with open(authz_source_path, 'wb') as authz_file:
authz.write(authz_file)
try:
modes = stat.S_IRUSR | stat.S_IWUSR | stat.S_IRGRP | stat.S_IWGRP
os.chmod(authz_source_path, modes)
except:
pass
