spec/lib/ssh_access_spec.rb

	ssh_access_spec.rb revision 63690d8280c5282c6bd057da5330a6ae8859af35
bcb4e51a409d94ae670de96afb8483a4f7855294Stephan Boschrequire 'spec_helper'
72a7c4f2ba93a723e23c941369a2985d75f240c9Stephan Bosch
72a7c4f2ba93a723e23c941369a2985d75f240c9Stephan Boschdescribe SSHAccess do
7f52e276c1bf13b4809344492023b90e46c3ac5dTimo Sirainen
72a7c4f2ba93a723e23c941369a2985d75f240c9Stephan Bosch  let(:permission) { create :permission, role: 'reader' }
72a7c4f2ba93a723e23c941369a2985d75f240c9Stephan Bosch  let(:user) { permission.subject }
e5a55bb6b867ee3ed95ac216996ff2e24bd596ccAki Tuomi  let(:repository) { permission.item }
72a7c4f2ba93a723e23c941369a2985d75f240c9Stephan Bosch
72a7c4f2ba93a723e23c941369a2985d75f240c9Stephan Bosch  context 'without a permission' do
72a7c4f2ba93a723e23c941369a2985d75f240c9Stephan Bosch
cca98b5accbfff773731a206950114acb8dcacfdAki Tuomi    it 'should allow read on public readable repository' do
cca98b5accbfff773731a206950114acb8dcacfdAki Tuomi      repository.access = 'public_r'
cca98b5accbfff773731a206950114acb8dcacfdAki Tuomi      access = described_class.determine_permission('read', nil, repository)
cca98b5accbfff773731a206950114acb8dcacfdAki Tuomi      expect(access).to be true
cca98b5accbfff773731a206950114acb8dcacfdAki Tuomi    end
cca98b5accbfff773731a206950114acb8dcacfdAki Tuomi
72a7c4f2ba93a723e23c941369a2985d75f240c9Stephan Bosch    it 'should disallow write on public readable repository' do
72a7c4f2ba93a723e23c941369a2985d75f240c9Stephan Bosch      repository.access = 'public_r'
72a7c4f2ba93a723e23c941369a2985d75f240c9Stephan Bosch      access = described_class.determine_permission('write', nil, repository)
72a7c4f2ba93a723e23c941369a2985d75f240c9Stephan Bosch      expect(access).to be false
72a7c4f2ba93a723e23c941369a2985d75f240c9Stephan Bosch    end
72a7c4f2ba93a723e23c941369a2985d75f240c9Stephan Bosch
72a7c4f2ba93a723e23c941369a2985d75f240c9Stephan Bosch    it 'should allow read on public read-writeable repository' do
cca98b5accbfff773731a206950114acb8dcacfdAki Tuomi      repository.access = 'public_rw'
cca98b5accbfff773731a206950114acb8dcacfdAki Tuomi      access = described_class.determine_permission('read', nil, repository)
cca98b5accbfff773731a206950114acb8dcacfdAki Tuomi      expect(access).to be true
cca98b5accbfff773731a206950114acb8dcacfdAki Tuomi    end
cca98b5accbfff773731a206950114acb8dcacfdAki Tuomi
cca98b5accbfff773731a206950114acb8dcacfdAki Tuomi    it 'should allow write on public read-writeable repository' do
cca98b5accbfff773731a206950114acb8dcacfdAki Tuomi      repository.access = 'public_rw'
cca98b5accbfff773731a206950114acb8dcacfdAki Tuomi      access = described_class.determine_permission('write', nil, repository)
cca98b5accbfff773731a206950114acb8dcacfdAki Tuomi      expect(access).to be true
cca98b5accbfff773731a206950114acb8dcacfdAki Tuomi    end
cca98b5accbfff773731a206950114acb8dcacfdAki Tuomi
cca98b5accbfff773731a206950114acb8dcacfdAki Tuomi    it 'should disallow read on private readable repository' do
cca98b5accbfff773731a206950114acb8dcacfdAki Tuomi      repository.access = 'private_r'
cca98b5accbfff773731a206950114acb8dcacfdAki Tuomi      access = described_class.determine_permission('read', nil, repository)
cca98b5accbfff773731a206950114acb8dcacfdAki Tuomi      expect(access).to be false
cca98b5accbfff773731a206950114acb8dcacfdAki Tuomi    end
cca98b5accbfff773731a206950114acb8dcacfdAki Tuomi
cca98b5accbfff773731a206950114acb8dcacfdAki Tuomi    it 'should disallow write on private readable repository' do
cca98b5accbfff773731a206950114acb8dcacfdAki Tuomi      repository.access = 'private_r'
cca98b5accbfff773731a206950114acb8dcacfdAki Tuomi      access = described_class.determine_permission('write', nil, repository)
cca98b5accbfff773731a206950114acb8dcacfdAki Tuomi      expect(access).to be false
cca98b5accbfff773731a206950114acb8dcacfdAki Tuomi    end
cca98b5accbfff773731a206950114acb8dcacfdAki Tuomi
cca98b5accbfff773731a206950114acb8dcacfdAki Tuomi    it 'should disallow read on private read-writeable repository' do
cca98b5accbfff773731a206950114acb8dcacfdAki Tuomi      repository.access = 'private_rw'
cca98b5accbfff773731a206950114acb8dcacfdAki Tuomi      access = described_class.determine_permission('read', nil, repository)
cca98b5accbfff773731a206950114acb8dcacfdAki Tuomi      expect(access).to be false
cca98b5accbfff773731a206950114acb8dcacfdAki Tuomi    end
cca98b5accbfff773731a206950114acb8dcacfdAki Tuomi
cca98b5accbfff773731a206950114acb8dcacfdAki Tuomi    it 'should disallow write on private read-writeable repository' do
cca98b5accbfff773731a206950114acb8dcacfdAki Tuomi      repository.access = 'private_rw'
cca98b5accbfff773731a206950114acb8dcacfdAki Tuomi      access = described_class.determine_permission('write', nil, repository)
cca98b5accbfff773731a206950114acb8dcacfdAki Tuomi      expect(access).to be false
cca98b5accbfff773731a206950114acb8dcacfdAki Tuomi    end
cca98b5accbfff773731a206950114acb8dcacfdAki Tuomi
efe78d3ba24fc866af1c79b9223dc0809ba26cadStephan Bosch    it 'should raise error on write to mirror repository' do
cca98b5accbfff773731a206950114acb8dcacfdAki Tuomi      repository.source_address = 'http://some_source_address.example.com'
cca98b5accbfff773731a206950114acb8dcacfdAki Tuomi      repository.source_type = 'git'
cca98b5accbfff773731a206950114acb8dcacfdAki Tuomi      expect { described_class.determine_permission('write', nil, repository) }.
cca98b5accbfff773731a206950114acb8dcacfdAki Tuomi        to raise_error(SSHAccess::InvalidAccessOnMirrorError)
cca98b5accbfff773731a206950114acb8dcacfdAki Tuomi    end
cca98b5accbfff773731a206950114acb8dcacfdAki Tuomi
cca98b5accbfff773731a206950114acb8dcacfdAki Tuomi  end
cca98b5accbfff773731a206950114acb8dcacfdAki Tuomi
cca98b5accbfff773731a206950114acb8dcacfdAki Tuomi  context 'with permission' do
cca98b5accbfff773731a206950114acb8dcacfdAki Tuomi
cca98b5accbfff773731a206950114acb8dcacfdAki Tuomi    context 'denoting owner rights' do
cca98b5accbfff773731a206950114acb8dcacfdAki Tuomi      let(:permission) { create :permission, role: 'owner' }
d54edc1ad7b71020f6726363308985e0658657fbTimo Sirainen
d54edc1ad7b71020f6726363308985e0658657fbTimo Sirainen      it 'should allow write on public readable repository' do
d54edc1ad7b71020f6726363308985e0658657fbTimo Sirainen        repository.access = 'public_r'
cca98b5accbfff773731a206950114acb8dcacfdAki Tuomi        access = described_class.determine_permission('write', permission, repository)
cca98b5accbfff773731a206950114acb8dcacfdAki Tuomi        expect(access).to be true
cca98b5accbfff773731a206950114acb8dcacfdAki Tuomi      end
cca98b5accbfff773731a206950114acb8dcacfdAki Tuomi
cca98b5accbfff773731a206950114acb8dcacfdAki Tuomi      it 'should allow write on private readable repository' do
cca98b5accbfff773731a206950114acb8dcacfdAki Tuomi        repository.access = 'private_r'
cca98b5accbfff773731a206950114acb8dcacfdAki Tuomi        access = described_class.determine_permission('write', permission, repository)
cca98b5accbfff773731a206950114acb8dcacfdAki Tuomi        expect(access).to be true
cca98b5accbfff773731a206950114acb8dcacfdAki Tuomi      end
cca98b5accbfff773731a206950114acb8dcacfdAki Tuomi
cca98b5accbfff773731a206950114acb8dcacfdAki Tuomi      it 'should raise error on write to mirror repository' do
cca98b5accbfff773731a206950114acb8dcacfdAki Tuomi        repository.source_address = 'http://some_source_address.example.com'
cca98b5accbfff773731a206950114acb8dcacfdAki Tuomi        repository.source_type = 'git'
cca98b5accbfff773731a206950114acb8dcacfdAki Tuomi        expect { described_class.determine_permission('write', permission, repository) }.
cca98b5accbfff773731a206950114acb8dcacfdAki Tuomi          to raise_error(SSHAccess::InvalidAccessOnMirrorError)
cca98b5accbfff773731a206950114acb8dcacfdAki Tuomi      end
cca98b5accbfff773731a206950114acb8dcacfdAki Tuomi    end
cca98b5accbfff773731a206950114acb8dcacfdAki Tuomi
72a7c4f2ba93a723e23c941369a2985d75f240c9Stephan Bosch    context 'denoting editor rights' do
72a7c4f2ba93a723e23c941369a2985d75f240c9Stephan Bosch      let(:permission) { create :permission, role: 'editor' }
9b3565b09683b48f66de51aebb52786934d1c324Timo Sirainen
9b3565b09683b48f66de51aebb52786934d1c324Timo Sirainen      it 'should allow write on public readable repository' do
72a7c4f2ba93a723e23c941369a2985d75f240c9Stephan Bosch        repository.access = 'public_r'
72a7c4f2ba93a723e23c941369a2985d75f240c9Stephan Bosch        access = described_class.determine_permission('write', permission, repository)
72a7c4f2ba93a723e23c941369a2985d75f240c9Stephan Bosch        expect(access).to be true
72a7c4f2ba93a723e23c941369a2985d75f240c9Stephan Bosch      end
72a7c4f2ba93a723e23c941369a2985d75f240c9Stephan Bosch
9b3565b09683b48f66de51aebb52786934d1c324Timo Sirainen      it 'should allow write on private readable repository' do
9b3565b09683b48f66de51aebb52786934d1c324Timo Sirainen        repository.access = 'private_r'
9b3565b09683b48f66de51aebb52786934d1c324Timo Sirainen        access = described_class.determine_permission('write', permission, repository)
9b3565b09683b48f66de51aebb52786934d1c324Timo Sirainen        expect(access).to be true
9b3565b09683b48f66de51aebb52786934d1c324Timo Sirainen      end
9b3565b09683b48f66de51aebb52786934d1c324Timo Sirainen
9b3565b09683b48f66de51aebb52786934d1c324Timo Sirainen      it 'should raise error on write to mirror repository' do
9b3565b09683b48f66de51aebb52786934d1c324Timo Sirainen        repository.source_address = 'http://some_source_address.example.com'
9b3565b09683b48f66de51aebb52786934d1c324Timo Sirainen        repository.source_type = 'git'
72a7c4f2ba93a723e23c941369a2985d75f240c9Stephan Bosch        expect { described_class.determine_permission('write', permission, repository) }.
9b3565b09683b48f66de51aebb52786934d1c324Timo Sirainen          to raise_error(SSHAccess::InvalidAccessOnMirrorError)
9b3565b09683b48f66de51aebb52786934d1c324Timo Sirainen      end
72a7c4f2ba93a723e23c941369a2985d75f240c9Stephan Bosch    end
72a7c4f2ba93a723e23c941369a2985d75f240c9Stephan Bosch
9b3565b09683b48f66de51aebb52786934d1c324Timo Sirainen    it 'should allow read on public readable repository' do
9b3565b09683b48f66de51aebb52786934d1c324Timo Sirainen      repository.access = 'public_r'
72a7c4f2ba93a723e23c941369a2985d75f240c9Stephan Bosch      access = described_class.determine_permission('read', permission, repository)
72a7c4f2ba93a723e23c941369a2985d75f240c9Stephan Bosch      expect(access).to be true
72a7c4f2ba93a723e23c941369a2985d75f240c9Stephan Bosch    end
72a7c4f2ba93a723e23c941369a2985d75f240c9Stephan Bosch
72a7c4f2ba93a723e23c941369a2985d75f240c9Stephan Bosch    it 'should disallow write on public readable repository' do
72a7c4f2ba93a723e23c941369a2985d75f240c9Stephan Bosch      repository.access = 'public_r'
9b3565b09683b48f66de51aebb52786934d1c324Timo Sirainen      access = described_class.determine_permission('write', permission, repository)
72a7c4f2ba93a723e23c941369a2985d75f240c9Stephan Bosch      expect(access).to be false
72a7c4f2ba93a723e23c941369a2985d75f240c9Stephan Bosch    end
72a7c4f2ba93a723e23c941369a2985d75f240c9Stephan Bosch
72a7c4f2ba93a723e23c941369a2985d75f240c9Stephan Bosch    it 'should allow read on public read-writeable repository' do
72a7c4f2ba93a723e23c941369a2985d75f240c9Stephan Bosch      repository.access = 'public_rw'
7f52e276c1bf13b4809344492023b90e46c3ac5dTimo Sirainen      access = described_class.determine_permission('read', permission, repository)
7f52e276c1bf13b4809344492023b90e46c3ac5dTimo Sirainen      expect(access).to be true
7f52e276c1bf13b4809344492023b90e46c3ac5dTimo Sirainen    end
7f52e276c1bf13b4809344492023b90e46c3ac5dTimo Sirainen
7f52e276c1bf13b4809344492023b90e46c3ac5dTimo Sirainen    it 'should allow write on public read-writeable repository' do
7f52e276c1bf13b4809344492023b90e46c3ac5dTimo Sirainen      repository.access = 'public_rw'
b7324e421e2132cbbf753e6fdbe675bbaecdf929Timo Sirainen      access = described_class.determine_permission('write', permission, repository)
7f52e276c1bf13b4809344492023b90e46c3ac5dTimo Sirainen      expect(access).to be true
7f52e276c1bf13b4809344492023b90e46c3ac5dTimo Sirainen    end
7f52e276c1bf13b4809344492023b90e46c3ac5dTimo Sirainen
7f52e276c1bf13b4809344492023b90e46c3ac5dTimo Sirainen    it 'should allow read on private readable repository' do
7f52e276c1bf13b4809344492023b90e46c3ac5dTimo Sirainen      repository.access = 'private_r'
7f52e276c1bf13b4809344492023b90e46c3ac5dTimo Sirainen      access = described_class.determine_permission('read', permission, repository)
7f52e276c1bf13b4809344492023b90e46c3ac5dTimo Sirainen      expect(access).to be true
7f52e276c1bf13b4809344492023b90e46c3ac5dTimo Sirainen    end
7f52e276c1bf13b4809344492023b90e46c3ac5dTimo Sirainen
7f52e276c1bf13b4809344492023b90e46c3ac5dTimo Sirainen    it 'should disallow write on private readable repository' do
7f52e276c1bf13b4809344492023b90e46c3ac5dTimo Sirainen      repository.access = 'private_r'
7f52e276c1bf13b4809344492023b90e46c3ac5dTimo Sirainen      access = described_class.determine_permission('write', permission, repository)
7f52e276c1bf13b4809344492023b90e46c3ac5dTimo Sirainen      expect(access).to be false
7f52e276c1bf13b4809344492023b90e46c3ac5dTimo Sirainen    end
7f52e276c1bf13b4809344492023b90e46c3ac5dTimo Sirainen
7f52e276c1bf13b4809344492023b90e46c3ac5dTimo Sirainen    it 'should allow read on private read-writeable repository' do
7f52e276c1bf13b4809344492023b90e46c3ac5dTimo Sirainen      repository.access = 'private_rw'
7f52e276c1bf13b4809344492023b90e46c3ac5dTimo Sirainen      access = described_class.determine_permission('read', permission, repository)
7f52e276c1bf13b4809344492023b90e46c3ac5dTimo Sirainen      expect(access).to be true
7f52e276c1bf13b4809344492023b90e46c3ac5dTimo Sirainen    end
7f52e276c1bf13b4809344492023b90e46c3ac5dTimo Sirainen
677b75f90d81eafe742896d6570a2f63ce501d05Josef 'Jeff' Sipek    it 'should allow write on private read-writeable repository' do
7f52e276c1bf13b4809344492023b90e46c3ac5dTimo Sirainen      repository.access = 'private_rw'
677b75f90d81eafe742896d6570a2f63ce501d05Josef 'Jeff' Sipek      access = described_class.determine_permission('write', permission, repository)
7f52e276c1bf13b4809344492023b90e46c3ac5dTimo Sirainen      expect(access).to be true
7f52e276c1bf13b4809344492023b90e46c3ac5dTimo Sirainen    end
7f52e276c1bf13b4809344492023b90e46c3ac5dTimo Sirainen
7f52e276c1bf13b4809344492023b90e46c3ac5dTimo Sirainen    it 'should raise error on write to mirror repository' do
7f52e276c1bf13b4809344492023b90e46c3ac5dTimo Sirainen      repository.source_address = 'http://some_source_address.example.com'
7f52e276c1bf13b4809344492023b90e46c3ac5dTimo Sirainen      repository.source_type = 'git'
7f52e276c1bf13b4809344492023b90e46c3ac5dTimo Sirainen      expect { described_class.determine_permission('write', permission, repository) }.
7f52e276c1bf13b4809344492023b90e46c3ac5dTimo Sirainen        to raise_error(SSHAccess::InvalidAccessOnMirrorError)
7f52e276c1bf13b4809344492023b90e46c3ac5dTimo Sirainen    end
7f52e276c1bf13b4809344492023b90e46c3ac5dTimo Sirainen  end
7f52e276c1bf13b4809344492023b90e46c3ac5dTimo Sirainen
7f52e276c1bf13b4809344492023b90e46c3ac5dTimo Sirainenend
7f52e276c1bf13b4809344492023b90e46c3ac5dTimo Sirainen