spec/lib/ssh_access_spec.rb

	ssh_access_spec.rb revision 775a1be9b58fbbbd15522fa0723d7b7b43c9bc8a
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainenrequire 'spec_helper'
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainendescribe SSHAccess do
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen  let(:permission) { create :permission, role: 'reader' }
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen  let(:user) { permission.subject }
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen  let(:repository) { permission.item }
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen  context 'without a permission' do
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    it 'should allow read on public readable repository' do
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen      repository.access = 'public_r'
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen      access = described_class.determine_permission('read', nil, repository)
f16c114c20bbd7d292d93415d1e56c8dd6abd3e7Timo Sirainen      expect(access).to be true
f16c114c20bbd7d292d93415d1e56c8dd6abd3e7Timo Sirainen    end
f16c114c20bbd7d292d93415d1e56c8dd6abd3e7Timo Sirainen
f16c114c20bbd7d292d93415d1e56c8dd6abd3e7Timo Sirainen    it 'should disallow write on public readable repository' do
f16c114c20bbd7d292d93415d1e56c8dd6abd3e7Timo Sirainen      repository.access = 'public_r'
f16c114c20bbd7d292d93415d1e56c8dd6abd3e7Timo Sirainen      access = described_class.determine_permission('write', nil, repository)
f16c114c20bbd7d292d93415d1e56c8dd6abd3e7Timo Sirainen      expect(access).to be false
f16c114c20bbd7d292d93415d1e56c8dd6abd3e7Timo Sirainen    end
f16c114c20bbd7d292d93415d1e56c8dd6abd3e7Timo Sirainen
f16c114c20bbd7d292d93415d1e56c8dd6abd3e7Timo Sirainen    it 'should allow read on public read-writeable repository' do
f16c114c20bbd7d292d93415d1e56c8dd6abd3e7Timo Sirainen      repository.access = 'public_rw'
f16c114c20bbd7d292d93415d1e56c8dd6abd3e7Timo Sirainen      access = described_class.determine_permission('read', nil, repository)
f16c114c20bbd7d292d93415d1e56c8dd6abd3e7Timo Sirainen      expect(access).to be true
f16c114c20bbd7d292d93415d1e56c8dd6abd3e7Timo Sirainen    end
f16c114c20bbd7d292d93415d1e56c8dd6abd3e7Timo Sirainen
f16c114c20bbd7d292d93415d1e56c8dd6abd3e7Timo Sirainen    it 'should allow write on public read-writeable repository' do
f16c114c20bbd7d292d93415d1e56c8dd6abd3e7Timo Sirainen      repository.access = 'public_rw'
f16c114c20bbd7d292d93415d1e56c8dd6abd3e7Timo Sirainen      access = described_class.determine_permission('write', nil, repository)
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen      expect(access).to be true
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    end
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
8fcff4c5b52f24d9c681805fdf06b486f1d0fcbeTimo Sirainen    it 'should disallow read on private readable repository' do
16f816d3f3c32ae3351834253f52ddd0212bcbf3Timo Sirainen      repository.access = 'private_r'
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen      access = described_class.determine_permission('read', nil, repository)
98c1cf256927e254f0c092acd2ddcd7ea50bd009Timo Sirainen      expect(access).to be false
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    end
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    it 'should disallow write on private readable repository' do
84e1634acc701d14e358e27f1beff5ad74f5004aTimo Sirainen      repository.access = 'private_r'
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen      access = described_class.determine_permission('write', nil, repository)
98c1cf256927e254f0c092acd2ddcd7ea50bd009Timo Sirainen      expect(access).to be false
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    end
8fcff4c5b52f24d9c681805fdf06b486f1d0fcbeTimo Sirainen
022412398e56a8f31ef111cfd7271498d64af9a9Timo Sirainen    it 'should disallow read on private read-writeable repository' do
98c1cf256927e254f0c092acd2ddcd7ea50bd009Timo Sirainen      repository.access = 'private_rw'
8fcff4c5b52f24d9c681805fdf06b486f1d0fcbeTimo Sirainen      access = described_class.determine_permission('read', nil, repository)
9aa52288a4b53186d81b0ec9afa7d9e0a8ee8753Timo Sirainen      expect(access).to be false
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    end
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen
e06c0b65c16ccce69bbee009ead14d7d3d17a256Timo Sirainen    it 'should disallow write on private read-writeable repository' do
7a6b45405fb1544ac476e6eb1402a70cc1ddcdcfTimo Sirainen      repository.access = 'private_rw'
e05ea8311ae16687295048e88ca205dfe29fbcbfTimo Sirainen      access = described_class.determine_permission('write', nil, repository)
8fcff4c5b52f24d9c681805fdf06b486f1d0fcbeTimo Sirainen      expect(access).to be false
8fcff4c5b52f24d9c681805fdf06b486f1d0fcbeTimo Sirainen    end
98c1cf256927e254f0c092acd2ddcd7ea50bd009Timo Sirainen
98c1cf256927e254f0c092acd2ddcd7ea50bd009Timo Sirainen    it 'should raise error on write to mirror repository' do
f7d43647acc6dc80064c8c4cacf5bf86f754c530Timo Sirainen      repository.source_address = 'http://some_source_address.example.com'
98c1cf256927e254f0c092acd2ddcd7ea50bd009Timo Sirainen      expect { described_class.determine_permission('write', nil, repository) }.
98c1cf256927e254f0c092acd2ddcd7ea50bd009Timo Sirainen        to raise_error
98c1cf256927e254f0c092acd2ddcd7ea50bd009Timo Sirainen    end
98c1cf256927e254f0c092acd2ddcd7ea50bd009Timo Sirainen
98c1cf256927e254f0c092acd2ddcd7ea50bd009Timo Sirainen  end
a2637488c8d514ec1ac3914811deee814f9761b3Timo Sirainen
a2637488c8d514ec1ac3914811deee814f9761b3Timo Sirainen  context 'with permission' do
a2637488c8d514ec1ac3914811deee814f9761b3Timo Sirainen
a2637488c8d514ec1ac3914811deee814f9761b3Timo Sirainen    context 'denoting owner rights' do
a2637488c8d514ec1ac3914811deee814f9761b3Timo Sirainen      let(:permission) { create :permission, role: 'owner' }
a2637488c8d514ec1ac3914811deee814f9761b3Timo Sirainen
a2637488c8d514ec1ac3914811deee814f9761b3Timo Sirainen      it 'should allow write on public readable repository' do
a2637488c8d514ec1ac3914811deee814f9761b3Timo Sirainen        repository.access = 'public_r'
a2637488c8d514ec1ac3914811deee814f9761b3Timo Sirainen        access = described_class.determine_permission('write', permission, repository)
a2637488c8d514ec1ac3914811deee814f9761b3Timo Sirainen        expect(access).to be true
a2637488c8d514ec1ac3914811deee814f9761b3Timo Sirainen      end
a2637488c8d514ec1ac3914811deee814f9761b3Timo Sirainen
a2637488c8d514ec1ac3914811deee814f9761b3Timo Sirainen      it 'should allow write on private readable repository' do
a2637488c8d514ec1ac3914811deee814f9761b3Timo Sirainen        repository.access = 'private_r'
a2637488c8d514ec1ac3914811deee814f9761b3Timo Sirainen        access = described_class.determine_permission('write', permission, repository)
a2637488c8d514ec1ac3914811deee814f9761b3Timo Sirainen        expect(access).to be true
a2637488c8d514ec1ac3914811deee814f9761b3Timo Sirainen      end
02b79f9c2636da1829eee5b92753602bba8b67edTimo Sirainen
02b79f9c2636da1829eee5b92753602bba8b67edTimo Sirainen      it 'should raise error on write to mirror repository' do
02b79f9c2636da1829eee5b92753602bba8b67edTimo Sirainen        repository.source_address = 'http://some_source_address.example.com'
a2637488c8d514ec1ac3914811deee814f9761b3Timo Sirainen        expect { described_class.determine_permission('write', permission, repository) }.
02b79f9c2636da1829eee5b92753602bba8b67edTimo Sirainen          to raise_error
02b79f9c2636da1829eee5b92753602bba8b67edTimo Sirainen      end
b5e6f6f27c1461f0f9f202615eeb738a645188c3Timo Sirainen    end
02b79f9c2636da1829eee5b92753602bba8b67edTimo Sirainen
02b79f9c2636da1829eee5b92753602bba8b67edTimo Sirainen    context 'denoting editor rights' do
02b79f9c2636da1829eee5b92753602bba8b67edTimo Sirainen      let(:permission) { create :permission, role: 'editor' }
02b79f9c2636da1829eee5b92753602bba8b67edTimo Sirainen
02b79f9c2636da1829eee5b92753602bba8b67edTimo Sirainen      it 'should allow write on public readable repository' do
a2637488c8d514ec1ac3914811deee814f9761b3Timo Sirainen        repository.access = 'public_r'
299183fbb6ec5d0828a0880da372540421ac4665Timo Sirainen        access = described_class.determine_permission('write', permission, repository)
299183fbb6ec5d0828a0880da372540421ac4665Timo Sirainen        expect(access).to be true
299183fbb6ec5d0828a0880da372540421ac4665Timo Sirainen      end
a2637488c8d514ec1ac3914811deee814f9761b3Timo Sirainen
a2637488c8d514ec1ac3914811deee814f9761b3Timo Sirainen      it 'should allow write on private readable repository' do
299183fbb6ec5d0828a0880da372540421ac4665Timo Sirainen        repository.access = 'private_r'
299183fbb6ec5d0828a0880da372540421ac4665Timo Sirainen        access = described_class.determine_permission('write', permission, repository)
a2637488c8d514ec1ac3914811deee814f9761b3Timo Sirainen        expect(access).to be true
299183fbb6ec5d0828a0880da372540421ac4665Timo Sirainen      end
299183fbb6ec5d0828a0880da372540421ac4665Timo Sirainen
299183fbb6ec5d0828a0880da372540421ac4665Timo Sirainen      it 'should raise error on write to mirror repository' do
299183fbb6ec5d0828a0880da372540421ac4665Timo Sirainen        repository.source_address = 'http://some_source_address.example.com'
6288d3611eda14a017dae9927b73f46afb646c96Timo Sirainen        expect { described_class.determine_permission('write', permission, repository) }.
a2637488c8d514ec1ac3914811deee814f9761b3Timo Sirainen          to raise_error
299183fbb6ec5d0828a0880da372540421ac4665Timo Sirainen      end
299183fbb6ec5d0828a0880da372540421ac4665Timo Sirainen    end
299183fbb6ec5d0828a0880da372540421ac4665Timo Sirainen
299183fbb6ec5d0828a0880da372540421ac4665Timo Sirainen    it 'should allow read on public readable repository' do
299183fbb6ec5d0828a0880da372540421ac4665Timo Sirainen      repository.access = 'public_r'
299183fbb6ec5d0828a0880da372540421ac4665Timo Sirainen      access = described_class.determine_permission('read', permission, repository)
299183fbb6ec5d0828a0880da372540421ac4665Timo Sirainen      expect(access).to be true
299183fbb6ec5d0828a0880da372540421ac4665Timo Sirainen    end
299183fbb6ec5d0828a0880da372540421ac4665Timo Sirainen
299183fbb6ec5d0828a0880da372540421ac4665Timo Sirainen    it 'should disallow write on public readable repository' do
299183fbb6ec5d0828a0880da372540421ac4665Timo Sirainen      repository.access = 'public_r'
299183fbb6ec5d0828a0880da372540421ac4665Timo Sirainen      access = described_class.determine_permission('write', permission, repository)
299183fbb6ec5d0828a0880da372540421ac4665Timo Sirainen      expect(access).to be false
299183fbb6ec5d0828a0880da372540421ac4665Timo Sirainen    end
299183fbb6ec5d0828a0880da372540421ac4665Timo Sirainen
299183fbb6ec5d0828a0880da372540421ac4665Timo Sirainen    it 'should allow read on public read-writeable repository' do
dda2c506c8fc8ac2f88272de4523ded42baa0aa0Timo Sirainen      repository.access = 'public_rw'
dda2c506c8fc8ac2f88272de4523ded42baa0aa0Timo Sirainen      access = described_class.determine_permission('read', permission, repository)
dda2c506c8fc8ac2f88272de4523ded42baa0aa0Timo Sirainen      expect(access).to be true
313fe89df4d91cd0cd7f3558dc6d7fd21ad39eeeTimo Sirainen    end
9e59a1f3f095b3099478562cf3f3970a24736970Timo Sirainen
dda2c506c8fc8ac2f88272de4523ded42baa0aa0Timo Sirainen    it 'should allow write on public read-writeable repository' do
178511b57faa7c3f8203dd8b7e4059d00cbfc23aTimo Sirainen      repository.access = 'public_rw'
dda2c506c8fc8ac2f88272de4523ded42baa0aa0Timo Sirainen      access = described_class.determine_permission('write', permission, repository)
dda2c506c8fc8ac2f88272de4523ded42baa0aa0Timo Sirainen      expect(access).to be true
2e937ed8585299b2e879a28314902a5f644813d2Timo Sirainen    end
313fe89df4d91cd0cd7f3558dc6d7fd21ad39eeeTimo Sirainen
313fe89df4d91cd0cd7f3558dc6d7fd21ad39eeeTimo Sirainen    it 'should allow read on private readable repository' do
dda2c506c8fc8ac2f88272de4523ded42baa0aa0Timo Sirainen      repository.access = 'private_r'
313fe89df4d91cd0cd7f3558dc6d7fd21ad39eeeTimo Sirainen      access = described_class.determine_permission('read', permission, repository)
313fe89df4d91cd0cd7f3558dc6d7fd21ad39eeeTimo Sirainen      expect(access).to be true
4d25408732be27e91f0430f71e87242760c2517cTimo Sirainen    end
e68309fcfa2eaa88217fd51e7b4900fc9c20ef5dTimo Sirainen
313fe89df4d91cd0cd7f3558dc6d7fd21ad39eeeTimo Sirainen    it 'should disallow write on private readable repository' do
313fe89df4d91cd0cd7f3558dc6d7fd21ad39eeeTimo Sirainen      repository.access = 'private_r'
313fe89df4d91cd0cd7f3558dc6d7fd21ad39eeeTimo Sirainen      access = described_class.determine_permission('write', permission, repository)
e5c08648676d1989f6e70b95e5990c26b3e8b96bTimo Sirainen      expect(access).to be false
4d25408732be27e91f0430f71e87242760c2517cTimo Sirainen    end
c3412ddeb9abc13f99d3caf50faf76cd99f7e9d2Timo Sirainen
313fe89df4d91cd0cd7f3558dc6d7fd21ad39eeeTimo Sirainen    it 'should allow read on private read-writeable repository' do
313fe89df4d91cd0cd7f3558dc6d7fd21ad39eeeTimo Sirainen      repository.access = 'private_rw'
313fe89df4d91cd0cd7f3558dc6d7fd21ad39eeeTimo Sirainen      access = described_class.determine_permission('read', permission, repository)
313fe89df4d91cd0cd7f3558dc6d7fd21ad39eeeTimo Sirainen      expect(access).to be true
02b79f9c2636da1829eee5b92753602bba8b67edTimo Sirainen    end
313fe89df4d91cd0cd7f3558dc6d7fd21ad39eeeTimo Sirainen
1e76a5b92f9d82d557f81f080f3dfad1c9d8f200Timo Sirainen    it 'should allow write on private read-writeable repository' do
1e76a5b92f9d82d557f81f080f3dfad1c9d8f200Timo Sirainen      repository.access = 'private_rw'
b5e6f6f27c1461f0f9f202615eeb738a645188c3Timo Sirainen      access = described_class.determine_permission('write', permission, repository)
9a06cabdfdf4d5e2f19a07e506c3c7d08a7e7038Timo Sirainen      expect(access).to be true
9a06cabdfdf4d5e2f19a07e506c3c7d08a7e7038Timo Sirainen    end
9a06cabdfdf4d5e2f19a07e506c3c7d08a7e7038Timo Sirainen
e8a35266a5ceacdfafeeffd6bddae77931ff97ebTimo Sirainen    it 'should raise error on write to mirror repository' do
9aa52288a4b53186d81b0ec9afa7d9e0a8ee8753Timo Sirainen      repository.source_address = 'http://some_source_address.example.com'
dda2c506c8fc8ac2f88272de4523ded42baa0aa0Timo Sirainen      expect { described_class.determine_permission('write', permission, repository) }.
dda2c506c8fc8ac2f88272de4523ded42baa0aa0Timo Sirainen        to raise_error
dda2c506c8fc8ac2f88272de4523ded42baa0aa0Timo Sirainen    end
dda2c506c8fc8ac2f88272de4523ded42baa0aa0Timo Sirainen  end
6ef7e31619edfaa17ed044b45861d106a86191efTimo Sirainen
dda2c506c8fc8ac2f88272de4523ded42baa0aa0Timo Sirainenend
f6699a08521aacc4c2bb5b6175691dad5f715f8cTimo Sirainen