# vim: syn=sh:
# can_read        cannot_read     has_export_ok               is_in_projects_list
# can_push        cannot_push     does_not_have_export_ok     is_not_in_projects_list

can_read() {
    # args: user, repo
    runlocal git ls-remote $1:$2
    expect refs/heads
    notexpect DENIED
}

can_push() {
    cd ~/td
    rm -rf clone
    runlocal git clone $1:$2 clone
    expect Cloning into
    notexpect DENIED
    notexpect fatal
    cd clone
    mdc
    runlocal git push origin HEAD:${3:-master}
    expect_push_ok "HEAD -> ${3:-master}"
}

cannot_read() {
    # args: user, repo
    runlocal git ls-remote $1:$2
    notexpect refs/heads
    expect DENIED
}

cannot_push() {
    cd ~/td
    rm -rf clone
    runlocal git clone $1:$2 clone
    expect Cloning into
    notexpect DENIED
    notexpect fatal
    cd clone
    mdc
    runlocal git push origin HEAD:${3:-master}
    expect DENIED
}

has_export_ok() {
    runremote ls -al $TEST_BASE_FULL/$1.git/git-daemon-export-ok
    expect "$USER $USER .* $TEST_BASE_FULL/$1.git/git-daemon-export-ok"
}

does_not_have_export_ok() {
    runremote ls -al $TEST_BASE_FULL/$1.git/git-daemon-export-ok
    expect "ls: cannot access $TEST_BASE_FULL/$1.git/git-daemon-export-ok: No such file or directory"
}

is_in_projects_list() {
    runremote cat projects.list
    expect "^$1.git$"
}

is_not_in_projects_list() {
    runremote cat projects.list
    notexpect "^$1.git$"
}

for bc in 0 1
do
    for ais in 0 1
    do
        cd $TESTDIR
        $TESTDIR/rollback || die "rollback failed"
        editrc GL_WILDREPOS 1
        editrc GL_BIG_CONFIG $bc
        echo "\$GL_ALL_INCLUDES_SPECIAL = $ais;" | addrc

        name "set 1"
        REPO=one
        echo "
            repo $REPO
                RW+ =   u1
                R   =   u2
                -   =   u2 u3
                R   =   @all

        " | ugc

        can_push u1 $REPO

        can_read u2 $REPO
        cannot_push u2 $REPO

        can_read u3 $REPO
        cannot_push u3 $REPO

        can_read u6 $REPO
        cannot_push u6 $REPO

        [ "$ais" = "0" ] && does_not_have_export_ok $REPO
        [ "$ais" = "0" ] && is_not_in_projects_list $REPO

        [ "$ais" = "1" ] && has_export_ok $REPO
        [ "$ais" = "1" ] && is_in_projects_list $REPO

        name "set 1a -- add the deny-repo flag"
        echo "
            config gitolite-options.deny-repo = 1
        " | ugc

        can_push u1 $REPO

        can_read u2 $REPO
        cannot_push u2 $REPO

        cannot_read u3 $REPO

        can_read u6 $REPO
        cannot_push u6 $REPO

        [ "$ais" = "0" ] && does_not_have_export_ok $REPO
        [ "$ais" = "0" ] && is_not_in_projects_list $REPO

        [ "$ais" = "1" ] && has_export_ok $REPO
        [ "$ais" = "1" ] && is_in_projects_list $REPO

        name "set 2 -- add gitweb and daemon"
        REPO=two
        echo "
            repo $REPO
                RW+ =   u1
                R   =   u2
                -   =   u2 u3 gitweb daemon
                R   =   @all

        " | ugc

        [ "$ais" = "0" ] && does_not_have_export_ok $REPO
        [ "$ais" = "0" ] && is_not_in_projects_list $REPO

        [ "$ais" = "1" ] && has_export_ok $REPO
        [ "$ais" = "1" ] && is_in_projects_list $REPO

        name "set 2a -- add the deny-repo flag"
        echo "
            config gitolite-options.deny-repo = 1
        " | ugc

        does_not_have_export_ok $REPO
        is_not_in_projects_list $REPO

        name "set 3 -- allow gitweb to all but admin repo"
        REPO=three
        echo "
            repo gitolite-admin
                -   =   gitweb daemon
            config gitolite-options.deny-repo = 1

            repo $REPO
                RW+ =   u3
                R   =   gitweb daemon

        " | ugc

        has_export_ok $REPO
        is_in_projects_list $REPO
        does_not_have_export_ok gitolite-admin
        is_not_in_projects_list gitolite-admin

        name "set 4 -- allow gitweb to all but admin repo"
        REPO=four
        echo "
            repo $REPO
                RW+ =   u4
                -   =   gitweb daemon

            repo @all
                R   =   @all

        " | ugc

        [ "$ais" = "0" ] && {
            does_not_have_export_ok $REPO
            is_not_in_projects_list $REPO
            does_not_have_export_ok gitolite-admin
            is_not_in_projects_list gitolite-admin
        }

        [ "$ais" = "1" ] && {
            has_export_ok $REPO
            is_in_projects_list $REPO
            does_not_have_export_ok gitolite-admin
            is_not_in_projects_list gitolite-admin
        }

        name "set 5 -- go wild"
        echo "
            repo foo/..*
                C   =   u1
                RW+ =   CREATOR
                -   =   gitweb daemon
                R   =   @all

            repo bar/..*
                C   =   u2
                RW+ =   CREATOR
                -   =   gitweb daemon
                R   =   @all
            config gitolite-options.deny-repo = 1
        " | ugc -r

        can_push u1 foo/one
        can_push u2 bar/two

        [ "$ais" = "0" ] && {
            does_not_have_export_ok foo/one
            is_not_in_projects_list foo/one
            does_not_have_export_ok bar/two
            is_not_in_projects_list bar/two
        }

        [ "$ais" = "1" ] && {
            has_export_ok foo/one
            is_in_projects_list foo/one
            does_not_have_export_ok bar/two
            is_not_in_projects_list bar/two
        }

    done
done
