mirror of
https://github.com/TheLocehiliosan/yadm
synced 2025-06-05 17:13:58 +00:00
66e509d2e4
Improve performance (#505) by only running auto-alt (and auto-perms) when HEAD has changed after calling a git command, e.g. after committing or pulling new changes. Also use this new information to remove stale symlinks when an alt file has been removed.
96 lines
3.5 KiB
Python
96 lines
3.5 KiB
Python
"""Test perms"""
|
|
|
|
import os
|
|
|
|
import pytest
|
|
|
|
|
|
@pytest.mark.parametrize("autoperms", ["notest", "unset", "true", "false"])
|
|
@pytest.mark.usefixtures("ds1_copy")
|
|
def test_perms(runner, yadm_cmd, paths, ds1, autoperms):
|
|
"""Test perms"""
|
|
# set the value of auto-perms
|
|
if autoperms != "notest":
|
|
if autoperms != "unset":
|
|
os.system(" ".join(yadm_cmd("config", "yadm.auto-perms", autoperms)))
|
|
|
|
# privatepaths will hold all paths that should become secured
|
|
privatepaths = [paths.work.join(".ssh"), paths.work.join(".gnupg")]
|
|
privatepaths += [paths.work.join(private.path) for private in ds1.private]
|
|
|
|
# create an archive file
|
|
os.system(f'touch "{str(paths.archive)}"')
|
|
privatepaths.append(paths.archive)
|
|
|
|
# create encrypted file test data
|
|
efile1 = paths.work.join("efile1")
|
|
efile1.write("efile1")
|
|
efile2 = paths.work.join("efile2")
|
|
efile2.write("efile2")
|
|
paths.encrypt.write("efile1\nefile2\n!efile1\n")
|
|
insecurepaths = [efile1]
|
|
privatepaths.append(efile2)
|
|
|
|
# assert these paths begin unsecured
|
|
for private in privatepaths + insecurepaths:
|
|
assert not oct(private.stat().mode).endswith("00"), "Path started secured"
|
|
|
|
cmd = ["perms"]
|
|
if autoperms != "notest":
|
|
run = runner(yadm_cmd("add", "efile1"), report=False)
|
|
assert run.success
|
|
cmd = ["-c", "user.name=Yadm", "commit", "-m", "msg"]
|
|
run = runner(yadm_cmd(*cmd), env={"HOME": paths.work})
|
|
assert run.success
|
|
assert run.err == ""
|
|
if autoperms == "notest":
|
|
assert run.out == ""
|
|
|
|
# these paths should be secured if processing perms
|
|
for private in privatepaths:
|
|
if autoperms == "false":
|
|
assert not oct(private.stat().mode).endswith("00"), "Path should not be secured"
|
|
else:
|
|
assert oct(private.stat().mode).endswith("00"), "Path has not been secured"
|
|
|
|
# these paths should never be secured
|
|
for private in insecurepaths:
|
|
assert not oct(private.stat().mode).endswith("00"), "Path should not be secured"
|
|
|
|
|
|
@pytest.mark.parametrize("sshperms", [None, "true", "false"])
|
|
@pytest.mark.parametrize("gpgperms", [None, "true", "false"])
|
|
@pytest.mark.usefixtures("ds1_copy")
|
|
def test_perms_control(runner, yadm_cmd, paths, ds1, sshperms, gpgperms):
|
|
"""Test fine control of perms"""
|
|
# set the value of ssh-perms
|
|
if sshperms:
|
|
os.system(" ".join(yadm_cmd("config", "yadm.ssh-perms", sshperms)))
|
|
|
|
# set the value of gpg-perms
|
|
if gpgperms:
|
|
os.system(" ".join(yadm_cmd("config", "yadm.gpg-perms", gpgperms)))
|
|
|
|
# privatepaths will hold all paths that should become secured
|
|
privatepaths = [paths.work.join(".ssh"), paths.work.join(".gnupg")]
|
|
privatepaths += [paths.work.join(private.path) for private in ds1.private]
|
|
|
|
# assert these paths begin unsecured
|
|
for private in privatepaths:
|
|
assert not oct(private.stat().mode).endswith("00"), "Path started secured"
|
|
|
|
run = runner(yadm_cmd("perms"), env={"HOME": paths.work})
|
|
assert run.success
|
|
assert run.err == ""
|
|
assert run.out == ""
|
|
|
|
# these paths should be secured if processing perms
|
|
for private in privatepaths:
|
|
if (sshperms == "false" and "ssh" in str(private)) or (gpgperms == "false" and "gnupg" in str(private)):
|
|
assert not oct(private.stat().mode).endswith("00"), "Path should not be secured"
|
|
else:
|
|
assert oct(private.stat().mode).endswith("00"), "Path has not been secured"
|
|
|
|
# verify permissions aren't changed for the worktree
|
|
assert oct(paths.work.stat().mode).endswith("0755")
|