Add test for public repo creation

3 files changed, 88 insertions, 1 deletions

diff --git a/git.liw.fi.sh b/git.liw.fi.sh
index 653e6ec..304bfdb 100644
--- a/git.liw.fi.sh
+++ b/git.liw.fi.sh
@@ -79,3 +79,18 @@ user_del()
 	return 1
     fi
 }
+
+
+# Remove a repository from the server. This is a two-step process.
+
+destroy_repo()
+{
+    if run_gitano_as "$1" destroy "$2" 2> "$DATADIR/temp"
+    then
+	secret=$(awk '{ s = $2 } END { print s }' "$DATADIR/temp")
+	run_gitano_as "$1" destroy "$2" "$secret"
+    else
+	cat "$DATADIR/temp" 1>&2
+	return 1
+    fi
+}
diff --git a/git.liw.fi.yarn b/git.liw.fi.yarn
index 72714d7..c3b0dbb 100644
--- a/git.liw.fi.yarn
+++ b/git.liw.fi.yarn
@@ -61,6 +61,27 @@ A non-admin mustn't be able to create or remove users.
 	FINALLY remove user tstusr on server
 	AND remove user tstusr2 on server
 
+Public repository creation, access, and removal
+-----------------------------------------------
+
+The ruleset is meant to make all repositories public.
+
+Admin should be able to create a public repository. That repository
+should then be accessible to both the admin and a non-admin via both
+git and ssh protocols. Finally, the admin, but not a non-admin, should
+be able to remove the repository.
+
+	SCENARIO public repositories
+	ASSUMING no tstusr user exists on server
+	GIVEN an ssh key for tstusr
+	WHEN admin creates user tstusr
+	AND admin creates repository tstrepo
+	THEN admin can clone tstrepo using git
+	AND admin can clone tstrepo using ssh
+	AND tstusr can clone tstrepo using ssh
+	FINALLY remove repository tstrepo on server
+	AND remove user tstusr on server
+
 
 Implementation sections
 =======================
@@ -173,3 +194,54 @@ Admin clean up user at end of scenario.
 	then
 		user_del admin "$MATCH_1"
 	fi
+
+Repository creation
+-------------------
+
+Repositories can only be created by the admin.
+
+	IMPLEMENTS WHEN admin creates repository (\S+)
+	run_gitano_as admin create "$MATCH_1"
+
+Repository cloning
+------------------
+
+Repositories can be cloned using git or ssh protocols, and they
+may be cloned by various users. We store the clone repositories
+as `$DATADIR/$USER/$REPO`. If the same user clones the same
+repository more than once, we only keep the last one.
+
+It doesn't matter who clones over git, since git is open to everyone.
+So we only have a variant for admin, for simplicity.
+
+	IMPLEMENTS THEN admin can clone (\S+) using git
+	localdir="$DATADIR/admin/$MATCH_1"
+	rm -rf "$localdir"
+	mkdir -p "$localdir"
+	git clone "git://$GITHOST/$MATCH_1" "$localdir"
+
+However, cloning over ssh is serious business, for ACL. The tricky bit
+here is to get git to use the right ssh key. We do this by having
+a ./ssh script that runs the real ssh, but adds a `-i` option to the
+desired keyfile. But we only do that for non-admin users.
+
+	IMPLEMENTS THEN (\S+) can clone (\S+) using ssh
+	localdir="$DATADIR/admin/$MATCH_2"
+	rm -rf "$localdir"
+	mkdir -p "$localdir"
+	url="ssh://$GITANO@$GITHOST/$MATCH_2"
+	if [ "$MATCH_1" = admin ]
+	then
+		git clone "$url" "$localdir"
+	else
+		KEYFILE="$DATADIR/$MATCH_1.key" \
+		PATH="$SRCDIR:$PATH" git clone "$url" "$localdir"
+	fi
+
+Repository removal
+------------------
+
+At the end, we need to clean up repositories.
+
+	IMPLEMENTS FINALLY remove repository (\S+) on server
+	destroy_repo admin "$MATCH_1"
diff --git a/ssh b/ssh
index bb1a275..0be8977 100755
--- a/ssh
+++ b/ssh
@@ -1,4 +1,4 @@
 #!/bin/sh
 
 SSH_AUTH_SOCK=
-exec /usr/bin/ssh -i "KEYFILE""$@"
+exec /usr/bin/ssh -i "$KEYFILE" "$@"