PR#5469: Remove gitolite support - pagure

pagure

#5469 Remove gitolite support

Merged a month ago by ngompa. Opened a month ago by wombelix.

wombelix/pagure chore_remove_gitolite_support into master

feat!: Drop gitolite backend support

Dominik Wombacher • a month ago

62e1ab7

UPGRADING.rst

file modified

+14

		`@@ -13,6 +13,7 @@`
		`Removed features (in 6.0):`

		`* repoSpanner, which was never completed and eventually abandoned.`
		+ * gitolite, ``pagure_authorized_keys`` is now the default auth backend.

		`Configuration keys removed (in 6.0);`

		`@@ -22,6 +23,19 @@`
		`* REPOSPANNER_NEW_FORK`
		`* REPOSPANNER_ADMIN_MIGRATION`
		`* REPOSPANNER_REGIONS`
		`+ * GITOLITE_CONFIG`
		`+ * GITOLITE_HOME`
		`+ * GITOLITE_VERSION`
		`+ * GITOLITE_KEYDIR`
		`+ * GITOLITE_BACKEND`
		`+ * GITOLITE_HAS_COMPILE_1`
		`+ * GL_RC`
		`+ * GL_BINDIR`
		`+ * HTTP_REPO_ACCESS_GITOLITE`
		`+ * GITOLITE_CELERY_QUEUE`
		`+ * GL_REPO_BASE`
		`+ * GITOLITE_PRE_CONFIG`
		`+ * GITOLITE_POST_CONFIG`


		`From 5.12 to 5.13`

alembic/versions/6a8ca213d503_drop_project_read_only_column.py

file added

+23

		`@@ -0,0 +1,23 @@`
		`+ """Drop project read_only column`
		`+`
		`+ Revision ID: 6a8ca213d503`
		`+ Revises: 5df8314dfc13`
		`+ Create Date: 2024-04-24 21:49:11.394451`
		`+`
		`+ """`
		`+`
		`+ from alembic import op`
		`+ import sqlalchemy as sa`
		`+`
		`+`
		`+ # revision identifiers, used by Alembic.`
		`+ revision = '6a8ca213d503'`
		`+ down_revision = '5df8314dfc13'`
		`+`
		`+`
		`+ def upgrade():`
		`+ op.drop_column('projects', 'read_only')`
		`+`
		`+`
		`+ def downgrade():`
		`+ op.add_column('projects', sa.Column('read_only', sa.Boolean(), default=True, nullable=False))`

dev/ansible/roles/pagure-dev/files/gitolite3.rc

file removed

-196

		`@@ -1,196 +0,0 @@`
		`- # configuration variables for gitolite`
		`-`
		`- # This file is in perl syntax. But you do NOT need to know perl to edit it --`
		`- # just mind the commas, use single quotes unless you know what you're doing,`
		`- # and make sure the brackets and braces stay matched up!`
		`-`
		`- # (Tip: perl allows a comma after the last item in a list also!)`
		`-`
		`- # HELP for commands can be had by running the command with "-h".`
		`-`
		`- # HELP for all the other FEATURES can be found in the documentation (look for`
		`- # "list of non-core programs shipped with gitolite" in the master index) or`
		`- # directly in the corresponding source file.`
		`-`
		`- %RC = (`
		`-`
		`- # ------------------------------------------------------------------`
		`- GL_REPO_BASE => '/home/vagrant/pagure_data/repos',`
		`-`
		`- # default umask gives you perms of '0700'; see the rc file docs for`
		`- # how/why you might change this`
		`- UMASK => 0077,`
		`-`
		`- # look for "git-config" in the documentation`
		`- GIT_CONFIG_KEYS => '',`
		`-`
		`- # comment out if you don't need all the extra detail in the logfile`
		`- LOG_EXTRA => 1,`
		`- # syslog options`
		`- # 1. leave this section as is for normal gitolite logging`
		`- # 2. uncomment this line to log only to syslog:`
		`- # LOG_DEST => 'syslog',`
		`- # 3. uncomment this line to log to syslog and the normal gitolite log:`
		`- # LOG_DEST => 'syslog,normal',`
		`-`
		`- # roles. add more roles (like MANAGER, TESTER, ...) here.`
		`- # WARNING: if you make changes to this hash, you MUST run 'gitolite`
		`- # compile' afterward, and possibly also 'gitolite trigger POST_COMPILE'`
		`- ROLES => {`
		`- READERS => 1,`
		`- WRITERS => 1,`
		`- },`
		`-`
		`- # enable caching (currently only Redis). PLEASE RTFM BEFORE USING!!!`
		`- # CACHE => 'Redis',`
		`-`
		`- # ------------------------------------------------------------------`
		`-`
		`- # rc variables used by various features`
		`-`
		`- # the 'info' command prints this as additional info, if it is set`
		`- # SITE_INFO => 'Please see http://blahblah/gitolite for more help',`
		`-`
		`- # the CpuTime feature uses these`
		`- # display user, system, and elapsed times to user after each git operation`
		`- # DISPLAY_CPU_TIME => 1,`
		`- # display a warning if total CPU times (u, s, cu, cs) crosses this limit`
		`- # CPU_TIME_WARN_LIMIT => 0.1,`
		`-`
		`- # the Mirroring feature needs this`
		`- # HOSTNAME => "foo",`
		`-`
		`- # TTL for redis cache; PLEASE SEE DOCUMENTATION BEFORE UNCOMMENTING!`
		`- # CACHE_TTL => 600,`
		`-`
		`- # ------------------------------------------------------------------`
		`-`
		`- # suggested locations for site-local gitolite code (see cust.html)`
		`-`
		`- # this one is managed directly on the server`
		`- # LOCAL_CODE => "$ENV{HOME}/local",`
		`-`
		`- # or you can use this, which lets you put everything in a subdirectory`
		`- # called "local" in your gitolite-admin repo. For a SECURITY WARNING`
		`- # on this, see http://gitolite.com/gitolite/non-core.html#pushcode`
		`- # LOCAL_CODE => "$rc{GL_ADMIN_BASE}/local",`
		`-`
		`- # ------------------------------------------------------------------`
		`-`
		`- # List of commands and features to enable`
		`-`
		`- ENABLE => [`
		`-`
		`- # COMMANDS`
		`-`
		`- # These are the commands enabled by default`
		`- 'help',`
		`- 'desc',`
		`- 'info',`
		`- 'perms',`
		`- 'writable',`
		`-`
		`- # Uncomment or add new commands here.`
		`- # 'create',`
		`- # 'fork',`
		`- # 'mirror',`
		`- # 'readme',`
		`- # 'sskm',`
		`- # 'D',`
		`-`
		`- # These FEATURES are enabled by default.`
		`-`
		`- # essential (unless you're using smart-http mode)`
		`- 'ssh-authkeys',`
		`-`
		`- # creates git-config enties from gitolite.conf file entries like 'config foo.bar = baz'`
		`- 'git-config',`
		`-`
		`- # creates git-daemon-export-ok files; if you don't use git-daemon, comment this out`
		`- 'daemon',`
		`-`
		`- # creates projects.list file; if you don't use gitweb, comment this out`
		`- #'gitweb',`
		`-`
		`- # These FEATURES are disabled by default; uncomment to enable. If you`
		`- # need to add new ones, ask on the mailing list :-)`
		`-`
		`- # user-visible behaviour`
		`-`
		`- # prevent wild repos auto-create on fetch/clone`
		`- # 'no-create-on-read',`
		`- # no auto-create at all (don't forget to enable the 'create' command!)`
		`- # 'no-auto-create',`
		`-`
		`- # access a repo by another (possibly legacy) name`
		`- # 'Alias',`
		`-`
		`- # give some users direct shell access. See documentation in`
		`- # sts.html for details on the following two choices.`
		`- # "Shell $ENV{HOME}/.gitolite.shell-users",`
		`- # 'Shell alice bob',`
		`-`
		`- # set default roles from lines like 'option default.roles-1 = ...', etc.`
		`- # 'set-default-roles',`
		`-`
		`- # show more detailed messages on deny`
		`- # 'expand-deny-messages',`
		`-`
		`- # show a message of the day`
		`- # 'Motd',`
		`-`
		`- # system admin stuff`
		`-`
		`- # enable mirroring (don't forget to set the HOSTNAME too!)`
		`- # 'Mirroring',`
		`-`
		`- # allow people to submit pub files with more than one key in them`
		`- # 'ssh-authkeys-split',`
		`-`
		`- # selective read control hack`
		`- # 'partial-copy',`
		`-`
		`- # manage local, gitolite-controlled, copies of read-only upstream repos`
		`- # 'upstream',`
		`-`
		`- # updates 'description' file instead of 'gitweb.description' config item`
		`- # 'cgit',`
		`-`
		`- # allow repo-specific hooks to be added`
		`- # 'repo-specific-hooks',`
		`-`
		`- # performance, logging, monitoring...`
		`-`
		`- # be nice`
		`- # 'renice 10',`
		`-`
		`- # log CPU times (user, system, cumulative user, cumulative system)`
		`- # 'CpuTime',`
		`-`
		`- # syntactic_sugar for gitolite.conf and included files`
		`-`
		`- # allow backslash-escaped continuation lines in gitolite.conf`
		`- # 'continuation-lines',`
		`-`
		`- # create implicit user groups from directory names in keydir/`
		`- # 'keysubdirs-as-groups',`
		`-`
		`- # allow simple line-oriented macros`
		`- # 'macros',`
		`-`
		`- # Kindergarten mode`
		`-`
		`- # disallow various things that sensible people shouldn't be doing anyway`
		`- # 'Kindergarten',`
		`- ],`
		`-`
		`- );`
		`-`
		`- # ------------------------------------------------------------------------------`
		`- # per perl rules, this should be the last line in such a file:`
		`- 1;`
		`-`
		`- # Local variables:`
		`- # mode: perl`
		`- # End:`
		`- # vim: set syn=perl:`

dev/ansible/roles/pagure-dev/files/pagure.cfg

file modified

-1

		`@@ -199,6 +199,5 @@`
		`},`
		`}`

		`- HTTP_REPO_ACCESS_GITOLITE = None`
		`SSH_KEYS_USERNAME_EXPECT = "git"`
		`ALLOW_HTTP_PUSH = True`

dev/ansible/roles/pagure-dev/tasks/gitolite.yml

file removed

-26

		`@@ -1,26 +0,0 @@`
		`- ---`
		`-`
		`- - name: Install gitolite3`
		`- dnf:`
		`- name:`
		`- - gitolite3`
		`- state: present`
		`-`
		`- - name: Install gitolite.rc to ~/.gitolite.rc`
		`- become_user: "{{ ansible_env.SUDO_USER }}"`
		`- copy:`
		`- src: gitolite3.rc`
		`- dest: /home/{{ ansible_env.SUDO_USER }}/.gitolite.rc`
		`-`
		`- - name: Create a key for gitolite`
		`- become_user: "{{ ansible_env.SUDO_USER }}"`
		`- command: ssh-keygen -f gitolite_rsa -t rsa -N ''`
		`- args:`
		`- chdir: /home/{{ ansible_env.SUDO_USER }}`
		`- creates: /home/{{ ansible_env.SUDO_USER }}/gitolite_rsa.pub`
		`-`
		`- - name: Setup gitolite`
		`- become_user: "{{ ansible_env.SUDO_USER }}"`
		`- command: gitolite setup -pk gitolite_rsa.pub`
		`- args:`
		`- chdir: /home/{{ ansible_env.SUDO_USER }}`

dev/ansible/roles/pagure-dev/tasks/main.yml

file modified

-1

		`@@ -2,7 +2,6 @@`

		`- import_tasks: clamav.yml`
		`- import_tasks: eventsource.yml`
		`- #- include: gitolite.yml`
		`- import_tasks: milter.yml`
		`- import_tasks: postgres.yml`

doc/configuration.rst

file modified

+4 -221

		`@@ -140,10 +140,6 @@`
		(if ``ENABLE_TICKETS`` is ``True``)
		`* a repo with metadata of pull requests opened against the project`

		- Note that gitolite config value ``GL_REPO_BASE`` (if using gitolite 3)
		- or ``$REPO_BASE`` (if using gitolite 2) must have exactly the same
		- value as ``GIT_FOLDER``.
		`-`

		`REMOTE_GIT_FOLDER`
		`~~~~~~~~~~~~~~~~~`
		`@@ -243,24 +239,14 @@`

		`This configuration key allows specifying which git auth backend to use.`

		`- Git auth backends can either be static (like gitolite), where a file is`
		`- generated when something changed and then used on login, or dynamic,`
		`- where the actual ACLs are checked in a git hook before being applied.`
		`-`
		`By default pagure provides the following backends:`

		- `test_auth`: simple debugging backend printing and returning the string ``Called GitAuthTestHelper.generate_acls()``
		- - `gitolite2`: allows deploying pagure on the top of gitolite 2
		- - `gitolite3`: allows deploying pagure on the top of gitolite 3
		- `pagure`: Pagure git auth implementation (using keyhelper.py and aclchecker.py) that is used via sshd AuthorizedKeysCommand
		- `pagure_authorized_keys`: Pagure git auth implementation that writes to authorized_keys file

		Defaults to: ``pagure_authorized_keys``

		`- .. note:: The option GITOLITE_BACKEND is the legacy name, and for backwards compatibility reasons will override this setting`
		`-`
		- .. note:: These options can be expended, cf :ref:`custom-gitolite`.
		`-`

		`Configure Pagure Auth`
		`---------------------`
		`@@ -290,8 +276,6 @@`

		`GIT_AUTH_BACKEND = "pagure"`

		`- HTTP_REPO_ACCESS_GITOLITE = None`
		`-`
		`SSH_KEYS_USERNAME_EXPECT = "git"`

		`SSH_COMMAND = ([`
		`@@ -327,150 +311,12 @@`

		`GIT_AUTH_BACKEND = "pagure_authorized_keys"`

		`- HTTP_REPO_ACCESS_GITOLITE = None`
		`-`
		`SSH_COMMAND = ([`
		`"/usr/bin/%(cmd)s",`
		`"/srv/git/repositories/%(reponame)s",`
		`], {"GL_USER": "%(username)s"})`


		`- Configure Gitolite`
		`- ------------------`
		`-`
		- Pagure can use `gitolite <http://gitolite.com/>`_ as an authorization layer.
		- Gitolite relies on `SSH <https://en.wikipedia.org/wiki/Secure_Shell>`_ for
		`- the authentication. In other words, SSH lets you in and gitolite checks if`
		`- you are allowed to do what you are trying to do once you are inside.`
		`-`
		`- Pagure supports both gitolite 2 and gitolite 3 and the code generating`
		`- the gitolite configuration can be customized for easier integration with`
		- other systems (cf :ref:`custom-gitolite`).
		`-`
		- Using Gitolite also requires setting the following in ``pagure.cfg``:
		`-`
		`- ::`
		`-`
		`- HTTP_REPO_ACCESS_GITOLITE = "/usr/share/gitolite3/gitolite-shell"`
		`-`
		`- SSH_COMMAND = (`
		`- [`
		`- "/usr/share/gitolite3/gitolite-shell",`
		`- "%(username)s",`
		`- "%(cmd)s",`
		`- "%(reponame)s",`
		`- ],`
		`- {},`
		`- )`
		`-`
		`-`
		`- This ensures that the Gitolite environment is used for interacting with`
		`- Git repositories. Further customizations are listed below.`
		`-`
		`-`
		`- gitolite 2 and 3`
		`- ~~~~~~~~~~~~~~~~~~~~`
		`-`
		`- GITOLITE_HOME`
		`- ^^^^^^^^^^^^^`
		`-`
		`- This configuration key points to the home directory of the user under which`
		`- gitolite is ran.`
		`-`
		`-`
		`- GITOLITE_KEYDIR`
		`- ^^^^^^^^^^^^^^^`
		`-`
		`- This configuration key points to the folder where gitolite stores and accesses`
		`- the public SSH keys of all the user have access to the server.`
		`-`
		`- Since pagure is the user interface, it is pagure that writes down the files`
		`- in this directory, effectively setting up the users to be able to use gitolite.`
		`-`
		`-`
		`- GITOLITE_CONFIG`
		`- ^^^^^^^^^^^^^^^`
		`-`
		`- This configuration key points to the gitolite.conf file where pagure writes`
		`- the gitolite repository access configuration.`
		`-`
		`-`
		`- GITOLITE_CELERY_QUEUE`
		`- ^^^^^^^^^^^^^^^^^^^^^`
		`-`
		`- This configuration is useful for large pagure deployment where recompiling`
		`- the gitolite config file can take a long time. By default the compilation`
		`- of gitolite's configuration file is done by the pagure_worker, which spawns`
		`- by default 4 concurrent workers. If it takes a while to recompile the`
		`- gitolite configuration file, these workers may be stepping on each others'`
		`- toes.`
		`- In this situation, this configuration key allows you to direct the messages`
		`- asking for the gitolite configuration file to be compiled to a different`
		`- queue which can then be handled by a different service/worker.`
		`-`
		- Pagure provides a ``pagure_gitolite_worker.service`` systemd service file
		`- pre-configured to handles these messages if this configuration key is set`
		- to ``gitolite_queue``.
		`-`
		`-`
		`- gitolite 2 only`
		`- ~~~~~~~~~~~~~~~~~~~`
		`-`
		`- GL_RC`
		`- ^^^^^`
		`-`
		- This configuration key points to the file ``gitolite.rc`` used by gitolite
		`- to record who has access to what (ie: who has access to which repo/branch).`
		`-`
		`-`
		`- GL_BINDIR`
		`- ^^^^^^^^^`
		`-`
		`- This configuration key indicates the folder in which the gitolite tools can`
		- be found. It can be as simple as ``/usr/bin/`` if the tools have been installed
		- using a package manager or something like ``/opt/bin/`` for a more custom
		`- install.`
		`-`
		`-`
		`- gitolite 3 only`
		`- ~~~~~~~~~~~~~~~~~~~`
		`-`
		`- GITOLITE_HAS_COMPILE_1`
		`- ^^^^^^^^^^^^^^^^^^^^^^`
		`-`
		- By setting this configuration key to ``True``, you can turn on using the
		- gitolite ``compile-1`` binary. This speeds up gitolite task when it recompiles
		`- configuration after new project is created. In order to use this, you need to`
		- have the ``compile-1`` gitolite command.
		`-`
		`- There are two ways to have it,`
		`-`
		`- #. You distribution already has the file installed for you and you can then`
		`- just use it.`
		`- #. You need to download and install it yourself. We are describing what`
		`- needs to be done for this here below.`
		`-`
		- Installing the ``compile-1`` command:
		`-`
		`- * You also have to make sure that your distribution of gitolite contains`
		- `patch <https://github.com/sitaramc/gitolite/commit/c4b6521a4b82e639f6ed776abad79c>`_
		- which makes gitolite respect ``ALLOW_ORPHAN_GL_CONF`` configuration variable,
		`- if this patch isn't already present, you will have to make the change yourself.`
		- * In your ``gitolite.rc`` set ``ALLOW_ORPHAN_GL_CONF`` to ``1`` (you may
		`- have to add it yourself).`
		- * Still in your ``gitolite.rc`` file, uncomment ``LOCAL_CODE`` file and set
		`- it to a full path of a directory that you choose (for example`
		- ``/usr/local/share/gitolite3``).
		- * Create a subdirectory ``commands`` under the path you picked for ``LOCAL_CODE``
		- (in our example, you will need to do: ``mkdir -p /usr/local/share/gitolite3/commands``)
		- * Finally, install the ``compile-1`` command in this ``commands`` subdirectory
		- If your installation doesn't ship this file, you can `download it
		- <https://github.com/sitaramc/gitolite/blob/master/contrib/commands/compile-1>`_.
		`- (Ensure the file is executable, otherwise gitolite will not find it)`
		`-`
		- Defaults to: ``False``
		`-`
		`-`
		`EventSource options`
		`-------------------`

		`@@ -546,7 +392,7 @@`

		`List of groups, either local or remote (if the openid server used supports the`
		`group extension), that are the site admins. These admins can regenerate the`
		`- gitolite configuration, the ssh key files, and the hook-token for every project`
		`+ ssh key files, and the hook-token for every project`
		`as well as manage users and groups.`


		`@@ -1363,8 +1209,7 @@`

		`This configuration keys enables or disables allowing users to delete git`
		`branches from the user interface. In sensible pagure instance you may`
		`- want to turn this off and with a customized gitolite configuration you can`
		`- prevent users from deleting branches in their git repositories.`
		`+ want to turn this off.`

		Defaults to: ``True``.

		`@@ -1658,38 +1503,6 @@`
		`any project on this pagure instance.`


		`- GITOLITE_PRE_CONFIG`
		`- ~~~~~~~~~~~~~~~~~~~`
		`-`
		`- This configuration key allows you to include some content at the top of`
		`- the gitolite configuration file (such as some specific group definition),`
		`- thus allowing to customize the gitolite configuration file with elements`
		`- and information that are outside of pagure's control.`
		`-`
		- This can be used in combination with ``GITOLITE_POST_CONFIG`` to further
		`- customize gitolite's configuration file. It can also be used with`
		- ``EXTERNAL_COMMITTER`` to give commit access to git repos based on external
		`- information.`
		`-`
		- Defaults to: ``None``
		`-`
		`-`
		`- GITOLITE_POST_CONFIG`
		`- ~~~~~~~~~~~~~~~~~~~~`
		`-`
		`- This configuration key allows you to include some content at the end of`
		`- the gitolite configuration file (such as some project definition or access),`
		`- thus allowing to customize the gitolite configuration file with elements`
		`- and information that are outside of pagure's control.`
		`-`
		- This can be used in combination with ``GITOLITE_PRE_CONFIG`` to further
		`- customize gitolite's configuration file. It can also be used with`
		- ``EXTERNAL_COMMITTER`` to give commit access to git repos based on external
		`- information.`
		`-`
		- Defaults to: ``None``
		`-`
		`-`
		`GIT_GARBAGE_COLLECT`
		`~~~~~~~~~~~~~~~~~~~`

		`@@ -1865,17 +1678,6 @@`
		Defaults to: ``False``


		`- HTTP_REPO_ACCESS_GITOLITE`
		`- ~~~~~~~~~~~~~~~~~~~~~~~~~`
		`-`
		`- This configuration key configures the path to the gitolite-shell binary.`
		`- If this is set to None, Git http-backend is used directly.`
		- Only set this to ``None`` if you intend to provide HTTP push access via Pagure, and
		`- are using a dynamic ACL backend.`
		`-`
		- Defaults to: ``/usr/share/gitolite3/gitolite-shell``
		`-`
		`-`
		`MIRROR_SSHKEYS_FOLDER`
		`~~~~~~~~~~~~~~~~~~~~~`

		`@@ -2171,23 +1973,11 @@`
		`2.10 of pagure.`


		`- GITOLITE_VERSION`
		`- ~~~~~~~~~~~~~~~~`
		`-`
		`- This configuration key specifies which version of gitolite you are`
		- using, it can be either ``2`` or ``3``.
		`-`
		- Defaults to: ``3``.
		`-`
		- This has been replaced by `GITOLITE_BACKEND` in the release 3.0 of pagure.
		`-`
		`-`
		`DOCS_FOLDER, REQUESTS_FOLDER, TICKETS_FOLDER`
		`~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

		`- These configuration values were removed. It has been found out that`
		`- due to how Pagure writes repo names in the gitolite configuration file,`
		- these must have fixed paths relative to `GIT_FOLDER`. Specifically, they
		`+ These configuration values were removed. These must have`
		+ fixed paths relative to `GIT_FOLDER`. Specifically, they
		must occupy subdirectories `docs`, `requests` and `tickets` under `GIT_FOLDER`.
		They are now computed automatically based on value of `GIT_FOLDER`.
		Usage of docs and tickets can be triggered by setting `ENABLE_DOCS` and
		`@@ -2243,13 +2033,6 @@`
		documentation <https://docs.pagure.org/pagure/usage/theming.html>`_


		`- GITOLITE_BACKEND`
		`- ~~~~~~~~~~~~~~~~`
		`-`
		`- This configuration key allowed specifying the gitolite backend.`
		`- This has now been replaced by GIT_AUTH_BACKEND, please see that option`
		`- for information on valid values.`
		`-`
		`PAGURE_PLUGIN`
		`~~~~~~~~~~~~~`

doc/custom_gitolite_conf.rst

file removed

-41

		`@@ -1,41 +0,0 @@`
		`- .. _custom-gitolite:`
		`-`
		`- Customize the gitolite configuration`
		`- ====================================`
		`-`
		`- Pagure provides a mechanism to allow customizing the creation and`
		`- compilation of the configuration file of gitolite.`
		`-`
		`- To customize the gitolite configuration file, we invite you to look at the`
		- `sources of the module pagure.lib.git_auth
		- <https://pagure.io/pagure/blob/master/f/pagure/lib/git_auth.py>`_.
		`-`
		`- As you can see it defines the following class::`
		`-`
		`- class GitAuthHelper(object):`
		`-`
		`- __metaclass__ = abc.ABCMeta`
		`-`
		`- @staticmethod`
		`- @abc.abstractmethod`
		`- def generate_acls():`
		`- pass`
		`-`
		`- @classmethod`
		`- @abc.abstractmethod`
		`- def remove_acls(self, session, project):`
		`- pass`
		`-`
		`- This will be the class you will have to inherit from in order to inject your`
		`- own code.`
		- You will then declare an entry point in your `setup.py` following this
		`- template::`
		`-`
		`- entry_points="""`
		`- [pagure.git_auth.helpers]`
		`- my_git_auth = my_pagure.my_module:MyGitAuthTestHelper`
		`- """`
		`-`
		`- Then you can adjust pagure's configuration file to say::`
		`-`
		`- GITOLITE_BACKEND = 'my_git_auth'`

doc/index.rst

file modified

-1

		`@@ -41,7 +41,6 @@`
		`install_crons`
		`configuration`
		`plugins`
		`- custom_gitolite_conf`
		`development`
		`contributing`
		`contributors`

doc/overview.ascii

file modified

+2 -1

		`@@ -6,7 +6,8 @@`
		`Grants/Denies access \| \|`
		`+------------+ +-----------+ \| +----------------------+ \|`
		`\| \| \| \| \| \| \| \|`
		`- User's git actions +--------------------->+ Gitolite +-------------------------->+ Git repos +----+--->+ pagure logcom \| \|`
		`+ User's git actions +--------------------->+ pagure +-------------------------->+ Git repos +----+--->+ pagure logcom \| \|`
		`+ \| auth keys \| \| \| \| \|`
		`\| \| \| \| \| \| \|`
		`+-----+------+ +---------+-+ +----------------+-----+ \|`
		`^ ^ \| \|`

doc/overview.rst

file modified

+2 -14

		`@@ -26,8 +26,8 @@`
		`Pagure core application`
		`-----------------------`

		`- The core application is the flask application interacting with gitolite to`
		`- provide a web UI to the git repositories as well as tickets and pull-requests.`
		`+ The core application is the flask application and provide a web UI to`
		`+ the git repositories as well as tickets and pull-requests.`
		`This is the main application for the forge.`


		`@@ -47,18 +47,6 @@`
		<http://www.celeryproject.org/>`_ could be used instead.


		`- Gitolite`
		`- --------`
		`-`
		- Currently pagure uses `gitolite <http://gitolite.com/gitolite/index.html>`_
		- to grant or deny `ssh <https://en.wikipedia.org/wiki/Secure_Shell>`_ access
		`- to the git repositories, in other words to grant or deny read and/or write`
		`- access to the git repositories.`
		`-`
		`- Pagure supports cloning over both ssh and http, but writing can only be done`
		`- via ssh, through gitolite.`
		`-`
		`-`
		`Pagure doc server`
		`-----------------`

doc/overview_simple.ascii

file modified

+2 -1

		`@@ -2,7 +2,8 @@`
		`Grants/Denies access`
		`+------------+ +-----------+`
		`\|cfffca4 \| \| \|`
		`- User's git actions+--------------------->+ Gitolite +-------------------------->+ Git repos \|`
		`+ User's git actions+--------------------->+ pagure +-------------------------->+ Git repos \|`
		`+ \| auth keys \| \| \|`
		`\| \| \| \|`
		`+------------+ +-----------+`
		`^ ^`

doc/usage/first_steps.rst

file modified

-3

		`@@ -29,9 +29,6 @@`
		`Upload your SSH key`
		`-------------------`

		`- Pagure uses gitolite to manage who has read/write access to which git`
		- repository via `ssh <https://en.wikipedia.org/wiki/Secure_Shell>`_.
		`-`
		`An ssh key is composed of two parts:`

		`* a private key, which you must keep to yourself and never share with anyone.`

doc/usage/index.rst

file modified

-1

		`@@ -42,7 +42,6 @@`

		`first_steps`
		`forks`
		`- read_only`
		`http_push`
		`pull_requests`
		`markdown`

doc/usage/read_only.rst

file removed

-33

		`@@ -1,33 +0,0 @@`
		`- Understanding Read Only Mode of projects`
		`- =========================================`
		`-`
		`- If a project is in Read Only Mode, the users of the project may not be`
		`- able to modify the git repository of the project. Let's say you forked`
		`- a project, then the forked project goes into a read only mode. You won't`
		`- be able to modify the git repository of the forked project in that mode.`
		`- After the read only mode is gone, you can begin to use the git repository`
		`- again. Let's say you decide to add another user to your fork, this time`
		`- the project will go in read only mode again but, you still will be able`
		`- to use the git repository while the new user will have to wait for read`
		`- only mode to get over. This is also true when you remove a user from your`
		`- project. The removed user can still access the project's git repository,`
		`- given that he had at least commit access, until the read only mode is over.`
		`-`
		`- In Pagure, we use gitolite for Access Control Lists when using SSH.`
		`- Modifying gitolite may be a time taking task (depending on number of projects`
		`- hosted on the pagure instance) that's why Pagure does it outside of HTTP`
		`- Request-Response Cycle.`
		`-`
		`- Whenever you fork a project or add/remove a new user/group to project,`
		`- gitolite needs to be refreshed in order to put those changes in effect`
		`- for ssh based git usage.`
		`-`
		`-`
		`- Actions that put the project in read only mode`
		`- ----------------------------------------------`
		`-`
		`- All the actions that needs gitolite to be compiled, will bring the`
		`- project in read only mode.`
		`-`
		`- * Creating/Forking a project. (only the fork will be in read only mode)`
		`- * Adding/Removing a user/group from a project.`

files/gitolite.rc

file removed

-233

		`@@ -1,233 +0,0 @@`
		`- # paths and configuration variables for gitolite`
		`-`
		`- # please read comments before editing`
		`-`
		`- # this file is meant to be pulled into a perl program using "do" or "require".`
		`-`
		`- # You do NOT need to know perl to edit the paths; it should be fairly`
		`- # self-explanatory and easy to maintain perl syntax :-)`
		`-`
		`- # --------------------------------------`
		`- # Do not uncomment these values unless you know what you're doing`
		`- # $GL_PACKAGE_CONF = "";`
		`- # $GL_PACKAGE_HOOKS = "";`
		`-`
		`- # --------------------------------------`
		`-`
		`- # --------------------------------------`
		`-`
		`- # this is where the repos go. If you provide a relative path (not starting`
		`- # with "/"), it's relative to your $HOME. You may want to put in something`
		`- # like "/bigdisk" or whatever if your $HOME is too small for the repos, for`
		`- # example`
		`-`
		`- $REPO_BASE="/path/to/git/repositories/";`
		`-`
		`- # the default umask for repositories is 0077; change this if you run stuff`
		`- # like gitweb and find it can't read the repos. Please note the syntax; the`
		`- # leading 0 is required`
		`-`
		`- $REPO_UMASK = 0002;`
		`- # $REPO_UMASK = 0027; # gets you 'rwxr-x---'`
		`- # $REPO_UMASK = 0022; # gets you 'rwxr-xr-x'`
		`-`
		`- # part of the setup of gitweb is a variable called $projects_list (please see`
		`- # gitweb documentation for more on this). Set this to the same value:`
		`-`
		`- $PROJECTS_LIST = $ENV{HOME} . "/projects.list";`
		`-`
		`- # --------------------------------------`
		`-`
		`- # I see no reason anyone may want to change the gitolite admin directory, but`
		`- # feel free to do so. However, please note that it must be an absolute`
		`- # path (i.e., starting with a "/" character)`
		`-`
		`- # gitolite admin directory, files, etc`
		`-`
		`- $GL_ADMINDIR="/etc/gitolite";`
		`-`
		`- # --------------------------------------`
		`-`
		`- # templates for location of the log files and format of their names`
		`-`
		`- # I prefer this template (note the %y and %m placeholders)`
		- # it produces files like `~/.gitolite/logs/gitolite-2009-09.log`
		`-`
		`- $GL_LOGT="/var/log/gitolite/gitolite-%y-%m.log";`
		`-`
		`- # other choices are below, or you can make your own -- but PLEASE MAKE SURE`
		`- # the directory exists and is writable; gitolite won't do that for you (unless`
		`- # it is the default, which is "$GL_ADMINDIR/logs")`
		`-`
		`- # $GL_LOGT="$GL_ADMINDIR/logs/gitolite-%y-%m-%d.log";`
		`- # $GL_LOGT="$GL_ADMINDIR/logs/gitolite-%y.log";`
		`-`
		`- # --------------------------------------`
		`-`
		`- # Please DO NOT change these three paths`
		`-`
		`- $GL_CONF="$GL_ADMINDIR/conf/gitolite.conf";`
		`- $GL_KEYDIR="$GL_ADMINDIR/keydir";`
		`- $GL_CONF_COMPILED="$GL_ADMINDIR/conf/gitolite.conf-compiled.pm";`
		`-`
		`- # --------------------------------------`
		`-`
		`- # if git on your server is on a standard path (that is`
		`- # ssh git@server git --version`
		`- # works), leave this setting as is. Otherwise, choose one of the`
		`- # alternatives, or write your own`
		`-`
		`- $GIT_PATH="";`
		`- # $GIT_PATH="/opt/bin/";`
		`-`
		`- # --------------------------------------`
		`-`
		`- # ----------------------------------------------------------------------`
		`- # BIG CONFIG SETTINGS`
		`-`
		`- # Please read doc/big-config.mkd for details`
		`-`
		`- $GL_BIG_CONFIG = 1;`
		`- $GL_NO_DAEMON_NO_GITWEB = 1;`
		`- $GL_NO_CREATE_REPOS = 1;`
		`- $GL_NO_SETUP_AUTHKEYS = 1;`
		`-`
		`-`
		`- # ----------------------------------------------------------------------`
		`- # SECURITY SENSITIVE SETTINGS`
		`- #`
		`- # Settings below this point may have security implications. That`
		`- # usually means that I have not thought hard enough about all the`
		`- # possible ways to crack security if these settings are enabled.`
		`-`
		`- # Please see details on each setting for specifics, if any.`
		`- # ----------------------------------------------------------------------`
		`-`
		`-`
		`-`
		`- # --------------------------------------`
		`- # ALLOW REPO ADMIN TO SET GITCONFIG KEYS`
		`- #`
		`- # Gitolite allows you to set git repo options using the "config" keyword; see`
		`- # conf/example.conf for details and syntax.`
		`- #`
		`- # However, if you are in an installation where the repo admin does not (and`
		`- # should not) have shell access to the server, then allowing him to set`
		`- # arbitrary repo config options may be a security risk -- some config`
		`- # settings may allow executing arbitrary commands.`
		`- #`
		`- # You have 3 choices. By default $GL_GITCONFIG_KEYS is left empty, which`
		`- # completely disables this feature (meaning you cannot set git configs from`
		`- # the repo config).`
		`-`
		`- $GL_GITCONFIG_KEYS = "";`
		`-`
		`- # The second choice is to give it a space separated list of settings you`
		`- # consider safe. (These are actually treated as a set of regular expression`
		`- # patterns, and any one of them must match). For example:`
		`- # $GL_GITCONFIG_KEYS = "core\.logAllRefUpdates core\..*compression";`
		`- # allows repo admins to set one of those 3 config keys (yes, that second`
		`- # pattern matches two settings from "man git-config", if you look)`
		`- #`
		`- # The third choice (which you may have guessed already if you're familiar with`
		`- # regular expressions) is to allow anything and everything:`
		`- # $GL_GITCONFIG_KEYS = ".*";`
		`-`
		`- # --------------------------------------`
		`- # EXTERNAL COMMAND HELPER -- HTPASSWD`
		`-`
		`- # security note: runs an external command (htpasswd) with specific arguments,`
		`- # including a user-chosen "password".`
		`-`
		`- # if you want to enable the "htpasswd" command, give this the absolute path to`
		`- # whatever file apache (etc) expect to find the passwords in.`
		`-`
		`- $HTPASSWD_FILE = "";`
		`-`
		`- # Look in doc/3 ("easier to link gitweb authorisation with gitolite" section)`
		`- # for more details on using this feature.`
		`-`
		`- # --------------------------------------`
		`- # EXTERNAL COMMAND HELPER -- RSYNC`
		`-`
		`- # security note: runs an external command (rsync) with specific arguments, all`
		`- # presumably filled in correctly by the client-side rsync.`
		`-`
		`- # base path of all the files that are accessible via rsync. Must be an`
		`- # absolute path. Leave it undefined or set to the empty string to disable the`
		`- # rsync helper.`
		`-`
		`- $RSYNC_BASE = "";`
		`-`
		`- # $RSYNC_BASE = "/home/git/up-down";`
		`- # $RSYNC_BASE = "/tmp/up-down";`
		`-`
		`- # --------------------------------------`
		`- # EXTERNAL COMMAND HELPER -- SVNSERVE`
		`-`
		`- # security note: runs an external command (svnserve) with specific arguments,`
		`- # as specified below. %u is substituted with the username.`
		`-`
		`- # This setting allows launching svnserve when requested by the ssh client.`
		`- # This allows using the same SSH setup (hostname/username/public key) for both`
		`- # SVN and git access. Leave it undefined or set to the empty string to disable`
		`- # svnserve access.`
		`-`
		`- $SVNSERVE = "";`
		`- # $SVNSERVE = "/usr/bin/svnserve -r /var/svn/ -t --tunnel-user=%u";`
		`-`
		`- # --------------------------------------`
		`- # ALLOW REPO CONFIG TO USE WILDCARDS`
		`-`
		`- # security note: this used to in a separate "wildrepos" branch. You can`
		`- # create repositories based on wild cards, give "ownership" to the specific`
		`- # user who created it, allow him/her to hand out R and RW permissions to other`
		`- # users to collaborate, etc. This is powerful stuff, and I've made it as`
		`- # secure as I can, but it hasn't had the kind of rigorous line-by-line`
		`- # analysis that the old "master" branch had.`
		`-`
		`- # This has now been rolled into master, with all the functionality gated by`
		`- # this variable. Set this to 1 if you want to enable the wildrepos features.`
		`- # Please see doc/4-wildcard-repositories.mkd for details.`
		`-`
		`- $GL_WILDREPOS = 0;`
		`-`
		`- # --------------------------------------`
		`- # DEFAULT WILDCARD PERMISSIONS`
		`-`
		`- # If set, this value will be used as the default user-level permission rule of`
		`- # new wildcard repositories. The user can change this value with the setperms command`
		`- # as desired after repository creation; it is only a default. Note that @all can be`
		`- # used here but is special; no other groups can be used in user-level permissions.`
		`-`
		`- # $GL_WILDREPOS_DEFPERMS = 'R = @all';`
		`-`
		`- # --------------------------------------`
		`- # HOOK CHAINING`
		`-`
		`- # by default, the update hook in every repo chains to "update.secondary".`
		`- # Similarly, the post-update hook in the admin repo chains to`
		`- # "post-update.secondary". If you're fine with the defaults, there's no need`
		`- # to do anything here. However, if you want to use different names or paths,`
		`- # change these variables`
		`-`
		`- # $UPDATE_CHAINS_TO = "hooks/update.secondary";`
		`- # $ADMIN_POST_UPDATE_CHAINS_TO = "hooks/post-update.secondary";`
		`-`
		`- # --------------------------------------`
		`- # ADMIN DEFINED COMMANDS`
		`-`
		`- # WARNING: Use this feature only if (a) you really really know what you're`
		`- # doing or (b) you really don't care too much about security. Please read`
		`- # doc/admin-defined-commands.mkd for details.`
		`-`
		`- # $GL_ADC_PATH = "";`
		`-`
		`- # --------------------------------------`
		`- # per perl rules, this should be the last line in such a file:`
		`- 1;`
		`-`
		`- # Local variables:`
		`- # mode: perl`
		`- # End:`
		`- # vim: set syn=perl:`

files/gitolite3.rc

file removed

-197

		`@@ -1,197 +0,0 @@`
		`- # configuration variables for gitolite`
		`-`
		`- # This file is in perl syntax. But you do NOT need to know perl to edit it --`
		`- # just mind the commas, use single quotes unless you know what you're doing,`
		`- # and make sure the brackets and braces stay matched up!`
		`-`
		`- # (Tip: perl allows a comma after the last item in a list also!)`
		`-`
		`- # HELP for commands can be had by running the command with "-h".`
		`-`
		`- # HELP for all the other FEATURES can be found in the documentation (look for`
		`- # "list of non-core programs shipped with gitolite" in the master index) or`
		`- # directly in the corresponding source file.`
		`-`
		`- %RC = (`
		`-`
		`- # ------------------------------------------------------------------`
		`-`
		`- GL_REPO_BASE => '/path/to/git/repositories',`
		`-`
		`- # default umask gives you perms of '0700'; see the rc file docs for`
		`- # how/why you might change this`
		`- UMASK => 0077,`
		`-`
		`- # look for "git-config" in the documentation`
		`- GIT_CONFIG_KEYS => '',`
		`-`
		`- # comment out if you don't need all the extra detail in the logfile`
		`- LOG_EXTRA => 1,`
		`- # syslog options`
		`- # 1. leave this section as is for normal gitolite logging`
		`- # 2. uncomment this line to log only to syslog:`
		`- # LOG_DEST => 'syslog',`
		`- # 3. uncomment this line to log to syslog and the normal gitolite log:`
		`- # LOG_DEST => 'syslog,normal',`
		`-`
		`- # roles. add more roles (like MANAGER, TESTER, ...) here.`
		`- # WARNING: if you make changes to this hash, you MUST run 'gitolite`
		`- # compile' afterward, and possibly also 'gitolite trigger POST_COMPILE'`
		`- ROLES => {`
		`- READERS => 1,`
		`- WRITERS => 1,`
		`- },`
		`-`
		`- # enable caching (currently only Redis). PLEASE RTFM BEFORE USING!!!`
		`- # CACHE => 'Redis',`
		`-`
		`- # ------------------------------------------------------------------`
		`-`
		`- # rc variables used by various features`
		`-`
		`- # the 'info' command prints this as additional info, if it is set`
		`- # SITE_INFO => 'Please see http://blahblah/gitolite for more help',`
		`-`
		`- # the CpuTime feature uses these`
		`- # display user, system, and elapsed times to user after each git operation`
		`- # DISPLAY_CPU_TIME => 1,`
		`- # display a warning if total CPU times (u, s, cu, cs) crosses this limit`
		`- # CPU_TIME_WARN_LIMIT => 0.1,`
		`-`
		`- # the Mirroring feature needs this`
		`- # HOSTNAME => "foo",`
		`-`
		`- # TTL for redis cache; PLEASE SEE DOCUMENTATION BEFORE UNCOMMENTING!`
		`- # CACHE_TTL => 600,`
		`-`
		`- # ------------------------------------------------------------------`
		`-`
		`- # suggested locations for site-local gitolite code (see cust.html)`
		`-`
		`- # this one is managed directly on the server`
		`- # LOCAL_CODE => "$ENV{HOME}/local",`
		`-`
		`- # or you can use this, which lets you put everything in a subdirectory`
		`- # called "local" in your gitolite-admin repo. For a SECURITY WARNING`
		`- # on this, see http://gitolite.com/gitolite/non-core.html#pushcode`
		`- # LOCAL_CODE => "$rc{GL_ADMIN_BASE}/local",`
		`-`
		`- # ------------------------------------------------------------------`
		`-`
		`- # List of commands and features to enable`
		`-`
		`- ENABLE => [`
		`-`
		`- # COMMANDS`
		`-`
		`- # These are the commands enabled by default`
		`- 'help',`
		`- 'desc',`
		`- 'info',`
		`- 'perms',`
		`- 'writable',`
		`-`
		`- # Uncomment or add new commands here.`
		`- # 'create',`
		`- # 'fork',`
		`- # 'mirror',`
		`- # 'readme',`
		`- # 'sskm',`
		`- # 'D',`
		`-`
		`- # These FEATURES are enabled by default.`
		`-`
		`- # essential (unless you're using smart-http mode)`
		`- 'ssh-authkeys',`
		`-`
		`- # creates git-config enties from gitolite.conf file entries like 'config foo.bar = baz'`
		`- 'git-config',`
		`-`
		`- # creates git-daemon-export-ok files; if you don't use git-daemon, comment this out`
		`- 'daemon',`
		`-`
		`- # creates projects.list file; if you don't use gitweb, comment this out`
		`- #'gitweb',`
		`-`
		`- # These FEATURES are disabled by default; uncomment to enable. If you`
		`- # need to add new ones, ask on the mailing list :-)`
		`-`
		`- # user-visible behaviour`
		`-`
		`- # prevent wild repos auto-create on fetch/clone`
		`- # 'no-create-on-read',`
		`- # no auto-create at all (don't forget to enable the 'create' command!)`
		`- # 'no-auto-create',`
		`-`
		`- # access a repo by another (possibly legacy) name`
		`- # 'Alias',`
		`-`
		`- # give some users direct shell access. See documentation in`
		`- # sts.html for details on the following two choices.`
		`- # "Shell $ENV{HOME}/.gitolite.shell-users",`
		`- # 'Shell alice bob',`
		`-`
		`- # set default roles from lines like 'option default.roles-1 = ...', etc.`
		`- # 'set-default-roles',`
		`-`
		`- # show more detailed messages on deny`
		`- # 'expand-deny-messages',`
		`-`
		`- # show a message of the day`
		`- # 'Motd',`
		`-`
		`- # system admin stuff`
		`-`
		`- # enable mirroring (don't forget to set the HOSTNAME too!)`
		`- # 'Mirroring',`
		`-`
		`- # allow people to submit pub files with more than one key in them`
		`- # 'ssh-authkeys-split',`
		`-`
		`- # selective read control hack`
		`- # 'partial-copy',`
		`-`
		`- # manage local, gitolite-controlled, copies of read-only upstream repos`
		`- # 'upstream',`
		`-`
		`- # updates 'description' file instead of 'gitweb.description' config item`
		`- # 'cgit',`
		`-`
		`- # allow repo-specific hooks to be added`
		`- # 'repo-specific-hooks',`
		`-`
		`- # performance, logging, monitoring...`
		`-`
		`- # be nice`
		`- # 'renice 10',`
		`-`
		`- # log CPU times (user, system, cumulative user, cumulative system)`
		`- # 'CpuTime',`
		`-`
		`- # syntactic_sugar for gitolite.conf and included files`
		`-`
		`- # allow backslash-escaped continuation lines in gitolite.conf`
		`- # 'continuation-lines',`
		`-`
		`- # create implicit user groups from directory names in keydir/`
		`- # 'keysubdirs-as-groups',`
		`-`
		`- # allow simple line-oriented macros`
		`- # 'macros',`
		`-`
		`- # Kindergarten mode`
		`-`
		`- # disallow various things that sensible people shouldn't be doing anyway`
		`- # 'Kindergarten',`
		`- ],`
		`-`
		`- );`
		`-`
		`- # ------------------------------------------------------------------------------`
		`- # per perl rules, this should be the last line in such a file:`
		`- 1;`
		`-`
		`- # Local variables:`
		`- # mode: perl`
		`- # End:`
		`- # vim: set syn=perl:`

files/pagure.cfg.sample

file modified

-25

		`@@ -99,31 +99,6 @@`
		`VIRUS_SCAN_ATTACHMENTS = False`


		`- ### Configuration file for gitolite`
		`- GITOLITE_CONFIG = os.path.join(`
		`- os.path.abspath(os.path.dirname(__file__)),`
		`- '..',`
		`- 'gitolite.conf'`
		`- )`
		`-`
		`-`
		`- ### Home folder of the gitolite user`
		`- ### Folder where to run gl-compile-conf from`
		`- GITOLITE_HOME = None`
		`-`
		`- ### Version of gitolite used: 2 or 3?`
		`- GITOLITE_VERSION = 3`
		`-`
		`- ### Folder containing all the public ssh keys for gitolite`
		`- GITOLITE_KEYDIR = None`
		`-`
		`- ### Path to the gitolite.rc file`
		`- GL_RC = None`
		`-`
		`- ### Path to the /bin directory where the gitolite tools can be found`
		`- GL_BINDIR = None`
		`-`
		`-`
		`# SSH Information`

		`### SSH commend for interacting with repositories`

files/pagure.spec

file modified

-8

		`@@ -268,10 +268,6 @@`
		`install -p -m 644 files/pagure_worker.service \`
		`$RPM_BUILD_ROOT/%{_unitdir}/pagure_worker.service`

		`- # Install the systemd file for the gitolite worker`
		`- install -p -m 644 files/pagure_gitolite_worker.service \`
		`- $RPM_BUILD_ROOT/%{_unitdir}/pagure_gitolite_worker.service`
		`-`
		`# Install the systemd file for the web-hook`
		`install -p -m 644 files/pagure_webhook.service \`
		`$RPM_BUILD_ROOT/%{_unitdir}/pagure_webhook.service`
		`@@ -365,7 +361,6 @@`

		`%post`
		`%systemd_post pagure_worker.service`
		`- %systemd_post pagure_gitolite_worker.service`
		`%systemd_post pagure_api_key_expire_mail.timer`
		`%systemd_post pagure_mirror_project_in.timer`
		`%post web-nginx`
		`@@ -388,7 +383,6 @@`

		`%preun`
		`%systemd_preun pagure_worker.service`
		`- %systemd_preun pagure_gitolite_worker.service`
		`%systemd_preun pagure_api_key_expire_mail.timer`
		`%systemd_preun pagure_mirror_project_in.timer`
		`%preun web-nginx`
		`@@ -411,7 +405,6 @@`

		`%postun`
		`%systemd_postun_with_restart pagure_worker.service`
		`- %systemd_postun_with_restart pagure_gitolite_worker.service`
		`%systemd_postun pagure_api_key_expire_mail.timer`
		`%systemd_postun pagure_mirror_project_in.timer`
		`%postun web-nginx`
		`@@ -451,7 +444,6 @@`
		`%{python_sitelib}/pagure*.egg-info`
		`%{_bindir}/pagure-admin`
		`%{_unitdir}/pagure_worker.service`
		`- %{_unitdir}/pagure_gitolite_worker.service`
		`%{_unitdir}/pagure_api_key_expire_mail.service`
		`%{_unitdir}/pagure_api_key_expire_mail.timer`
		`%{_unitdir}/pagure_mirror_project_in.service`

files/pagure_gitolite_worker.service

file removed

-15

		`@@ -1,15 +0,0 @@`
		`- [Unit]`
		`- Description=Pagure worker for backend git interaction`
		`- After=redis.target`
		`- Documentation=https://pagure.io/pagure`
		`-`
		`- [Service]`
		`- ExecStart=/usr/bin/celery -A pagure.lib.tasks worker --loglevel=INFO -c 1 -Q gitolite_queue -n gitolite`
		`- Environment="PAGURE_CONFIG=/etc/pagure/pagure.cfg"`
		`- Type=simple`
		`- User=git`
		`- Group=git`
		`- Restart=on-failure`
		`-`
		`- [Install]`
		`- WantedBy=multi-user.target`

files/pagure_worker.service.example

file modified

+1 -1

		`@@ -5,7 +5,7 @@`
		`# FAST_CELERY_QUEUE, MEDIUM_CELERY_QUEUE or SLOW_CELERY_QUEUE`

		`[Unit]`
		`- Description=Pagure worker for gitolite interactions`
		`+ Description=Pagure worker`
		`After=redis.target`
		`Documentation=https://pagure.io/pagure`

pagure/api/__init__.py

file modified

-1

		`@@ -547,7 +547,6 @@`
		`project.api_new_branch,`
		`project.api_fork_project,`
		`project.api_modify_acls,`
		`- project.api_generate_acls,`
		`project.api_commit_flags,`
		`project.api_commit_add_flag,`
		`project.api_update_project_watchers,`

pagure/api/group.py

file modified

-6

		`@@ -365,9 +365,6 @@`
		`is_admin=pagure.utils.is_admin(),`
		`)`
		`flask.g.session.commit()`
		`- pagure.lib.git.generate_gitolite_acls(`
		`- project=None, group=group.group_name`
		`- )`
		`except (pagure.exceptions.PagureException, SQLAlchemyError) as err:`
		`flask.g.session.rollback()`
		`raise pagure.exceptions.APIError(`
		`@@ -453,9 +450,6 @@`
		`is_admin=pagure.utils.is_admin(),`
		`)`
		`flask.g.session.commit()`
		`- pagure.lib.git.generate_gitolite_acls(`
		`- project=None, group=group.group_name`
		`- )`
		`except (pagure.exceptions.PagureException, SQLAlchemyError) as err:`
		`flask.g.session.rollback()`
		`raise pagure.exceptions.APIError(`

pagure/api/project.py

file modified

-94

		`@@ -1674,8 +1674,6 @@`
		`flask.g.session.rollback()`
		`raise pagure.exceptions.APIError(400, error_code=APIERROR.EDBERROR)`

		`- pagure.lib.git.generate_gitolite_acls(project=project)`
		`-`
		`return flask.jsonify(project.to_json(public=False, api=True))`


		`@@ -1784,83 +1782,6 @@`
		`return jsonout`


		`- @API.route("/<repo>/git/generateacls", methods=["POST"])`
		`- @API.route("/<namespace>/<repo>/git/generateacls", methods=["POST"])`
		`- @API.route("/fork/<username>/<repo>/git/generateacls", methods=["POST"])`
		`- @API.route(`
		`- "/fork/<username>/<namespace>/<repo>/git/generateacls", methods=["POST"]`
		`- )`
		`- @api_login_required(acls=["generate_acls_project"])`
		`- @api_method`
		`- def api_generate_acls(repo, username=None, namespace=None):`
		`- """`
		`- Generate Gitolite ACLs on a project`
		`- -----------------------------------`
		`- Generate Gitolite ACLs on a project. This is restricted to Pagure admins.`
		`-`
		`- This is an asynchronous call.`
		`-`
		`- ::`
		`-`
		`- POST /api/0/rpms/python-requests/git/generateacls`
		`-`
		`-`
		`- Input`
		`- ^^^^^`
		`-`
		`- +------------------+---------+--------------+---------------------------+`
		`- \| Key \| Type \| Optionality \| Description \|`
		`- +==================+=========+==============+===========================+`
		- \| ``wait`` \| boolean \| Optional \| \| A boolean to specify if \|
		`- \| \| \| \| this API call should \|`
		`- \| \| \| \| return a taskid or if it\|`
		`- \| \| \| \| should wait for the task\|`
		`- \| \| \| \| to finish. \|`
		`- +------------------+---------+--------------+---------------------------+`
		`-`
		`-`
		`- Sample response`
		`- ^^^^^^^^^^^^^^^`
		`-`
		`- ::`
		`-`
		`- wait=False:`
		`- {`
		`- 'message': 'Project ACL generation queued',`
		`- 'taskid': '123-abcd'`
		`- }`
		`-`
		`- wait=True:`
		`- {`
		`- 'message': 'Project ACLs generated'`
		`- }`
		`-`
		`- """`
		`- project = _get_repo(repo, username, namespace)`
		`- _check_token(project, project_token=False)`
		`-`
		`- wait = pagure.utils.is_true(get_request_data().get("wait"))`
		`-`
		`- try:`
		`- task = pagure.lib.git.generate_gitolite_acls(project=project)`
		`-`
		`- if wait:`
		`- task.get()`
		`- output = {"message": "Project ACLs generated"}`
		`- else:`
		`- output = {`
		`- "message": "Project ACL generation queued",`
		`- "taskid": task.id,`
		`- }`
		`- except pagure.exceptions.PagureException as err:`
		`- raise pagure.exceptions.APIError(`
		`- 400, error_code=APIERROR.ENOCODE, error=str(err)`
		`- )`
		`-`
		`- jsonout = flask.jsonify(output)`
		`- return jsonout`
		`-`
		`-`
		`@API.route("/<repo>/git/branch", methods=["POST"])`
		`@API.route("/<namespace>/<repo>/git/branch", methods=["POST"])`
		`@API.route("/fork/<username>/<repo>/git/branch", methods=["POST"])`
		`@@ -2807,10 +2728,6 @@`
		`if grp.id == group_obj.id:`
		`project.groups.remove(grp)`
		`break`
		`- pagure.lib.query.update_read_only_mode(`
		`- flask.g.session, project, read_only=True`
		`- )`
		`- pagure.lib.git.generate_gitolite_acls(project=project)`

		`try:`
		`flask.g.session.commit()`
		`@@ -2823,7 +2740,6 @@`
		`flask.g.session.rollback()`
		`raise pagure.exceptions.APIError(400, error_code=APIERROR.EDBERROR)`

		`- pagure.lib.git.generate_gitolite_acls(project=project)`
		`output = project.to_json(api=True, public=True)`
		`else:`
		`raise pagure.exceptions.APIError(`
		`@@ -3500,16 +3416,6 @@`
		`401, error_code=APIERROR.ENOTHIGHENOUGH`
		`)`

		`- if project.read_only:`
		`- error = (`
		`- "The ACLs of this project are being refreshed in the backend "`
		`- "this prevents the project from being deleted. Please wait "`
		`- "for this task to finish before trying again. Thanks!"`
		`- )`
		`- raise pagure.exceptions.APIError(`
		`- 400, error_code=APIERROR.ENOCODE, error=error`
		`- )`
		`-`
		`project_json = project.to_json(public=True, api=True)`

		`pagure.lib.tasks.delete_project(`

pagure/cli/admin.py

file modified

-193

		`@@ -33,7 +33,6 @@`
		`import pagure.lib.model_base # noqa: E402`
		`import pagure.lib.query # noqa: E402`
		`import pagure.lib.tasks_utils # noqa: E402`
		`- from pagure.flask_app import generate_user_key_files # noqa: E402`
		`from pagure.utils import get_repo_path # noqa: E402`

		`_config = pagure.config.reload_config()`
		`@@ -50,49 +49,6 @@`
		`}`


		`- def _parser_refresh_gitolite(subparser):`
		`- """Set up the CLI argument parser for the refresh-gitolite action.`
		`-`
		`- :arg subparser: an argparse subparser allowing to have action's specific`
		`- arguments`
		`-`
		`- """`
		`- local_parser = subparser.add_parser(`
		`- "refresh-gitolite", help="Re-generate the gitolite config file"`
		`- )`
		`- local_parser.add_argument(`
		`- "--user", help="User of the project (to use only on forks)"`
		`- )`
		`- local_parser.add_argument(`
		`- "--project",`
		`- help="Project to update (as namespace/project if there "`
		`- "is a namespace)",`
		`- )`
		`- local_parser.add_argument("--group", help="Group to refresh")`
		`- local_parser.add_argument(`
		`- "--all",`
		`- dest="all_",`
		`- default=False,`
		`- action="store_true",`
		`- help="Refresh all the projects",`
		`- )`
		`- local_parser.set_defaults(func=do_generate_acl)`
		`-`
		`-`
		`- def _parser_refresh_ssh(subparser):`
		`- """Set up the CLI argument parser for the refresh-ssh action.`
		`-`
		`- :arg subparser: an argparse subparser allowing to have action's specific`
		`- arguments`
		`-`
		`- """`
		`- local_parser = subparser.add_parser(`
		`- "refresh-ssh",`
		`- help="Re-write to disk every user's ssh key stored in the database",`
		`- )`
		`- local_parser.set_defaults(func=do_refresh_ssh)`
		`-`
		`-`
		`def _parser_clear_hook_token(subparser):`
		`"""Set up the CLI argument parser for the clear-hook-token action.`

		`@@ -287,32 +243,6 @@`
		`local_parser.set_defaults(func=do_update_watch_status)`


		`- def _parser_read_only(subparser):`
		`- """Set up the CLI argument parser for the read-only action.`
		`-`
		`- :arg subparser: an argparse subparser allowing to have action's specific`
		`- arguments`
		`-`
		`- """`
		`- local_parser = subparser.add_parser(`
		`- "read-only", help="Get or set the read-only flag on a project"`
		`- )`
		`- local_parser.add_argument(`
		`- "--user", help="User of the project (to use only on forks)"`
		`- )`
		`- local_parser.add_argument(`
		`- "project",`
		`- help="Project to update (as namespace/project if there "`
		`- "is a namespace)",`
		`- )`
		`- local_parser.add_argument(`
		`- "--ro",`
		`- help="Read-Only status to set (has to be: true or false), do not "`
		`- "specify to get the current status",`
		`- )`
		`- local_parser.set_defaults(func=do_read_only)`
		`-`
		`-`
		`def _parser_new_group(subparser):`
		`"""Set up the CLI argument parser for the new-group action.`

		`@@ -543,12 +473,6 @@`

		`subparser = parser.add_subparsers(title="actions")`

		`- # refresh-gitolite`
		`- _parser_refresh_gitolite(subparser)`
		`-`
		`- # refresh-ssh`
		`- _parser_refresh_ssh(subparser)`
		`-`
		`# clear-hook-token`
		`_parser_clear_hook_token(subparser)`

		`@@ -561,9 +485,6 @@`
		`# update-watch`
		`_parser_update_watch(subparser)`

		`- # read-only`
		`- _parser_read_only(subparser)`
		`-`
		`# new-group`
		`_parser_new_group(subparser)`

		`@@ -634,78 +555,6 @@`
		`)`


		`- def do_generate_acl(args):`
		`- """Regenerate the gitolite ACL file.`
		`-`
		`-`
		- :arg args: the argparse object returned by ``parse_arguments()``.
		`-`
		`- """`
		`- _log.debug("group: %s", args.group)`
		`- _log.debug("project: %s", args.project)`
		`- _log.debug("user: %s", args.user)`
		`- _log.debug("all: %s", args.all_)`
		`-`
		`- title = None`
		`- project = None`
		`- if args.project:`
		`- project = _get_project(args.project, user=args.user)`
		`- title = project.fullname`
		`- if args.all_:`
		`- title = "all"`
		`- project = -1`
		`-`
		`- if not args.all_ and not args.project:`
		`- print(`
		`- "Please note that you have not selected a project or --all. "`
		`- "Do you want to recompile the existing config file?"`
		`- )`
		`- if not _ask_confirmation():`
		`- return`
		`-`
		`- helper = pagure.lib.git_auth.get_git_auth_helper()`
		`- _log.debug("Got helper: %s", helper)`
		`-`
		`- group_obj = None`
		`- if args.group:`
		`- group_obj = pagure.lib.query.search_groups(`
		`- session, group_name=args.group`
		`- )`
		`- _log.debug(`
		`- "Calling helper: %s with arg: project=%s, group=%s",`
		`- helper,`
		`- project,`
		`- group_obj,`
		`- )`
		`-`
		`- print(`
		`- "Do you want to re-generate the gitolite.conf file for group: %s "`
		`- "and project: %s?" % (group_obj, title)`
		`- )`
		`- if _ask_confirmation():`
		`- helper.generate_acls(project=project, group=group_obj)`
		`- pagure.lib.tasks_utils.gc_clean()`
		`- print("Gitolite ACLs updated")`
		`-`
		`-`
		`- def do_refresh_ssh(_):`
		`- """Regenerate the user key files.`
		`-`
		- :arg _: the argparse object returned by ``parse_arguments()``, which is
		`- ignored as there are no argument to pass to this action.`
		`-`
		`- """`
		`- print(`
		`- "Do you want to re-generate all the ssh keys for every user in "`
		`- "the database? (Depending on your instance this may take a while "`
		`- "and result in an outage while it lasts)"`
		`- )`
		`- if _ask_confirmation():`
		`- generate_user_key_files()`
		`- print("User key files regenerated")`
		`- do_generate_acl()`
		`-`
		`-`
		`def do_generate_hook_token(_):`
		`"""Regenerate the hook_token for each projects in the DB.`

		`@@ -1173,48 +1022,6 @@`
		`session.commit()`


		`- def do_read_only(args):`
		`- """Set or update the read-only status of a project.`
		`-`
		- :arg args: the argparse object returned by ``parse_arguments()``.
		`-`
		`- """`
		`-`
		`- _log.debug("project: %s", args.project)`
		`- _log.debug("user: %s", args.user)`
		`- _log.debug("read-only: %s", args.ro)`
		`-`
		`- # Validate user`
		`- pagure.lib.query.get_user(session, args.user)`
		`-`
		`- # Get the project`
		`- project = _get_project(args.project, user=args.user)`
		`-`
		`- _check_project(project, project=args.project)`
		`-`
		`- # Validate ro flag`
		`- if args.ro and args.ro.lower() not in ["true", "false"]:`
		`- raise pagure.exceptions.PagureException(`
		`- "Invalid read-only status specified: %s is not in: "`
		`- "true, false" % args.ro.lower()`
		`- )`
		`-`
		`- if not args.ro:`
		`- print(`
		`- "The current read-only flag of the project %s is set to %s"`
		`- % (project.fullname, project.read_only)`
		`- )`
		`- else:`
		`- pagure.lib.query.update_read_only_mode(`
		`- session, project, read_only=(args.ro.lower() == "true")`
		`- )`
		`- session.commit()`
		`- print(`
		`- "The read-only flag of the project %s has been set to %s"`
		`- % (project.fullname, args.ro.lower() == "true")`
		`- )`
		`-`
		`-`
		`def do_new_group(args):`
		`"""Create a new group in this pagure instance.`

pagure/config.py

file modified

-4

		`@@ -39,10 +39,6 @@`
		`)`
		`config["REQUESTS_FOLDER"] = os.path.join(config["GIT_FOLDER"], "requests")`

		`- if "GITOLITE_BACKEND" in config:`
		`- # This is for backwards compatibility purposes`
		`- config["GIT_AUTH_BACKEND"] = config["GITOLITE_BACKEND"]`
		`-`
		`return config`

pagure/default_config.py

file modified

+1 -41

		`@@ -158,7 +158,6 @@`
		`)`

		`# Folder containing to the git repos`
		`- # Note that this must be exactly the same as GL_REPO_BASE in gitolite.rc`
		`GIT_FOLDER = os.path.join(`
		`os.path.abspath(os.path.dirname(__file__)), "..", "lcl", "repos"`
		`)`
		`@@ -176,46 +175,15 @@`
		`# Whether to enable scanning for viruses in attachments`
		`VIRUS_SCAN_ATTACHMENTS = False`

		`- # Configuration file for gitolite`
		`- GITOLITE_CONFIG = os.path.join(`
		`- os.path.abspath(os.path.dirname(__file__)), "..", "lcl", "gitolite.conf"`
		`- )`
		`-`
		`# Configuration keys to specify where the upload folder is and what is its`
		`# name`
		`UPLOAD_FOLDER_PATH = os.path.join(`
		`os.path.abspath(os.path.dirname(__file__)), "..", "lcl", "releases"`
		`)`

		`-`
		`- # Home folder of the gitolite user -- Folder where to run gl-compile-conf from`
		`- GITOLITE_HOME = None`
		`-`
		`- # Version of gitolite used: 2 or 3?`
		`- GITOLITE_VERSION = 3`
		`-`
		`- # Folder containing all the public ssh keys for gitolite`
		`- GITOLITE_KEYDIR = None`
		`-`
		`# Backend for git auth decisions`
		`- # This may be either a static helper (like gitolite based) or dynamic.`
		`GIT_AUTH_BACKEND = "pagure_authorized_keys"`

		`- # Legacy option name for GIT_AUTH_BACKEND, retained for backwards compatibility`
		`- # This option overrides GIT_AUTH_BACKEND`
		`- # GITOLITE_BACKEND = "gitolite3"`
		`-`
		- # Whether or not this installation of Pagure should use `gitolite compile-1`
		`- # to improve speed of some gitolite operations. See documentation for more`
		`- # info about how to set this up.`
		`- GITOLITE_HAS_COMPILE_1 = False`
		`-`
		`- # Path to the gitolite.rc file`
		`- GL_RC = None`
		`- # Path to the /bin directory where the gitolite tools can be found`
		`- GL_BINDIR = None`
		`-`
		`-`
		`# Whether or not to run "git gc --auto" after every change to a project`
		`# This will use default git config values`
		`# See https://git-scm.com/docs/git-gc#git-gc---auto for more details`
		`@@ -337,7 +305,6 @@`
		`"create_project": "Create a new project",`
		`"commit_flag": "Flag a commit",`
		`"fork_project": "Fork a project",`
		`- "generate_acls_project": "Generate the Gitolite ACLs on a project",`
		`"internal_access": "Access Pagure's internal APIs",`
		`"issue_assign": "Assign issue to someone",`
		`"issue_change_status": "Change the status of a ticket",`
		`@@ -372,11 +339,7 @@`

		`# List of ACLs which a regular user is allowed to associate to an API token`
		`# from the ACLs above`
		`- USER_ACLS = [`
		`- key`
		`- for key in ACLS.keys()`
		`- if key not in ["generate_acls_project", "internal_access"]`
		`- ]`
		`+ USER_ACLS = [key for key in ACLS.keys() if key not in ["internal_access"]]`

		`# From the ACLs above lists which ones are tolerated to be associated with`
		`# an API token that isn't linked to a particular project.`
		`@@ -400,7 +363,6 @@`
		`"pull_request_flag",`
		`"pull_request_comment",`
		`"pull_request_merge",`
		`- "generate_acls_project",`
		`"group_modify",`
		`"commit_flag",`
		`"create_branch",`
		`@@ -566,8 +528,6 @@`
		`ALLOW_HTTP_PULL_PUSH = True`
		`# Whether to allow pushing via HTTP`
		`ALLOW_HTTP_PUSH = False`
		`- # Path to Gitolite-shell if using that, None to use Git directly`
		`- HTTP_REPO_ACCESS_GITOLITE = None`

		`# Configuration for the key helper`
		`# Look a username up in the database, overrides SSH_KEYS_USERNAME_EXPECT`

pagure/flask_app.py

file modified

-16

		`@@ -222,22 +222,6 @@`
		`return app`


		`- def generate_user_key_files():`
		`- """Regenerate the key files used by gitolite."""`
		`- gitolite_home = pagure_config.get("GITOLITE_HOME", None)`
		`- if gitolite_home:`
		`- users = pagure.lib.query.search_user(flask.g.session)`
		`- for user in users:`
		`- pagure.lib.query.update_user_ssh(`
		`- flask.g.session,`
		`- user,`
		`- None,`
		`- pagure_config.get("GITOLITE_KEYDIR", None),`
		`- update_only=True,`
		`- )`
		`- pagure.lib.git.generate_gitolite_acls(project=None)`
		`-`
		`-`
		`def admin_session_timedout():`
		`"""Check if the current user has been authenticated for more than what`
		`is allowed (defaults to 15 minutes).`

pagure/hooks/files/git_multimail_upstream.py

file modified

+1 -70

		`@@ -3335,67 +3335,6 @@`
		`)`


		`- class GitoliteEnvironmentHighPrecMixin(Environment):`
		`- def get_pusher(self):`
		`- return self.osenv.get("GL_USER", "unknown user")`
		`-`
		`-`
		`- class GitoliteEnvironmentLowPrecMixin(Environment):`
		`- def get_repo_shortname(self):`
		`- # The gitolite environment variable $GL_REPO is a pretty good`
		`- # repo_shortname (though it's probably not as good as a value`
		`- # the user might have explicitly put in his config).`
		`- return (`
		`- self.osenv.get("GL_REPO", None)`
		`- or super(`
		`- GitoliteEnvironmentLowPrecMixin, self`
		`- ).get_repo_shortname()`
		`- )`
		`-`
		`- def get_fromaddr(self, change=None):`
		`- GL_USER = self.osenv.get("GL_USER")`
		`- if GL_USER is not None:`
		`- # Find the path to gitolite.conf. Note that gitolite v3`
		`- # did away with the GL_ADMINDIR and GL_CONF environment`
		`- # variables (they are now hard-coded).`
		`- GL_ADMINDIR = self.osenv.get(`
		`- "GL_ADMINDIR",`
		`- os.path.expanduser(os.path.join("~", ".gitolite")),`
		`- )`
		`- GL_CONF = self.osenv.get(`
		`- "GL_CONF", os.path.join(GL_ADMINDIR, "conf", "gitolite.conf")`
		`- )`
		`- if os.path.isfile(GL_CONF):`
		`- f = open(GL_CONF, "rU")`
		`- try:`
		`- in_user_emails_section = False`
		`- re_template = r"^\s#\s%s\s*$"`
		`- re_begin, re_user, re_end = (`
		`- re.compile(re_template % x)`
		`- for x in (`
		`- r"BEGIN\s+USER\s+EMAILS",`
		`- re.escape(GL_USER) + r"\s+(.*)",`
		`- r"END\s+USER\s+EMAILS",`
		`- )`
		`- )`
		`- for l in f:`
		`- l = l.rstrip("\n")`
		`- if not in_user_emails_section:`
		`- if re_begin.match(l):`
		`- in_user_emails_section = True`
		`- continue`
		`- if re_end.match(l):`
		`- break`
		`- m = re_user.match(l)`
		`- if m:`
		`- return m.group(1)`
		`- finally:`
		`- f.close()`
		`- return super(GitoliteEnvironmentLowPrecMixin, self).get_fromaddr(`
		`- change`
		`- )`
		`-`
		`-`
		`class IncrementalDateTime(object):`
		`"""Simple wrapper to give incremental date/times.`

		`@@ -4063,10 +4002,6 @@`

		`KNOWN_ENVIRONMENTS = {`
		`"generic": {"highprec": GenericEnvironmentMixin},`
		`- "gitolite": {`
		`- "highprec": GitoliteEnvironmentHighPrecMixin,`
		`- "lowprec": GitoliteEnvironmentLowPrecMixin,`
		`- },`
		`"stash": {`
		`"highprec": StashEnvironmentHighPrecMixin,`
		`"lowprec": StashEnvironmentLowPrecMixin,`
		`@@ -4097,10 +4032,7 @@`
		`env = config.get("environment")`

		`if not env:`
		`- if "GL_USER" in osenv and "GL_REPO" in osenv:`
		`- env = "gitolite"`
		`- else:`
		`- env = "generic"`
		`+ env = "generic"`
		`return env`


		`@@ -4139,7 +4071,6 @@`

		`GerritEnvironment = build_environment_klass("gerrit")`
		`StashEnvironment = build_environment_klass("stash")`
		`- GitoliteEnvironment = build_environment_klass("gitolite")`
		`GenericEnvironment = build_environment_klass("generic")`

pagure/hooks/mail.py

file modified

-3

		`@@ -88,9 +88,6 @@`
		`"multimailhook.mailingList", "", project.mail_hook.mail_to`
		`)`
		`repo_obj.config.set_multivar(`
		`- "multimailhook.environment", "", "gitolite"`
		`- )`
		`- repo_obj.config.set_multivar(`
		`"multimailhook.repoName", "", project.fullname`
		`)`
		`repo_obj.config.set_multivar("multimailhook.mailer", "", "smtp")`

pagure/lib/git.py

file modified

-37

		`@@ -143,36 +143,6 @@`
		`return "".join(filter(None, patch))`


		`- def generate_gitolite_acls(project=None, group=None):`
		`- """Generate the gitolite configuration file.`
		`-`
		`- :arg project: the project of which to update the ACLs. This argument`
		- can take three values: ``-1``, ``None`` and a project.
		- If project is ``-1``, the configuration should be refreshed for
		`- all projects.`
		- If project is ``None``, there no specific project to refresh
		`- but the ssh key of an user was added and updated.`
		`- If project is a pagure.lib.model.Project, the configuration of`
		`- this project should be updated.`
		`- :type project: None, int or pagure.lib.model.Project`
		`- :kwarg group: the group to refresh the members of`
		`- :type group: None or str`
		`-`
		`- """`
		`- if project != -1:`
		`- task = pagure.lib.tasks.generate_gitolite_acls.delay(`
		`- namespace=project.namespace if project else None,`
		`- name=project.name if project else None,`
		`- user=project.user.user if project and project.is_fork else None,`
		`- group=group,`
		`- )`
		`- else:`
		`- task = pagure.lib.tasks.generate_gitolite_acls.delay(`
		`- name=-1, group=group`
		`- )`
		`- return task`
		`-`
		`-`
		`def update_git(obj, repo):`
		`"""Schedules an update_repo task after determining arguments."""`
		`ticketuid = None`
		`@@ -401,7 +371,6 @@`
		`fullname=fullname or username,`
		`default_email=default_email,`
		`emails=useremails,`
		`- keydir=pagure_config.get("GITOLITE_KEYDIR", None),`
		`)`
		`session.commit()`

		`@@ -1119,9 +1088,6 @@`
		`)`
		`env = os.environ.copy()`
		`env["GL_USER"] = username`
		`- env["GL_BYPASS_ACCESS_CHECKS"] = "1"`
		`- if pagure_config.get("GITOLITE_HOME"):`
		`- env["HOME"] = pagure_config["GITOLITE_HOME"]`
		`env.update(environ)`
		`env.update(extra)`
		`out = subprocess.check_output(`
		`@@ -2942,10 +2908,7 @@`
		`_log.debug("Running a git push to %s", project.fullname)`
		`env = os.environ.copy()`
		`env["GL_USER"] = "pagure"`
		`- env["GL_BYPASS_ACCESS_CHECKS"] = "1"`
		`env["internal"] = "yes"`
		`- if pagure_config.get("GITOLITE_HOME"):`
		`- env["HOME"] = pagure_config["GITOLITE_HOME"]`
		`env.update(environ)`
		`env.update(extra)`
		`out = subprocess.check_output(`

pagure/lib/git_auth.py

file modified

+1 -761

		`@@ -13,20 +13,12 @@`
		`import json`
		`import logging`
		`import os`
		`- import subprocess`
		`- import tempfile`
		`from io import open`

		`import pkg_resources`
		`- import werkzeug.utils`
		`from six import with_metaclass`
		`- from six.moves import dbm_gnu`

		`- import pagure.exceptions`
		`- import pagure.lib.model_base`
		`- import pagure.lib.query`
		`from pagure.config import config as pagure_config`
		`- from pagure.lib import model`
		`from pagure.utils import is_repo_collaborator, lookup_deploykey`

		`# logging.config.dictConfig(pagure_config.get('LOGGING') or {'version': 1})`
		`@@ -42,7 +34,7 @@`
		`:arg backend: The name of the backend to find on the system (declared via`
		`the entry_points in setup.py).`
		`Pagure comes by default with the following backends:`
		`- test_auth, gitolite2, gitolite3`
		`+ test_auth, pagure_authorized_keys`
		`:type backend: str`

		`"""`
		`@@ -70,8 +62,6 @@`
		`_log.debug("Was unable to find any helpers, registering built-in")`
		`cls = {`
		`"test_auth": GitAuthTestHelper,`
		`- "gitolite2": Gitolite2Auth,`
		`- "gitolite3": Gitolite3Auth,`
		`"pagure": PagureGitAuth,`
		`"pagure_authorized_keys": PagureGitAuth,`
		`}[backend]`
		`@@ -92,48 +82,6 @@`
		`is_dynamic = False`

		`@classmethod`
		`- @abc.abstractmethod`
		`- def generate_acls(self, project, group=None):`
		`- """This is the method that is called by pagure to generate the`
		`- configuration file.`
		`-`
		`- :arg project: the project of which to update the ACLs. This argument`
		- can take three values: ``-1``, ``None`` and a project.
		- If project is ``-1``, the configuration should be refreshed for
		`- all projects.`
		- If project is ``None``, there no specific project to refresh
		`- but the ssh key of an user was added and updated or a group`
		`- was removed.`
		`- If project is a pagure.lib.model.Project, the configuration of`
		`- this project should be updated.`
		`- :type project: None, int or pagure.lib.model.Project`
		`- :kwarg group: the group to refresh the members of`
		`- :type group: None or pagure.lib.model.PagureGroup`
		`-`
		`- (This behaviour is based on the workflow of gitolite, if you are`
		`- implementing a different auth backend and need more granularity,`
		`- feel free to let us know.)`
		`-`
		`- """`
		`- pass`
		`-`
		`- @classmethod`
		`- @abc.abstractmethod`
		`- def remove_acls(self, session, project):`
		`- """This is the method that is called by pagure to remove a project`
		`- from the configuration file.`
		`-`
		`- :arg cls: the current class`
		`- :type: GitAuthHelper`
		`- :arg session: the session with which to connect to the database`
		`- :arg project: the project to remove from the gitolite configuration`
		`- file.`
		`- :type project: pagure.lib.model.Project`
		`-`
		`- """`
		`- pass`
		`-`
		`- @classmethod`
		`# This method can't be marked as abstract, since it's new and that would`
		`# break backwards compatibility`
		`def check_acl(cls, session, project, username, refname, **info):`
		`@@ -191,680 +139,11 @@`
		`return stream.read()`


		`- class Gitolite2Auth(GitAuthHelper):`
		`- """A gitolite 2 authentication module."""`
		`-`
		`- @classmethod`
		`- def _process_project(cls, project, config, global_pr_only):`
		`- """Generate the gitolite configuration for the specified project.`
		`-`
		`- :arg project: the project to generate the configuration for`
		`- :type project: pagure.lib.model.Project`
		`- :arg config: a list containing the different lines of the`
		`- configuration file`
		`- :type config: list`
		`- :arg groups: a dictionary containing the group name as key and the`
		`- users member of the group as values`
		`- :type groups: dict(str: list)`
		`- :arg global_pr_only: boolean on whether the pagure instance enforces`
		`- the PR workflow only or not`
		`- :type global_pr_only: bool`
		`- :return: the updated config`
		`- :return type: list`
		`-`
		`- """`
		`- _log.debug(" Processing project: %s", project.fullname)`
		`-`
		`- # Check if the project or the pagure instance enforce the PR only`
		`- # development model.`
		`- pr_only = project.settings.get("pull_request_access_only", False)`
		`-`
		`- repos_to_create = ["repos"]`
		`- if pagure_config.get("ENABLE_DOCS", True):`
		`- repos_to_create.append("docs/")`
		`- if pagure_config.get("ENABLE_TICKETS", True):`
		`- repos_to_create.append("tickets/")`
		`- # no setting yet to disable pull-requests`
		`- repos_to_create.append("requests/")`
		`- for repos in repos_to_create:`
		`- if repos == "repos":`
		`- # Do not grant access to project enforcing the PR model`
		`- if pr_only or (global_pr_only and not project.is_fork):`
		`- continue`
		`- repos = ""`
		`-`
		`- config.append("repo %s%s" % (repos, project.fullname))`
		`- if not project.private and repos not in ["tickets/", "requests/"]:`
		`- config.append(" R = @all")`
		`- if project.committer_groups:`
		`- config.append(`
		`- " RW+ = @%s"`
		`- % " @".join(`
		`- [`
		`- group.group_name`
		`- for group in project.committer_groups`
		`- ]`
		`- )`
		`- )`
		`- config.append(" RW+ = %s" % project.user.user)`
		`- for user in project.committers:`
		`- # This should never be the case (that the project.user`
		`- # is in the committers) but better safe than sorry`
		`- if user.user != project.user.user:`
		`- config.append(" RW+ = %s" % user.user)`
		`- for deploykey in project.deploykeys:`
		`- access = "R"`
		`- if deploykey.pushaccess:`
		`- access = "RW+"`
		`- # Note: the replace of / with _ is because gitolite`
		`- # users can't contain a /. At first, this might look`
		`- # like deploy keys in a project called`
		`- # $namespace_$project would give access to the repos of`
		`- # a project $namespace/$project or vica versa, however`
		`- # this is NOT the case because we add the deploykey.id`
		`- # to the end of the deploykey name, which means it is`
		`- # unique. The project name is solely there to make it`
		`- # easier to determine what project created the deploykey`
		`- # for admins.`
		`- config.append(`
		`- " %s = deploykey_%s_%s"`
		`- % (`
		`- access,`
		`- werkzeug.utils.secure_filename(project.fullname),`
		`- deploykey.id,`
		`- )`
		`- )`
		`- config.append("")`
		`-`
		`- return config`
		`-`
		`- @classmethod`
		`- def _clean_current_config(cls, current_config, project):`
		`- """Remove the specified project from the current configuration file`
		`-`
		`- :arg current_config: the content of the current/actual gitolite`
		`- configuration file read from the disk`
		`- :type current_config: list`
		`- :arg project: the project to update in the configuration file`
		`- :type project: pagure.lib.model.Project`
		`-`
		`- """`
		`- keys = [`
		`- "repo %s%s" % (repos, project.fullname)`
		`- for repos in ["", "docs/", "tickets/", "requests/"]`
		`- ]`
		`-`
		`- keep = True`
		`- config = []`
		`- for line in current_config:`
		`- line = line.rstrip()`
		`-`
		`- if line in keys:`
		`- keep = False`
		`- continue`
		`-`
		`- if keep is False and line == "":`
		`- keep = True`
		`-`
		`- if keep:`
		`- config.append(line)`
		`-`
		`- return config`
		`-`
		`- @classmethod`
		`- def _clean_groups(cls, config, group=None):`
		`- """Removes the groups in the given configuration file.`
		`-`
		`- :arg config: the current configuration`
		`- :type config: list`
		`- :kwarg group: the group to refresh the members of`
		`- :type group: None or pagure.lib.model.PagureGroup`
		`- :return: the configuration without the groups`
		`- :return type: list`
		`-`
		`- """`
		`-`
		`- if group is None:`
		`- output = [`
		`- row.rstrip()`
		`- for row in config`
		`- if not row.startswith("@") and row.strip() != "# end of groups"`
		`- ]`
		`- else:`
		`- end_grp = None`
		`- seen = False`
		`- output = []`
		`- for idx, row in enumerate(config):`
		`- if end_grp is None and row.startswith("repo "):`
		`- end_grp = idx`
		`-`
		`- if row.startswith("@%s " % group.group_name):`
		`- seen = True`
		`- row = "@%s = %s" % (`
		`- group.group_name,`
		`- " ".join(`
		`- sorted([user.username for user in group.users])`
		`- ),`
		`- )`
		`- output.append(row)`
		`-`
		`- if not seen:`
		`- row = "@%s = %s" % (`
		`- group.group_name,`
		`- " ".join(sorted([user.username for user in group.users])),`
		`- )`
		`- output.insert(end_grp, "")`
		`- output.insert(end_grp, row)`
		`-`
		`- return output`
		`-`
		`- @classmethod`
		`- def _generate_groups_config(cls, session):`
		`- """Generate the gitolite configuration for all of the groups.`
		`-`
		`- :arg session: the session with which to connect to the database`
		`- :return: the gitolite configuration for the groups`
		`- :return type: list`
		`-`
		`- """`
		`- query = session.query(model.PagureGroup).order_by(`
		`- model.PagureGroup.group_name`
		`- )`
		`-`
		`- groups = {}`
		`- for grp in query.all():`
		`- groups[grp.group_name] = [user.username for user in grp.users]`
		`-`
		`- return groups`
		`-`
		`- @classmethod`
		`- def _get_current_config(cls, configfile, preconfig=None, postconfig=None):`
		`- """Load the current gitolite configuration file from the disk.`
		`-`
		`- :arg configfile: the name of the configuration file to load`
		`- :type configfile: str`
		`- :kwarg preconf: the content of the file to include at the top of the`
		`- gitolite configuration file, used here to determine that a part of`
		`- the configuration file should be cleaned at the top.`
		`- :type preconf: None or str`
		`- :kwarg postconf: the content of the file to include at the bottom of`
		`- the gitolite configuration file, used here to determine that a part`
		`- of the configuration file should be cleaned at the bottom.`
		`- :type postconf: None or str`
		`-`
		`- """`
		`- _log.info("Reading in the current configuration: %s", configfile)`
		`- with open(configfile) as stream:`
		`- current_config = [line.rstrip() for line in stream]`
		`- if current_config and current_config[-1] == "# end of body":`
		`- current_config = current_config[:-1]`
		`-`
		`- if preconfig:`
		`- idx = None`
		`- for idx, row in enumerate(current_config):`
		`- if row.strip() == "# end of header":`
		`- break`
		`- if idx is not None:`
		`- idx = idx + 1`
		`- _log.info("Removing the first %s lines", idx)`
		`- current_config = current_config[idx:]`
		`-`
		`- if postconfig:`
		`- idx = None`
		`- for idx, row in enumerate(current_config):`
		`- if row.strip() == "# end of body":`
		`- break`
		`- if idx is not None:`
		`- _log.info(`
		`- "Keeping the first %s lines out of %s",`
		`- idx,`
		`- len(current_config),`
		`- )`
		`- current_config = current_config[:idx]`
		`-`
		`- return current_config`
		`-`
		`- @classmethod`
		`- def write_gitolite_acls(`
		`- cls,`
		`- session,`
		`- configfile,`
		`- project,`
		`- preconf=None,`
		`- postconf=None,`
		`- group=None,`
		`- ):`
		`- """Generate the configuration file for gitolite for all projects`
		`- on the forge.`
		`-`
		`- :arg cls: the current class`
		`- :type: Gitolite2Auth`
		`- :arg session: a session to connect to the database with`
		`- :arg configfile: the name of the configuration file to generate/write`
		`- :type configfile: str`
		`- :arg project: the project to update in the gitolite configuration`
		`- file. It can be of three types/values.`
		- If it is ``-1`` or if the file does not exist on disk, the
		`- entire gitolite configuration will be re-generated.`
		- If it is ``None``, the gitolite configuration will have its
		`- groups information updated but not the projects and will be`
		`- re-compiled.`
		- If it is a ``pagure.lib.model.Project``, the gitolite
		`- configuration will be updated for just this project.`
		`- :type project: None, int or spagure.lib.model.Project`
		`- :kwarg preconf: a file to include at the top of the configuration`
		`- file`
		`- :type preconf: None or str`
		`- :kwarg postconf: a file to include at the bottom of the`
		`- configuration file`
		`- :type postconf: None or str`
		`- :kwarg group: the group to refresh the members of`
		`- :type group: None or pagure.lib.model.PagureGroup`
		`-`
		`- """`
		`- _log.info("Write down the gitolite configuration file")`
		`-`
		`- preconfig = None`
		`- if preconf:`
		`- _log.info(`
		`- "Loading the file to include at the top of the generated one"`
		`- )`
		`- preconfig = _read_file(preconf)`
		`-`
		`- postconfig = None`
		`- if postconf:`
		`- _log.info(`
		`- "Loading the file to include at the end of the generated one"`
		`- )`
		`- postconfig = _read_file(postconf)`
		`-`
		`- global_pr_only = pagure_config.get("PR_ONLY", False)`
		`- config = []`
		`- groups = {}`
		`- if group is None:`
		`- groups = cls._generate_groups_config(session)`
		`-`
		`- if project == -1 or not os.path.exists(configfile):`
		`- _log.info("Refreshing the configuration for all projects")`
		`- query = session.query(model.Project).order_by(model.Project.id)`
		`- for project in query.all():`
		`- config = cls._process_project(project, config, global_pr_only)`
		`- elif project:`
		`- _log.info("Refreshing the configuration for one project")`
		`- config = cls._process_project(project, config, global_pr_only)`
		`-`
		`- current_config = cls._get_current_config(`
		`- configfile, preconfig, postconfig`
		`- )`
		`-`
		`- current_config = cls._clean_current_config(current_config, project)`
		`-`
		`- config = current_config + config`
		`-`
		`- if config:`
		`- _log.info("Cleaning the group %s from the loaded config", group)`
		`- config = cls._clean_groups(config, group=group)`
		`-`
		`- else:`
		`- current_config = cls._get_current_config(`
		`- configfile, preconfig, postconfig`
		`- )`
		`-`
		`- _log.info("Cleaning the group %s from the config on disk", group)`
		`- config = cls._clean_groups(current_config, group=group)`
		`-`
		`- if not config:`
		`- return`
		`-`
		`- _log.info("Writing the configuration to: %s", configfile)`
		`- with open(configfile, "w", encoding="utf-8") as stream:`
		`- if preconfig:`
		`- stream.write(preconfig + "\n")`
		`- stream.write("# end of header\n")`
		`-`
		`- if groups:`
		`- for key in sorted(groups):`
		`- stream.write("@%s = %s\n" % (key, " ".join(groups[key])))`
		`- stream.write("# end of groups\n\n")`
		`-`
		`- prev = None`
		`- for row in config:`
		`- if prev is None:`
		`- prev = row`
		`- if prev == row == "":`
		`- continue`
		`- stream.write(row + "\n")`
		`- prev = row`
		`-`
		`- stream.write("# end of body\n")`
		`-`
		`- if postconfig:`
		`- stream.write(postconfig + "\n")`
		`-`
		`- @classmethod`
		`- def _remove_from_gitolite_cache(cls, cache_file, project):`
		`- """Removes project from gitolite cache file (gl-conf.cache)`
		`-`
		`- Gitolite has no notion of "deleting" a project and it can only`
		`- add values to gl-conf.cache. Therefore we must manually wipe all`
		`- entries related to a project when deleting it.`
		`- If this method is not executed and if someone creates a project`
		- with the same fullname again then its `gl-conf` file won't get
		`- created (see link to commit below) and any subsequent invocation of`
		- `gitolite trigger POST_COMPILE` will fail, thus preventing creation
		`- of new repos/forks at the whole pagure instance.`
		`-`
		`- See https://github.com/sitaramc/gitolite/commit/41b7885b77c`
		`- (later reverted upstream, but still used in most Pagure deployments)`
		`-`
		`- :arg cls: the current class`
		`- :type: Gitolite2Auth`
		`- :arg cache_file: path to the cache file`
		`- :type cache_file: str`
		`- :arg project: the project to remove from gitolite cache file`
		`- :type project: pagure.lib.model.Project`
		`- """`
		`- _log.info("Remove project from the gitolite cache file")`
		`- cf = None`
		`- try:`
		`- # unfortunately dbm_gnu.open isn't a context manager in Python 2 :(`
		`- cf = dbm_gnu.open(cache_file, "ws")`
		`- for repo in ["", "docs/", "tickets/", "requests/"]:`
		`- to_remove = repo + project.fullname`
		`- if to_remove.encode("ascii") in cf:`
		`- del cf[to_remove]`
		`- except dbm_gnu.error as e:`
		`- msg = "Failed to remove project from gitolite cache: {msg}".format(`
		`- msg=e[1]`
		`- )`
		`- raise pagure.exceptions.PagureException(msg)`
		`- finally:`
		`- if cf:`
		`- cf.close()`
		`-`
		`- @classmethod`
		`- def remove_acls(cls, session, project):`
		`- """Remove a project from the configuration file for gitolite.`
		`-`
		`- :arg cls: the current class`
		`- :type: Gitolite2Auth`
		`- :arg session: the session with which to connect to the database`
		`- :arg project: the project to remove from the gitolite configuration`
		`- file.`
		`- :type project: pagure.lib.model.Project`
		`-`
		`- """`
		`- _log.info("Remove project from the gitolite configuration file")`
		`-`
		`- if not project:`
		`- raise RuntimeError("Project undefined")`
		`-`
		`- configfile = pagure_config["GITOLITE_CONFIG"]`
		`- preconf = pagure_config.get("GITOLITE_PRE_CONFIG") or None`
		`- postconf = pagure_config.get("GITOLITE_POST_CONFIG") or None`
		`-`
		`- if not os.path.exists(configfile):`
		`- _log.info(`
		`- "Not configuration file found at: %s... bailing" % configfile`
		`- )`
		`- return`
		`-`
		`- preconfig = None`
		`- if preconf:`
		`- _log.info(`
		`- "Loading the file to include at the top of the generated one"`
		`- )`
		`- preconfig = _read_file(preconf)`
		`-`
		`- postconfig = None`
		`- if postconf:`
		`- _log.info(`
		`- "Loading the file to include at the end of the generated one"`
		`- )`
		`- postconfig = _read_file(postconf)`
		`-`
		`- config = []`
		`- groups = cls._generate_groups_config(session)`
		`-`
		`- _log.info("Removing the project from the configuration")`
		`-`
		`- current_config = cls._get_current_config(`
		`- configfile, preconfig, postconfig`
		`- )`
		`-`
		`- current_config = cls._clean_current_config(current_config, project)`
		`-`
		`- config = current_config + config`
		`-`
		`- if config:`
		`- _log.info("Cleaning the groups from the loaded config")`
		`- config = cls._clean_groups(config)`
		`-`
		`- else:`
		`- current_config = cls._get_current_config(`
		`- configfile, preconfig, postconfig`
		`- )`
		`-`
		`- _log.info("Cleaning the groups from the config on disk")`
		`- config = cls._clean_groups(config)`
		`-`
		`- if not config:`
		`- return`
		`-`
		`- _log.info("Writing the configuration to: %s", configfile)`
		`- with open(configfile, "w", encoding="utf-8") as stream:`
		`- if preconfig:`
		`- stream.write(preconfig + "\n")`
		`- stream.write("# end of header\n")`
		`-`
		`- if groups:`
		`- for key in sorted(groups):`
		`- stream.write("@%s = %s\n" % (key, " ".join(groups[key])))`
		`- stream.write("# end of groups\n\n")`
		`-`
		`- prev = None`
		`- for row in config:`
		`- if prev is None:`
		`- prev = row`
		`- if prev == row == "":`
		`- continue`
		`- stream.write(row + "\n")`
		`- prev = row`
		`-`
		`- stream.write("# end of body\n")`
		`-`
		`- if postconfig:`
		`- stream.write(postconfig + "\n")`
		`-`
		`- gl_cache_path = os.path.join(`
		`- os.path.dirname(configfile), "..", "gl-conf.cache"`
		`- )`
		`- if os.path.exists(gl_cache_path):`
		`- cls._remove_from_gitolite_cache(gl_cache_path, project)`
		`-`
		`- @staticmethod`
		`- def _get_gitolite_command():`
		`- """Return the gitolite command to run based on the info in the`
		`- configuration file.`
		`- """`
		`- _log.info("Compiling the gitolite configuration")`
		`- gitolite_folder = pagure_config.get("GITOLITE_HOME", None)`
		`- if gitolite_folder:`
		`- cmd = "GL_RC=%s GL_BINDIR=%s gl-compile-conf" % (`
		`- pagure_config.get("GL_RC"),`
		`- pagure_config.get("GL_BINDIR"),`
		`- )`
		`- _log.debug("Command: %s", cmd)`
		`- return cmd`
		`-`
		`- @classmethod`
		`- def _repos_from_lines(cls, lines):`
		`- """Return list of strings representing complete repo entries from list`
		`- of lines as returned by _process_project.`
		`- """`
		`- repos = []`
		`- for line in lines:`
		`- if line.startswith("repo "):`
		`- repos.append([line])`
		`- else:`
		`- repos[-1].append(line)`
		`- for i, repo_lines in enumerate(repos):`
		`- repos[i] = "\n".join(repo_lines)`
		`- return repos`
		`-`
		`- @classmethod`
		`- def _run_gitolite_cmd(cls, cmd):`
		`- """Run gitolite command as subprocess, raise PagureException`
		`- if it fails.`
		`- """`
		`- if cmd:`
		`- proc = subprocess.Popen(`
		`- cmd,`
		`- shell=True,`
		`- stdout=subprocess.PIPE,`
		`- stderr=subprocess.PIPE,`
		`- cwd=pagure_config["GITOLITE_HOME"],`
		`- )`
		`- stdout, stderr = proc.communicate()`
		`- if proc.returncode != 0:`
		`- error_msg = (`
		`- 'The command "{0}" failed with'`
		`- '\n\n out: "{1}\n\n err:"{2}"'.format(`
		`- cmd, stdout, stderr`
		`- )`
		`- )`
		`- raise pagure.exceptions.PagureException(error_msg)`
		`-`
		`- @classmethod`
		`- def generate_acls(cls, project, group=None):`
		`- """Generate the gitolite configuration file for all repos`
		`-`
		`- :arg project: the project to update in the gitolite configuration`
		`- file. It can be of three types/values.`
		- If it is ``-1`` or if the file does not exist on disk, the
		`- entire gitolite configuration will be re-generated.`
		- If it is ``None``, the gitolite configuration will not be
		`- changed but will be re-compiled.`
		- If it is a ``pagure.lib.model.Project``, the gitolite
		`- configuration will be updated for just this project.`
		`- :type project: None, int or pagure.lib.model.Project`
		`- :kwarg group: the group to refresh the members of`
		`- :type group: None or pagure.lib.model.PagureGroup`
		`-`
		`- """`
		`- _log.info("Refresh gitolite configuration")`
		`-`
		`- if project is not None or group is not None:`
		`- session = pagure.lib.model_base.create_session(`
		`- pagure_config["DB_URL"]`
		`- )`
		`- cls.write_gitolite_acls(`
		`- session,`
		`- project=project,`
		`- configfile=pagure_config["GITOLITE_CONFIG"],`
		`- preconf=pagure_config.get("GITOLITE_PRE_CONFIG") or None,`
		`- postconf=pagure_config.get("GITOLITE_POST_CONFIG") or None,`
		`- group=group,`
		`- )`
		`- session.remove()`
		`-`
		`- if (`
		`- not group`
		`- and project not in [None, -1]`
		`- and hasattr(cls, "_individual_repos_command")`
		`- and pagure_config.get("GITOLITE_HAS_COMPILE_1", False)`
		`- ):`
		`- # optimization for adding single repo - we don't want to recompile`
		`- # whole gitolite.conf`
		`- repos_config = []`
		`- cls._process_project(`
		`- project, repos_config, pagure_config.get("PR_ONLY", False)`
		`- )`
		`- # repos_config will contain lines for repo itself as well as`
		`- # docs, requests, tickets; compile-1 only accepts one repo,`
		`- # so we have to run it separately for all of them`
		`- for repo in cls._repos_from_lines(repos_config):`
		`- repopath = repo.splitlines()[0][len("repo ") :].strip()`
		`- repotype = repopath.split("/")[0]`
		`- if (`
		`- repotype == "docs" and not pagure_config.get("ENABLE_DOCS")`
		`- ) or (`
		`- repotype == "tickets"`
		`- and not pagure_config.get("ENABLE_TICKETS")`
		`- ):`
		`- continue`
		`- with tempfile.NamedTemporaryFile() as f:`
		`- f.write(repo)`
		`- f.flush()`
		`- cmd = cls._individual_repos_command(f.name)`
		`- cls._run_gitolite_cmd(cmd)`
		`- else:`
		`- cmd = cls._get_gitolite_command()`
		`- cls._run_gitolite_cmd(cmd)`
		`-`
		`-`
		`- class Gitolite3Auth(Gitolite2Auth):`
		`- """A gitolite 3 authentication module."""`
		`-`
		`- @staticmethod`
		`- def _individual_repos_command(config_file):`
		`- _log.info(`
		`- "Compiling gitolite configuration %s for single repository",`
		`- config_file,`
		`- )`
		`- gitolite_folder = pagure_config.get("GITOLITE_HOME", None)`
		`- if gitolite_folder:`
		`- cmd = "HOME=%s gitolite compile-1 %s" % (`
		`- gitolite_folder,`
		`- config_file,`
		`- )`
		`- _log.debug("Command: %s", cmd)`
		`- return cmd`
		`-`
		`- @staticmethod`
		`- def _get_gitolite_command():`
		`- """Return the gitolite command to run based on the info in the`
		`- configuration file.`
		`- """`
		`- _log.info("Compiling the gitolite configuration")`
		`- gitolite_folder = pagure_config.get("GITOLITE_HOME", None)`
		`- if gitolite_folder:`
		`- cmd = (`
		`- "HOME=%s gitolite compile && HOME=%s gitolite trigger "`
		`- "POST_COMPILE" % (gitolite_folder, gitolite_folder)`
		`- )`
		`- _log.debug("Command: %s", cmd)`
		`- return cmd`
		`-`
		`- @classmethod`
		`- def post_compile_only(cls):`
		- """This method runs `gitolite trigger POST_COMPILE` without touching
		`- any other gitolite configuration. Most importantly, this will process`
		`- SSH keys used by gitolite.`
		`- """`
		`- _log.info("Triggering gitolite POST_COMPILE")`
		`- gitolite_folder = pagure_config.get("GITOLITE_HOME", None)`
		`- if gitolite_folder:`
		`- cmd = "HOME=%s gitolite trigger POST_COMPILE" % gitolite_folder`
		`- _log.debug("Command: %s", cmd)`
		`- cls._run_gitolite_cmd(cmd)`
		`-`
		`-`
		`class PagureGitAuth(GitAuthHelper):`
		`"""Standard Pagure git auth implementation."""`

		`is_dynamic = True`

		`- @classmethod`
		`- def generate_acls(self, project, group=None):`
		`- """This function is required but not used."""`
		`- pass`
		`-`
		`- @classmethod`
		`- def remove_acls(self, session, project):`
		`- """This function is required but not used."""`
		`- pass`
		`-`
		`def info(self, msg):`
		`"""Function that prints info about decisions to clients.`

		`@@ -918,45 +197,6 @@`
		`is_dynamic = True`

		`@classmethod`
		`- def generate_acls(cls, project, group=None):`
		`- """Print a statement when called, useful for debugging, only.`
		`-`
		`- :arg project: this variable is just printed out but not used`
		`- in any real place.`
		`- :type project: None, int or spagure.lib.model.Project`
		`- :kwarg group: the group to refresh the members of`
		`- :type group: None or pagure.lib.model.PagureGroup`
		`-`
		`- """`
		`- out = (`
		`- "Called GitAuthTestHelper.generate_acls() "`
		`- "with args: project=%s, group=%s" % (project, group)`
		`- )`
		`- print(out)`
		`- return out`
		`-`
		`- @classmethod`
		`- def remove_acls(cls, session, project):`
		`- """Print a statement about which a project would be removed from`
		`- the configuration file for gitolite.`
		`-`
		`- :arg cls: the current class`
		`- :type: GitAuthHelper`
		`- :arg session: the session with which to connect to the database`
		`- :arg project: the project to remove from the gitolite configuration`
		`- file.`
		`- :type project: pagure.lib.model.Project`
		`-`
		`- """`
		`-`
		`- out = (`
		`- "Called GitAuthTestHelper.remove_acls() "`
		`- "with args: project=%s" % (project.fullname)`
		`- )`
		`- print(out)`
		`- return out`
		`-`
		`- @classmethod`
		`def check_acl(`
		`cls, session, project, username, refname, pull_request, **info`
		`):`

pagure/lib/model.py

file modified

-1

		`@@ -383,7 +383,6 @@`
		`hook_token = sa.Column(sa.String(40), nullable=False, unique=True)`
		`avatar_email = sa.Column(sa.Text, nullable=True)`
		`is_fork = sa.Column(sa.Boolean, default=False, nullable=False)`
		`- read_only = sa.Column(sa.Boolean, default=True, nullable=False)`
		`parent_id = sa.Column(`
		`sa.Integer,`
		`sa.ForeignKey("projects.id", onupdate="CASCADE"),`

pagure/lib/notify.py

file modified

+1 -1

		`@@ -1104,7 +1104,7 @@`
		`been added.`
		`"""`
		`# string note: abspath, project and branch can only contain ASCII`
		`- # by policy (pagure and/or gitolite)`
		`+ # by policy (pagure)`
		`commits_info = []`
		`for commit in commits:`
		`commits_info.append(`

pagure/lib/query.py

file modified

+3 -137

		`@@ -283,93 +283,6 @@`
		`return None`


		`- def create_deploykeys_ssh_keys_on_disk(project, gitolite_keydir):`
		`- """Create the ssh keys for the projects' deploy keys on the key dir.`
		`-`
		`- This method does NOT support multiple ssh keys per deploy key.`
		`- """`
		`- if not gitolite_keydir:`
		`- # Nothing to do here, move right along`
		`- return`
		`-`
		`- # First remove deploykeys that no longer exist`
		`- keyfiles = [`
		`- "deploykey_%s_%s.pub"`
		`- % (werkzeug.utils.secure_filename(project.fullname), key.id)`
		`- for key in project.deploykeys`
		`- ]`
		`-`
		`- project_key_dir = os.path.join(`
		`- gitolite_keydir, "deploykeys", project.fullname`
		`- )`
		`- if not os.path.exists(project_key_dir):`
		`- os.makedirs(project_key_dir)`
		`-`
		`- for keyfile in os.listdir(project_key_dir):`
		`- if keyfile not in keyfiles:`
		`- # This key is no longer in the project. Remove it.`
		`- os.remove(os.path.join(project_key_dir, keyfile))`
		`-`
		`- for deploykey in project.deploykeys:`
		`- # See the comment in lib/git.py:write_gitolite_acls about why this`
		`- # name for a file is sane and does not inject a new security risk.`
		`- keyfile = "deploykey_%s_%s.pub" % (`
		`- werkzeug.utils.secure_filename(project.fullname),`
		`- deploykey.id,`
		`- )`
		`- if not os.path.exists(os.path.join(project_key_dir, keyfile)):`
		`- # We only take the very first key - deploykeys must be single keys`
		`- key = deploykey.public_ssh_key.split("\n")[0]`
		`- if not key:`
		`- continue`
		`- if not is_valid_ssh_key(key):`
		`- continue`
		`- with open(os.path.join(project_key_dir, keyfile), "w") as f:`
		`- f.write(deploykey.public_ssh_key)`
		`-`
		`-`
		`- def create_user_ssh_keys_on_disk(user, gitolite_keydir):`
		`- """Create the ssh keys for the user on the specific folder.`
		`-`
		`- This is the method allowing to have multiple ssh keys per user.`
		`- """`
		`- if gitolite_keydir:`
		`- # First remove any old keyfiles for the user`
		`- # Assumption: we populated the keydir. This means that files`
		`- # will be in 0/<username>.pub, ..., and not in any deeper`
		`- # directory structures. Also, this means that if a user`
		`- # had 5 lines, they will be up to at most keys_4/<username>.pub,`
		`- # meaning that if a user is not in keys_<i>/<username>.pub, with`
		`- # i being any integer, the user is most certainly not in`
		`- # keys_<i+1>/<username>.pub.`
		`- i = 0`
		`- keyline_file = os.path.join(`
		`- gitolite_keydir, "keys_%i" % i, "%s.pub" % user.user`
		`- )`
		`- while os.path.exists(keyline_file):`
		`- os.unlink(keyline_file)`
		`- i += 1`
		`- keyline_file = os.path.join(`
		`- gitolite_keydir, "keys_%i" % i, "%s.pub" % user.user`
		`- )`
		`-`
		`- if not user.sshkeys:`
		`- return`
		`-`
		`- # Now let's create new keyfiles for the user`
		`- i = 0`
		`- for key in user.sshkeys:`
		`- if not is_valid_ssh_key(key.public_ssh_key):`
		`- continue`
		`- keyline_dir = os.path.join(gitolite_keydir, "keys_%i" % i)`
		`- if not os.path.exists(keyline_dir):`
		`- os.mkdir(keyline_dir)`
		`- keyfile = os.path.join(keyline_dir, "%s.pub" % user.user)`
		`- with open(keyfile, "w") as stream:`
		`- stream.write(key.public_ssh_key.strip())`
		`- i += 1`
		`-`
		`-`
		`def add_issue_comment(`
		`session,`
		`issue,`
		`@@ -1182,7 +1095,6 @@`
		`access_obj.access = access`
		`access_obj.branches = branches`
		`project.date_modified = datetime.datetime.utcnow()`
		`- update_read_only_mode(session, project, read_only=True)`
		`session.add(access_obj)`
		`session.add(project)`
		`session.commit()`
		`@@ -1209,8 +1121,6 @@`
		`)`
		`project.date_modified = datetime.datetime.utcnow()`
		`session.add(project_user)`
		`- # Mark the project as read only, celery will then unmark it`
		`- update_read_only_mode(session, project, read_only=True)`
		`session.add(project)`
		`# Commit so the JSON sent in the notification is up to date`
		`session.commit()`
		`@@ -1295,7 +1205,6 @@`
		`access_obj.branches = branches`
		`session.add(access_obj)`
		`project.date_modified = datetime.datetime.utcnow()`
		`- update_read_only_mode(session, project, read_only=True)`
		`session.add(project)`
		`# Commit so the JSON sent in the notification is up to date`
		`session.commit()`
		`@@ -1323,8 +1232,6 @@`
		`session.add(project_group)`
		`# Make sure we won't have SQLAlchemy error before we continue`
		`project.date_modified = datetime.datetime.utcnow()`
		`- # Mark the project read_only, celery will then unmark it`
		`- update_read_only_mode(session, project, read_only=True)`
		`session.add(project)`
		`# Commit so the JSON sent in the notification is up to date`
		`session.commit()`
		`@@ -2289,10 +2196,8 @@`
		`)`

		`if "pull_request_access_only" in update:`
		`- update_read_only_mode(session, repo, read_only=True)`
		`session.add(repo)`
		`session.flush()`
		`- pagure.lib.git.generate_gitolite_acls(project=repo)`

		`return "Edited successfully settings of repo: %s" % repo.fullname`

		`@@ -3680,13 +3585,7 @@`


		`def set_up_user(`
		`- session,`
		`- username,`
		`- fullname,`
		`- default_email,`
		`- emails=None,`
		`- ssh_key=None,`
		`- keydir=None,`
		`+ session, username, fullname, default_email, emails=None, ssh_key=None`
		`):`
		`"""Set up a new user into the database or update its information."""`
		`user = search_user(session, username=username)`
		`@@ -3714,7 +3613,7 @@`
		`_log.exception(err)`

		`if ssh_key and not user.sshkeys:`
		`- update_user_ssh(session, user, ssh_key, keydir)`
		`+ update_user_ssh(session, user, ssh_key)`

		`return user`

		`@@ -3751,7 +3650,7 @@`
		`update_log_email_user(session, user_email, user)`


		`- def update_user_ssh(session, user, ssh_key, keydir, update_only=False):`
		`+ def update_user_ssh(session, user, ssh_key):`
		`"""Set up a new user into the database or update its information."""`
		`if isinstance(user, six.string_types):`
		`user = get_user(session, user)`
		`@@ -3770,12 +3669,6 @@`
		`)`
		`session.commit()`

		`- if keydir:`
		`- create_user_ssh_keys_on_disk(user, keydir)`
		`- if update_only:`
		`- pagure.lib.tasks.gitolite_post_compile_only.delay()`
		`- else:`
		`- pagure.lib.git.generate_gitolite_acls(project=None)`
		`session.add(user)`
		`session.flush()`

		`@@ -5653,30 +5546,6 @@`
		`return False`


		`- def update_read_only_mode(session, repo, read_only=True):`
		`- """Remove the read only mode from the project`
		`-`
		`- :arg session: The session object to query the db with`
		`- :arg repo: model.Project object to mark/unmark read only`
		`- :arg read_only: True if project is to be made read only,`
		`- False otherwise`
		`- """`
		`-`
		`- if (`
		`- not repo`
		`- or not isinstance(repo, model.Project)`
		`- or read_only not in [True, False]`
		`- ):`
		`- return`
		`- helper = pagure.lib.git_auth.get_git_auth_helper()`
		`- if helper.is_dynamic and read_only:`
		`- # No need to set a readonly flag if a dynamic auth backend is in use`
		`- return`
		`- if repo.read_only != read_only:`
		`- repo.read_only = read_only`
		`- session.add(repo)`
		`-`
		`-`
		`def issues_history_stats(session, project, detailed=False, weeks_range=53):`
		`"""Returns the number of opened issues on the specified project over`
		`the last 365 days`
		`@@ -5867,11 +5736,8 @@`
		`project.users.remove(u)`
		`break`

		`- # Mark the project as read_only, celery will unmark it`
		`- update_read_only_mode(session, project, read_only=True)`
		`session.commit()`

		`- pagure.lib.git.generate_gitolite_acls(project=project)`
		`pagure.lib.notify.log(`
		`project,`
		`topic="project.user.removed",`

pagure/lib/tasks.py

file modified

+3 -86

		`@@ -84,82 +84,14 @@`
		`return toret`


		`- @conn.task(queue=pagure_config.get("GITOLITE_CELERY_QUEUE", None), bind=True)`
		`- @pagure_task`
		`- def generate_gitolite_acls(`
		`- self, session, namespace=None, name=None, user=None, group=None`
		`- ):`
		`- """Generate the gitolite configuration file either entirely or for a`
		`- specific project.`
		`-`
		`- :arg session: SQLAlchemy session object`
		`- :type session: sqlalchemy.orm.session.Session`
		`- :kwarg namespace: the namespace of the project`
		`- :type namespace: None or str`
		`- :kwarg name: the name of the project`
		`- :type name: None or str`
		`- :kwarg user: the user of the project, only set if the project is a fork`
		`- :type user: None or str`
		`- :kwarg group: the group to refresh the members of`
		`- :type group: None or str`
		`-`
		`- """`
		`- project = None`
		`- if name and name != -1:`
		`- project = pagure.lib.query._get_project(`
		`- session, namespace=namespace, name=name, user=user`
		`- )`
		`-`
		`- elif name == -1:`
		`- project = name`
		`- helper = pagure.lib.git_auth.get_git_auth_helper()`
		`- _log.debug("Got helper: %s", helper)`
		`-`
		`- group_obj = None`
		`- if group:`
		`- group_obj = pagure.lib.query.search_groups(session, group_name=group)`
		`- _log.debug(`
		`- "Calling helper: %s with arg: project=%s, group=%s",`
		`- helper,`
		`- project,`
		`- group_obj,`
		`- )`
		`- helper.generate_acls(project=project, group=group_obj)`
		`-`
		`- pagure.lib.query.update_read_only_mode(session, project, read_only=False)`
		`- try:`
		`- session.commit()`
		`- _log.debug("Project %s is no longer in Read Only Mode", project)`
		`- except SQLAlchemyError:`
		`- session.rollback()`
		`- _log.exception("Failed to unmark read_only for: %s project", project)`
		`-`
		`-`
		`- @conn.task(queue=pagure_config.get("GITOLITE_CELERY_QUEUE", None), bind=True)`
		`- @pagure_task`
		`- def gitolite_post_compile_only(self, session):`
		`- """Do gitolite post-processing only. Most importantly, this processes SSH`
		`- keys used by gitolite. This is an optimization task that's supposed to be`
		- used if you only need to run `gitolite trigger POST_COMPILE` without
		`- touching any other gitolite configuration`
		`- """`
		`- helper = pagure.lib.git_auth.get_git_auth_helper()`
		`- _log.debug("Got helper: %s", helper)`
		`- if hasattr(helper, "post_compile_only"):`
		`- helper.post_compile_only()`
		`- else:`
		`- helper.generate_acls(project=None)`
		`-`
		`-`
		`- @conn.task(queue=pagure_config.get("GITOLITE_CELERY_QUEUE", None), bind=True)`
		`+ @conn.task(queue=pagure_config.get("FAST_CELERY_QUEUE", None), bind=True)`
		`@pagure_task`
		`def delete_project(`
		`self, session, namespace=None, name=None, user=None, action_user=None`
		`):`
		`"""Delete a project in pagure.`

		`- This is achieved in three steps:`
		`- - Remove the project from gitolite.conf`
		`+ This is achieved in two steps:`
		`- Remove the git repositories on disk`
		`- Remove the project from the DB`

		`@@ -185,14 +117,12 @@`
		`% (namespace, name, user)`
		`)`

		`- # Remove the project from gitolite.conf`
		`helper = pagure.lib.git_auth.get_git_auth_helper()`
		`_log.debug("Got helper: %s", helper)`

		`_log.debug(`
		`"Calling helper: %s with arg: project=%s", helper, project.fullname`
		`)`
		`- helper.remove_acls(session=session, project=project)`

		`# Remove the git repositories on disk`
		`pagure.lib.git.delete_project_repos(project)`
		`@@ -323,13 +253,6 @@`
		`master_ref = temp_gitrepo.lookup_reference("HEAD").resolve()`
		`tempclone.push("pagure", master_ref.name, internal="yes")`

		`- task = generate_gitolite_acls.delay(`
		`- namespace=project.namespace,`
		`- name=project.name,`
		`- user=project.user.user if project.is_fork else None,`
		`- )`
		`- _log.info("Refreshing gitolite config queued in task: %s", task.id)`
		`-`
		`return ret("ui_ns.view_repo", repo=name, namespace=namespace)`


		`@@ -527,13 +450,7 @@`
		`msg=dict(project=repo_to.to_json(public=True), agent=user_forker),`
		`)`

		`- _log.info("Project created, refreshing auth async")`
		`- task = generate_gitolite_acls.delay(`
		`- namespace=repo_to.namespace,`
		`- name=repo_to.name,`
		`- user=repo_to.user.user if repo_to.is_fork else None,`
		`- )`
		`- _log.info("Refreshing gitolite config queued in task: %s", task.id)`
		`+ _log.info("Project created.")`

		`if editfile is None:`
		`return ret(`

pagure/templates/repo_master.html

file modified

-16

		`@@ -8,9 +8,6 @@`
		`</a>`
		`{% elif not (current_user \| user_group_can_ssh_commit) %}`
		`Only members of the {{ config["SSH_ACCESS_GROUPS"] \| join(", ") }} group(s) can clone via ssh`
		`- {% elif repo.read_only %}`
		`- The permissions on this repository are being updated.`
		`- Cloning over SSH is disabled.`
		`{% else %}`
		`<div class="form-group">`
		`<div class="input-group input-group-sm">`
		`@@ -260,19 +257,6 @@`
		`</div>`

		`<div class="container pt-5 repo-body-container">`
		`- {% if repo.read_only %}`
		`- <div class="container pt-2">`
		`- <div class="alert alert-danger alert-dismissible" role="alert">`
		`- <button type="button" class="close" data-dismiss="alert" aria-label="Close">`
		`- <span aria-hidden="true">×</span>`
		`- <span class="sr-only">Close</span>`
		`- </button>`
		`- The permissions on this repository are being updated. This may take a while.`
		`- During this time, you or some of the project's contributors may not be able`
		`- to push to this repository.`
		`- </div>`
		`- </div>`
		`- {% endif %}`
		`{% if g.authenticated and repo.settings.get('pull_request_access_only') %}`
		`<div class="container pt-2">`
		`<div class="alert alert-info alert-dismissible" role="alert">`

pagure/templates/settings.html

file modified

-8

		`@@ -1070,13 +1070,6 @@`
		`</h3>`
		`<div class="row">`
		`<div class="col">`
		`- {% if repo.read_only %}`
		`- <button class="btn btn-danger disabled"`
		`- title="Action disabled while project's ACLs are being refreshed">`
		`- <i class="fa fa-trash"></i>`
		`-   Delete the {{ repo.fullname }} project`
		`- </button>`
		`- {% else %}`
		`<form action="{{ url_for(`
		`'ui_ns.delete_repo',`
		`repo=repo.name,`
		`@@ -1090,7 +1083,6 @@`
		`  Delete the {{ repo.fullname }} project`
		`</button>`
		`</form>`
		`- {% endif %}`
		`</div>`
		`</div>`
		`</div>`

pagure/ui/app.py

file modified

-8

		`@@ -1239,10 +1239,6 @@`
		`user=user,`
		`)`
		`flask.g.session.commit()`
		`- pagure.lib.query.create_user_ssh_keys_on_disk(`
		`- user, pagure_config.get("GITOLITE_KEYDIR", None)`
		`- )`
		`- pagure.lib.tasks.gitolite_post_compile_only.delay()`
		`if (`
		`pagure_config.get("GIT_AUTH_BACKEND")`
		`== "pagure_authorized_keys"`
		`@@ -1301,10 +1297,6 @@`

		`try:`
		`flask.g.session.commit()`
		`- pagure.lib.query.create_user_ssh_keys_on_disk(`
		`- user, pagure_config.get("GITOLITE_KEYDIR", None)`
		`- )`
		`- pagure.lib.tasks.gitolite_post_compile_only.delay()`
		`if (`
		`pagure_config.get("GIT_AUTH_BACKEND")`
		`== "pagure_authorized_keys"`

pagure/ui/clone.py

file modified

+5 -20

		`@@ -93,10 +93,10 @@`


		`def proxy_raw_git(project):`
		`- """Proxy a request to Git or gitolite3 via a subprocess."""`
		`+ """Proxy a request to Git via a subprocess."""`
		`_log.debug("Raw git clone proxy started")`
		`remote_user = _get_remote_user(project)`
		`- # We are going to shell out to gitolite-shell. Prepare the env it needs.`
		`+ # We are going to shell out, prepare the env it needs.`
		`gitenv = {`
		`"PATH": os.environ["PATH"],`
		`# These are the vars git-http-backend needs`
		`@@ -130,18 +130,7 @@`
		`)`
		`)`

		`- gitolite = pagure_config["HTTP_REPO_ACCESS_GITOLITE"]`
		`- if gitolite:`
		`- gitenv.update(`
		`- {`
		`- # These are the additional vars gitolite needs`
		`- # Fun fact: REQUEST_URI is not even mentioned in RFC3875`
		`- "REQUEST_URI": flask.request.full_path,`
		`- "GITOLITE_HTTP_HOME": pagure_config["GITOLITE_HOME"],`
		`- "HOME": pagure_config["GITOLITE_HOME"],`
		`- }`
		`- )`
		`- elif remote_user:`
		`+ if remote_user:`
		`gitenv.update({"GL_USER": remote_user})`

		`# These keys are optional`
		`@@ -162,12 +151,8 @@`
		`if not gitenv[key]:`
		`raise ValueError("Value for key %s unknown" % key)`

		`- if gitolite:`
		`- _log.debug("Running git via: %s", gitolite)`
		`- cmd = [gitolite]`
		`- else:`
		`- _log.debug("Running git via git directly")`
		`- cmd = ["/usr/bin/git", "http-backend"]`
		`+ _log.debug("Running git via git directly")`
		`+ cmd = ["/usr/bin/git", "http-backend"]`

		`# Note: using a temporary files to buffer the input contents`
		`# is non-ideal, but it is a way to make sure we don't need to have`

pagure/ui/fas_login.py

file modified

-1

		`@@ -85,7 +85,6 @@`
		`fullname=flask.g.fas_user.fullname,`
		`default_email=flask.g.fas_user.email,`
		`ssh_key=ssh_key,`
		`- keydir=pagure_config.get("GITOLITE_KEYDIR", None),`
		`)`
		`except pagure.exceptions.PagureException as err:`
		`message = str(err)`

pagure/ui/groups.py

file modified

-5

		`@@ -90,9 +90,6 @@`
		`is_admin=pagure.utils.is_admin(),`
		`)`
		`flask.g.session.commit()`
		`- pagure.lib.git.generate_gitolite_acls(`
		`- project=None, group=group.group_name`
		`- )`
		`flask.flash(msg)`
		`except pagure.exceptions.PagureException as err:`
		`flask.g.session.rollback()`
		`@@ -277,7 +274,6 @@`
		`is_admin=pagure.utils.is_admin(),`
		`)`
		`flask.g.session.commit()`
		`- pagure.lib.git.generate_gitolite_acls(project=None, group=group)`
		`flask.flash(`
		"User `%s` removed from the group `%s`" % (user, group)
		`)`
		`@@ -337,7 +333,6 @@`
		`flask.g.session.delete(group_obj)`

		`flask.g.session.commit()`
		`- pagure.lib.git.generate_gitolite_acls(project=None)`
		flask.flash("Group `%s` has been deleted" % (group))

		`return flask.redirect(flask.url_for("ui_ns.group_lists"))`

pagure/ui/oidc_login.py

file modified

-1

		`@@ -109,7 +109,6 @@`
		`fullname=flask.g.fas_user.fullname,`
		`default_email=flask.g.fas_user.email,`
		`ssh_key=flask.g.fas_user.get("ssh_key"),`
		`- keydir=pagure_config.get("GITOLITE_KEYDIR", None),`
		`)`

		`# If groups are managed outside pagure, set up the user at login`

pagure/ui/repo.py

file modified

-32

		`@@ -1732,22 +1732,6 @@`
		`):`
		`flask.abort(404)`

		`- if repo.read_only:`
		`- flask.flash(`
		`- "The ACLs of this project are being refreshed in the backend "`
		`- "this prevents the project from being deleted. Please wait "`
		`- "for this task to finish before trying again. Thanks!"`
		`- )`
		`- return flask.redirect(`
		`- flask.url_for(`
		`- "ui_ns.view_settings",`
		`- repo=repo.name,`
		`- username=username,`
		`- namespace=namespace,`
		`- )`
		`- + "#deleteproject-tab"`
		`- )`
		`-`
		`task = pagure.lib.tasks.delete_project.delay(`
		`namespace=repo.namespace,`
		`name=repo.name,`
		`@@ -1844,10 +1828,6 @@`

		`try:`
		`flask.g.session.commit()`
		`- pagure.lib.query.create_deploykeys_ssh_keys_on_disk(`
		`- repo, pagure_config.get("GITOLITE_KEYDIR", None)`
		`- )`
		`- pagure.lib.tasks.gitolite_post_compile_only.delay()`
		`if (`
		`pagure_config.get("GIT_AUTH_BACKEND")`
		`== "pagure_authorized_keys"`
		`@@ -1974,10 +1954,6 @@`
		`pushaccess=form.pushaccess.data,`
		`)`
		`flask.g.session.commit()`
		`- pagure.lib.query.create_deploykeys_ssh_keys_on_disk(`
		`- repo, pagure_config.get("GITOLITE_KEYDIR", None)`
		`- )`
		`- pagure.lib.tasks.gitolite_post_compile_only.delay()`
		`if (`
		`pagure_config.get("GIT_AUTH_BACKEND")`
		`== "pagure_authorized_keys"`
		`@@ -2069,7 +2045,6 @@`
		`required_groups=pagure_config.get("REQUIRED_GROUPS"),`
		`)`
		`flask.g.session.commit()`
		`- pagure.lib.git.generate_gitolite_acls(project=repo)`
		`flask.flash(msg)`
		`return flask.redirect(`
		`flask.url_for(`
		`@@ -2161,12 +2136,7 @@`
		`agent=flask.g.fas_user.username,`
		`),`
		`)`
		`- # Mark the project as read_only, celery will unmark it`
		`- pagure.lib.query.update_read_only_mode(`
		`- flask.g.session, repo, read_only=True`
		`- )`
		`flask.g.session.commit()`
		`- pagure.lib.git.generate_gitolite_acls(project=repo)`
		`flask.flash("Group removed")`
		`except SQLAlchemyError as err: # pragma: no cover`
		`flask.g.session.rollback()`
		`@@ -2242,7 +2212,6 @@`
		`is_admin=pagure.utils.is_admin(),`
		`)`
		`flask.g.session.commit()`
		`- pagure.lib.git.generate_gitolite_acls(project=repo)`
		`flask.flash(msg)`
		`return flask.redirect(`
		`flask.url_for(`
		`@@ -3179,7 +3148,6 @@`
		`"error",`
		`)`

		`- pagure.lib.git.generate_gitolite_acls(project=repo)`
		`flask.flash(`
		`"The project has been transferred to %s" % new_username`
		`)`

setup.py

file modified

-2

		`@@ -60,8 +60,6 @@`

		`[pagure.git_auth.helpers]`
		`test_auth = pagure.lib.git_auth:GitAuthTestHelper`
		`- gitolite2 = pagure.lib.git_auth:Gitolite2Auth`
		`- gitolite3 = pagure.lib.git_auth:Gitolite3Auth`
		`pagure = pagure.lib.git_auth:PagureGitAuth`
		`pagure_authorized_keys = pagure.lib.git_auth:PagureGitAuth`
		`""",`

tests/__init__.py

file modified

+1 -1

		`@@ -376,7 +376,7 @@`
		`"enable_tickets": True,`
		`"tickets_folder": "%s/repos/tickets" % self.path,`
		`"global_path": self.dbfolder,`
		`- "authbackend": "gitolite3",`
		`+ "authbackend": "pagure",`
		`"nogithooks": False,`
		`}`
		`config_values.update(self.config_values)`

tests/test_pagure_admin.py

file modified

-316

		`@@ -78,139 +78,6 @@`
		`self.assertEqual(output, "No admin tokens found\n")`


		`- class PagureAdminAdminRefreshGitolitetests(tests.Modeltests):`
		`- """Tests for pagure-admin refresh-gitolite"""`
		`-`
		`- populate_db = False`
		`-`
		`- def setUp(self):`
		`- """Set up the environnment, ran before every tests."""`
		`- super(PagureAdminAdminRefreshGitolitetests, self).setUp()`
		`- pagure.cli.admin.session = self.session`
		`-`
		`- # Create the user pingou`
		`- item = pagure.lib.model.User(`
		`- user="pingou",`
		`- fullname="PY C",`
		`- password="foo",`
		`- default_email="bar@pingou.com",`
		`- )`
		`- self.session.add(item)`
		`- item = pagure.lib.model.UserEmail(user_id=1, email="bar@pingou.com")`
		`- self.session.add(item)`
		`- self.session.commit()`
		`-`
		`- # Create a couple of projects`
		`- tests.create_projects(self.session)`
		`-`
		`- # Add a group`
		`- msg = pagure.lib.query.add_group(`
		`- self.session,`
		`- group_name="foo",`
		`- display_name="foo group",`
		`- description=None,`
		`- group_type="bar",`
		`- user="pingou",`
		`- is_admin=False,`
		`- blacklist=[],`
		`- )`
		`- self.session.commit()`
		- self.assertEqual(msg, "User `pingou` added to the group `foo`.")
		`-`
		`- # Make the imported pagure use the correct db session`
		`- pagure.cli.admin.session = self.session`
		`-`
		`- @patch("pagure.cli.admin._ask_confirmation")`
		`- @patch("pagure.lib.git_auth.get_git_auth_helper")`
		`- def test_do_refresh_gitolite_no_args(self, get_helper, conf):`
		`- """Test the do_generate_acl function with no special args."""`
		`- conf.return_value = True`
		`- helper = MagicMock()`
		`- get_helper.return_value = helper`
		`-`
		`- args = munch.Munch(`
		`- {"group": None, "project": None, "all_": False, "user": None}`
		`- )`
		`- pagure.cli.admin.do_generate_acl(args)`
		`-`
		`- get_helper.assert_called_with()`
		`- args = helper.generate_acls.call_args`
		`- self.assertIsNone(args[1].get("group"))`
		`- self.assertIsNone(args[1].get("project"))`
		`-`
		`- @patch("pagure.cli.admin._ask_confirmation")`
		`- @patch("pagure.lib.git_auth.get_git_auth_helper")`
		`- def test_do_refresh_gitolite_all_project(self, get_helper, conf):`
		`- """Test the do_generate_acl function for all projects."""`
		`- conf.return_value = True`
		`- helper = MagicMock()`
		`- get_helper.return_value = helper`
		`-`
		`- args = munch.Munch(`
		`- {"group": None, "project": None, "all_": True, "user": None}`
		`- )`
		`- pagure.cli.admin.do_generate_acl(args)`
		`-`
		`- get_helper.assert_called_with()`
		`- args = helper.generate_acls.call_args`
		`- self.assertIsNone(args[1].get("group"))`
		`- self.assertEqual(args[1].get("project"), -1)`
		`-`
		`- @patch("pagure.cli.admin._ask_confirmation")`
		`- @patch("pagure.lib.git_auth.get_git_auth_helper")`
		`- def test_do_refresh_gitolite_one_project(self, get_helper, conf):`
		`- """Test the do_generate_acl function for a certain project."""`
		`- conf.return_value = True`
		`- helper = MagicMock()`
		`- get_helper.return_value = helper`
		`-`
		`- args = munch.Munch(`
		`- {"group": None, "project": "test", "all_": False, "user": None}`
		`- )`
		`- pagure.cli.admin.do_generate_acl(args)`
		`-`
		`- get_helper.assert_called_with()`
		`- args = helper.generate_acls.call_args`
		`- self.assertIsNone(args[1].get("group"))`
		`- self.assertEqual(args[1].get("project").fullname, "test")`
		`-`
		`- @patch("pagure.cli.admin._ask_confirmation")`
		`- @patch("pagure.lib.git_auth.get_git_auth_helper")`
		`- def test_do_refresh_gitolite_one_project_and_all(self, get_helper, conf):`
		`- """Test the do_generate_acl function for a certain project and all."""`
		`- conf.return_value = True`
		`- helper = MagicMock()`
		`- get_helper.return_value = helper`
		`-`
		`- args = munch.Munch(`
		`- {"group": None, "project": "test", "all_": True, "user": None}`
		`- )`
		`- pagure.cli.admin.do_generate_acl(args)`
		`-`
		`- get_helper.assert_called_with()`
		`- args = helper.generate_acls.call_args`
		`- self.assertIsNone(args[1].get("group"))`
		`- self.assertEqual(args[1].get("project"), -1)`
		`-`
		`- @patch("pagure.cli.admin._ask_confirmation")`
		`- @patch("pagure.lib.git_auth.get_git_auth_helper")`
		`- def test_do_refresh_gitolite_one_group(self, get_helper, conf):`
		`- """Test the do_generate_acl function for a certain group."""`
		`- conf.return_value = True`
		`- helper = MagicMock()`
		`- get_helper.return_value = helper`
		`-`
		`- args = munch.Munch(`
		`- {"group": "foo", "project": None, "all_": False, "user": None}`
		`- )`
		`- pagure.cli.admin.do_generate_acl(args)`
		`-`
		`- get_helper.assert_called_with()`
		`- args = helper.generate_acls.call_args`
		`- self.assertEqual(args[1].get("group").group_name, "foo")`
		`- self.assertIsNone(args[1].get("project"))`
		`-`
		`-`
		`class PagureAdminAdminTokentests(tests.Modeltests):`
		`"""Tests for pagure-admin admin-token"""`

		`@@ -1168,187 +1035,6 @@`
		`)`


		`- class PagureAdminReadOnlyTests(tests.Modeltests):`
		`- """Tests for pagure-admin read-only"""`
		`-`
		`- populate_db = False`
		`-`
		`- def setUp(self):`
		`- """Set up the environnment, ran before every tests."""`
		`- super(PagureAdminReadOnlyTests, self).setUp()`
		`- pagure.cli.admin.session = self.session`
		`-`
		`- # Create the user pingou`
		`- item = pagure.lib.model.User(`
		`- user="pingou",`
		`- fullname="PY C",`
		`- password="foo",`
		`- default_email="bar@pingou.com",`
		`- )`
		`- self.session.add(item)`
		`- item = pagure.lib.model.UserEmail(user_id=1, email="bar@pingou.com")`
		`- self.session.add(item)`
		`-`
		`- # Create two projects for the user pingou`
		`- item = pagure.lib.model.Project(`
		`- user_id=1, # pingou`
		`- name="test",`
		`- description="namespaced test project",`
		`- hook_token="aaabbbeee",`
		`- namespace="somenamespace",`
		`- )`
		`- self.session.add(item)`
		`-`
		`- item = pagure.lib.model.Project(`
		`- user_id=1, # pingou`
		`- name="test",`
		`- description="Test project",`
		`- hook_token="aaabbbccc",`
		`- namespace=None,`
		`- )`
		`- self.session.add(item)`
		`-`
		`- self.session.commit()`
		`-`
		`- # Make the imported pagure use the correct db session`
		`- pagure.cli.admin.session = self.session`
		`-`
		`- def test_read_only_unknown_project(self):`
		`- """Test the read-only function of pagure-admin on an unknown`
		`- project.`
		`- """`
		`-`
		`- args = munch.Munch({"project": "foob", "user": None, "ro": None})`
		`- with self.assertRaises(pagure.exceptions.PagureException) as cm:`
		`- pagure.cli.admin.do_read_only(args)`
		`- self.assertEqual(`
		`- cm.exception.args[0], "No project found with: project=foob"`
		`- )`
		`-`
		`- def test_read_only_invalid_project(self):`
		`- """Test the read-only function of pagure-admin on an invalid`
		`- project.`
		`- """`
		`-`
		`- args = munch.Munch({"project": "fo/o/b", "user": None, "ro": None})`
		`- with self.assertRaises(pagure.exceptions.PagureException) as cm:`
		`- pagure.cli.admin.do_read_only(args)`
		`- self.assertEqual(`
		`- cm.exception.args[0],`
		`- 'Invalid project name, has more than one "/": fo/o/b',`
		`- )`
		`-`
		`- def test_read_only(self):`
		`- """Test the read-only function of pagure-admin to get status of`
		`- a non-namespaced project.`
		`- """`
		`-`
		`- args = munch.Munch({"project": "test", "user": None, "ro": None})`
		`- with tests.capture_output() as output:`
		`- pagure.cli.admin.do_read_only(args)`
		`- output = output.getvalue()`
		`- self.assertEqual(`
		`- "The current read-only flag of the project test is set to True\n",`
		`- output,`
		`- )`
		`-`
		`- def test_read_only_namespace(self):`
		`- """Test the read-only function of pagure-admin to get status of`
		`- a namespaced project.`
		`- """`
		`-`
		`- args = munch.Munch(`
		`- {"project": "somenamespace/test", "user": None, "ro": None}`
		`- )`
		`- with tests.capture_output() as output:`
		`- pagure.cli.admin.do_read_only(args)`
		`- output = output.getvalue()`
		`- self.assertEqual(`
		`- "The current read-only flag of the project somenamespace/test "`
		`- "is set to True\n",`
		`- output,`
		`- )`
		`-`
		`- def test_read_only_namespace_changed(self):`
		`- """Test the read-only function of pagure-admin to set the status of`
		`- a namespaced project.`
		`- """`
		`-`
		`- # Before`
		`- args = munch.Munch(`
		`- {"project": "somenamespace/test", "user": None, "ro": None}`
		`- )`
		`- with tests.capture_output() as output:`
		`- pagure.cli.admin.do_read_only(args)`
		`- output = output.getvalue()`
		`- self.assertEqual(`
		`- "The current read-only flag of the project somenamespace/test "`
		`- "is set to True\n",`
		`- output,`
		`- )`
		`-`
		`- args = munch.Munch(`
		`- {"project": "somenamespace/test", "user": None, "ro": "false"}`
		`- )`
		`- with tests.capture_output() as output:`
		`- pagure.cli.admin.do_read_only(args)`
		`- output = output.getvalue()`
		`- self.assertEqual(`
		`- "The read-only flag of the project somenamespace/test has been "`
		`- "set to False\n",`
		`- output,`
		`- )`
		`-`
		`- # After`
		`- args = munch.Munch(`
		`- {"project": "somenamespace/test", "user": None, "ro": None}`
		`- )`
		`- with tests.capture_output() as output:`
		`- pagure.cli.admin.do_read_only(args)`
		`- output = output.getvalue()`
		`- self.assertEqual(`
		`- "The current read-only flag of the project somenamespace/test "`
		`- "is set to False\n",`
		`- output,`
		`- )`
		`-`
		`- def test_read_only_no_change(self):`
		`- """Test the read-only function of pagure-admin to set the status of`
		`- a namespaced project.`
		`- """`
		`-`
		`- # Before`
		`- args = munch.Munch({"project": "test", "user": None, "ro": None})`
		`- with tests.capture_output() as output:`
		`- pagure.cli.admin.do_read_only(args)`
		`- output = output.getvalue()`
		`- self.assertEqual(`
		`- "The current read-only flag of the project test "`
		`- "is set to True\n",`
		`- output,`
		`- )`
		`-`
		`- args = munch.Munch({"project": "test", "user": None, "ro": "true"})`
		`- with tests.capture_output() as output:`
		`- pagure.cli.admin.do_read_only(args)`
		`- output = output.getvalue()`
		`- self.assertEqual(`
		`- "The read-only flag of the project test has been " "set to True\n",`
		`- output,`
		`- )`
		`-`
		`- # After`
		`- args = munch.Munch({"project": "test", "user": None, "ro": None})`
		`- with tests.capture_output() as output:`
		`- pagure.cli.admin.do_read_only(args)`
		`- output = output.getvalue()`
		`- self.assertEqual(`
		`- "The current read-only flag of the project test "`
		`- "is set to True\n",`
		`- output,`
		`- )`
		`-`
		`-`
		`class PagureNewGroupTests(tests.Modeltests):`
		`"""Tests for pagure-admin new-group"""`

		`@@ -2290,7 +1976,6 @@`
		`"create_project",`
		`"delete_git_alias",`
		`"fork_project",`
		`- "generate_acls_project",`
		`"group_modify",`
		`"internal_access",`
		`"issue_assign",`
		`@@ -2343,7 +2028,6 @@`
		`"delete_git_alias",`
		`"dummy_acls",`
		`"fork_project",`
		`- "generate_acls_project",`
		`"group_modify",`
		`"internal_access",`
		`"issue_assign",`

tests/test_pagure_flask_api_project.py

file modified

-116

		`@@ -42,15 +42,8 @@`

		`def setUp(self):`
		`super(PagureFlaskApiProjecttests, self).setUp()`
		`- self.gga_patcher = patch(`
		`- "pagure.lib.tasks.generate_gitolite_acls.delay"`
		`- )`
		`- self.mock_gen_acls = self.gga_patcher.start()`
		`- task_result = EagerResult("abc-1234", True, "SUCCESS")`
		`- self.mock_gen_acls.return_value = task_result`

		`def tearDown(self):`
		`- self.gga_patcher.stop()`
		`super(PagureFlaskApiProjecttests, self).tearDown()`

		`def test_api_git_tags(self):`
		`@@ -2521,115 +2514,6 @@`
		`data, {"error": "Project not found", "error_code": "ENOPROJECT"}`
		`)`

		`- def test_api_generate_acls(self):`
		`- """Test the api_generate_acls method of the flask api"""`
		`- tests.create_projects(self.session)`
		`- tests.create_tokens(self.session, project_id=None)`
		`- tests.create_tokens_acl(`
		`- self.session, "aaabbbcccddd", "generate_acls_project"`
		`- )`
		`- headers = {"Authorization": "token aaabbbcccddd"}`
		`-`
		`- user = pagure.lib.query.get_user(self.session, "pingou")`
		`- output = self.app.post(`
		`- "/api/0/test/git/generateacls",`
		`- headers=headers,`
		`- data={"wait": False},`
		`- )`
		`- self.assertEqual(output.status_code, 200)`
		`- data = json.loads(output.get_data(as_text=True))`
		`- expected_output = {`
		`- "message": "Project ACL generation queued",`
		`- "taskid": "abc-1234",`
		`- }`
		`- self.assertEqual(data, expected_output)`
		`- self.mock_gen_acls.assert_called_once_with(`
		`- name="test", namespace=None, user=None, group=None`
		`- )`
		`-`
		`- def test_api_generate_acls_json(self):`
		`- """Test the api_generate_acls method of the flask api using JSON"""`
		`- tests.create_projects(self.session)`
		`- tests.create_tokens(self.session, project_id=None)`
		`- tests.create_tokens_acl(`
		`- self.session, "aaabbbcccddd", "generate_acls_project"`
		`- )`
		`- headers = {`
		`- "Authorization": "token aaabbbcccddd",`
		`- "Content-Type": "application/json",`
		`- }`
		`-`
		`- user = pagure.lib.query.get_user(self.session, "pingou")`
		`-`
		`- output = self.app.post(`
		`- "/api/0/test/git/generateacls",`
		`- headers=headers,`
		`- data=json.dumps({"wait": False}),`
		`- )`
		`- self.assertEqual(output.status_code, 200)`
		`- data = json.loads(output.get_data(as_text=True))`
		`- expected_output = {`
		`- "message": "Project ACL generation queued",`
		`- "taskid": "abc-1234",`
		`- }`
		`- self.assertEqual(data, expected_output)`
		`- self.mock_gen_acls.assert_called_once_with(`
		`- name="test", namespace=None, user=None, group=None`
		`- )`
		`-`
		`- def test_api_generate_acls_wait_true(self):`
		`- """Test the api_generate_acls method of the flask api when wait is`
		`- set to True"""`
		`- tests.create_projects(self.session)`
		`- tests.create_tokens(self.session, project_id=None)`
		`- tests.create_tokens_acl(`
		`- self.session, "aaabbbcccddd", "generate_acls_project"`
		`- )`
		`- headers = {"Authorization": "token aaabbbcccddd"}`
		`-`
		`- task_result = Mock()`
		`- task_result.id = "abc-1234"`
		`- self.mock_gen_acls.return_value = task_result`
		`-`
		`- user = pagure.lib.query.get_user(self.session, "pingou")`
		`- output = self.app.post(`
		`- "/api/0/test/git/generateacls",`
		`- headers=headers,`
		`- data={"wait": True},`
		`- )`
		`- self.assertEqual(output.status_code, 200)`
		`- data = json.loads(output.get_data(as_text=True))`
		`- expected_output = {"message": "Project ACLs generated"}`
		`- self.assertEqual(data, expected_output)`
		`- self.mock_gen_acls.assert_called_once_with(`
		`- name="test", namespace=None, user=None, group=None`
		`- )`
		`- self.assertTrue(task_result.get.called)`
		`-`
		`- def test_api_generate_acls_no_project(self):`
		`- """Test the api_generate_acls method of the flask api when the project`
		`- doesn't exist"""`
		`- tests.create_projects(self.session)`
		`- tests.create_tokens(self.session, project_id=None)`
		`- tests.create_tokens_acl(`
		`- self.session, "aaabbbcccddd", "generate_acls_project"`
		`- )`
		`- headers = {"Authorization": "token aaabbbcccddd"}`
		`-`
		`- user = pagure.lib.query.get_user(self.session, "pingou")`
		`- output = self.app.post(`
		`- "/api/0/test12345123/git/generateacls",`
		`- headers=headers,`
		`- data={"wait": False},`
		`- )`
		`- self.assertEqual(output.status_code, 404)`
		`- data = json.loads(output.get_data(as_text=True))`
		`- expected_output = {`
		`- "error_code": "ENOPROJECT",`
		`- "error": "Project not found",`
		`- }`
		`- self.assertEqual(data, expected_output)`
		`-`
		`def test_api_new_git_branch(self):`
		`"""Test the api_new_branch method of the flask api"""`
		`tests.create_projects(self.session)`

tests/test_pagure_flask_api_project_delete_project.py

file modified

-11

		`@@ -60,7 +60,6 @@`
		`tests.create_tokens_acl(self.session, token_id="aaabbbcccddd_foo")`

		`project = pagure.lib.query.get_authorized_project(self.session, "test")`
		`- project.read_only = False`
		`self.session.add(project)`
		`self.session.commit()`

		`@@ -95,16 +94,6 @@`
		`)`
		`self.assertEqual(pagure.api.APIERROR.EINVALIDTOK.value, data["error"])`

		`- def test_delete_project_read_only_project(self):`
		`- headers = {"Authorization": "token aaabbbcccddd_test2"}`
		`-`
		`- output = self.app.post("/api/0/test2/delete", headers=headers)`
		`- self.assertEqual(output.status_code, 400)`
		`- data = json.loads(output.get_data(as_text=True))`
		`- self.assertEqual(pagure.api.APIERROR.ENOCODE.name, data["error_code"])`
		`- error = "The ACLs of this project are being refreshed in the backend this prevents the project from being deleted. Please wait for this task to finish before trying again. Thanks!"`
		`- self.assertEqual(data["error"], error)`
		`-`
		`def test_delete_project_not_allowed(self):`
		`headers = {"Authorization": "token aaabbbcccddd_foo"}`

tests/test_pagure_flask_ui_app_give_project.py

file modified

-5

		`@@ -216,7 +216,6 @@`
		`self._check_user()`

		`@patch.dict("pagure.config.config", {"PAGURE_ADMIN_USERS": "foo"})`
		`- @patch("pagure.lib.git.generate_gitolite_acls", MagicMock())`
		`def test_give_project_not_owner_but_admin(self):`
		`"""Test the give_project endpoint.`

		`@@ -248,7 +247,6 @@`
		`self._check_user("foo")`

		`@patch.dict("pagure.config.config", {"PAGURE_ADMIN_USERS": "foo"})`
		`- @patch("pagure.lib.git.generate_gitolite_acls", MagicMock())`
		`def test_give_project(self):`
		`"""Test the give_project endpoint."""`

		`@@ -280,7 +278,6 @@`
		`self.assertEqual(project.users[0].user, "pingou")`

		`@patch.dict("pagure.config.config", {"PAGURE_ADMIN_USERS": "foo"})`
		`- @patch("pagure.lib.git.generate_gitolite_acls", MagicMock())`
		`def test_give_project_already_user(self):`
		`"""Test the give_project endpoint when the new main_admin is already`
		`a committer on the project."""`
		`@@ -325,7 +322,6 @@`
		`"pagure.config.config", {"REQUIRED_GROUPS": {"*": ["packager"]}}`
		`)`
		`@patch.dict("pagure.config.config", {"PAGURE_ADMIN_USERS": "foo"})`
		`- @patch("pagure.lib.git.generate_gitolite_acls", MagicMock())`
		`def test_give_project_not_in_required_group(self):`
		`"""Test the give_project endpoint."""`

		`@@ -355,7 +351,6 @@`
		`"pagure.config.config", {"REQUIRED_GROUPS": {"*": ["packager"]}}`
		`)`
		`@patch.dict("pagure.config.config", {"PAGURE_ADMIN_USERS": "foo"})`
		`- @patch("pagure.lib.git.generate_gitolite_acls", MagicMock())`
		`def test_give_project_in_required_group(self):`
		`"""Test the give_project endpoint."""`

tests/test_pagure_flask_ui_clone.py

file modified

-13

		`@@ -83,7 +83,6 @@`
		`{`
		`"ALLOW_HTTP_PULL_PUSH": True,`
		`"ALLOW_HTTP_PUSH": False,`
		`- "HTTP_REPO_ACCESS_GITOLITE": None,`
		`},`
		`)`
		`def test_http_push_disabled(self):`
		`@@ -102,7 +101,6 @@`
		`{`
		`"ALLOW_HTTP_PULL_PUSH": True,`
		`"ALLOW_HTTP_PUSH": True,`
		`- "HTTP_REPO_ACCESS_GITOLITE": None,`
		`},`
		`)`
		`def test_http_push_unauthed(self):`
		`@@ -132,7 +130,6 @@`
		`{`
		`"ALLOW_HTTP_PULL_PUSH": True,`
		`"ALLOW_HTTP_PUSH": False,`
		`- "HTTP_REPO_ACCESS_GITOLITE": None,`
		`},`
		`)`
		`def test_http_clone(self):`
		`@@ -161,7 +158,6 @@`
		`{`
		`"ALLOW_HTTP_PULL_PUSH": True,`
		`"ALLOW_HTTP_PUSH": False,`
		`- "HTTP_REPO_ACCESS_GITOLITE": None,`
		`},`
		`)`
		`def test_http_clone_private(self):`
		`@@ -193,7 +189,6 @@`
		`{`
		`"ALLOW_HTTP_PULL_PUSH": True,`
		`"ALLOW_HTTP_PUSH": True,`
		`- "HTTP_REPO_ACCESS_GITOLITE": None,`
		`},`
		`)`
		`def test_http_push(self):`
		`@@ -212,7 +207,6 @@`
		`{`
		`"ALLOW_HTTP_PULL_PUSH": True,`
		`"ALLOW_HTTP_PUSH": True,`
		`- "HTTP_REPO_ACCESS_GITOLITE": None,`
		`},`
		`)`
		`def test_http_push_api_token(self):`
		`@@ -236,7 +230,6 @@`
		`{`
		`"ALLOW_HTTP_PULL_PUSH": True,`
		`"ALLOW_HTTP_PUSH": True,`
		`- "HTTP_REPO_ACCESS_GITOLITE": None,`
		`},`
		`)`
		`def test_http_push_projectless_api_token(self):`
		`@@ -264,7 +257,6 @@`
		`{`
		`"ALLOW_HTTP_PULL_PUSH": True,`
		`"ALLOW_HTTP_PUSH": True,`
		`- "HTTP_REPO_ACCESS_GITOLITE": None,`
		`},`
		`)`
		`def test_http_push__invalid_project_for_api_token(self):`
		`@@ -286,7 +278,6 @@`
		`{`
		`"ALLOW_HTTP_PULL_PUSH": True,`
		`"ALLOW_HTTP_PUSH": True,`
		`- "HTTP_REPO_ACCESS_GITOLITE": None,`
		`},`
		`)`
		`def test_http_push_api_token_invalid_user(self):`
		`@@ -308,7 +299,6 @@`
		`{`
		`"ALLOW_HTTP_PULL_PUSH": True,`
		`"ALLOW_HTTP_PUSH": True,`
		`- "HTTP_REPO_ACCESS_GITOLITE": None,`
		`},`
		`)`
		`def test_http_push_invalid_api_token(self):`
		`@@ -330,7 +320,6 @@`
		`{`
		`"ALLOW_HTTP_PULL_PUSH": True,`
		`"ALLOW_HTTP_PUSH": True,`
		`- "HTTP_REPO_ACCESS_GITOLITE": None,`
		`},`
		`)`
		`def test_http_push_invalid_acl_on_token(self):`
		`@@ -356,7 +345,6 @@`
		`{`
		`"ALLOW_HTTP_PULL_PUSH": True,`
		`"ALLOW_HTTP_PUSH": True,`
		`- "HTTP_REPO_ACCESS_GITOLITE": None,`
		`"PAGURE_AUTH": "local",`
		`},`
		`)`
		`@@ -380,7 +368,6 @@`
		`{`
		`"ALLOW_HTTP_PULL_PUSH": True,`
		`"ALLOW_HTTP_PUSH": True,`
		`- "HTTP_REPO_ACCESS_GITOLITE": None,`
		`"PAGURE_AUTH": "local",`
		`},`
		`)`

tests/test_pagure_flask_ui_issues.py

file modified

-4

		`@@ -4864,10 +4864,6 @@`
		`user = tests.FakeUser()`
		`user.username = "pingou"`

		`- repo = pagure.lib.query._get_project(self.session, "test")`
		`- pagure.lib.query.update_read_only_mode(`
		`- self.session, repo, read_only=False`
		`- )`
		`pingou = pagure.lib.query.get_user(self.session, "pingou")`
		`pagure.lib.query.add_sshkey_to_project_or_user(`
		`session=self.session,`

tests/test_pagure_flask_ui_repo.py

file modified

+2 -142

		`@@ -1880,9 +1880,8 @@`
		`output = self.app.get("/test/settings")`
		`self.assertEqual(output.status_code, 200)`

		`- @patch("pagure.lib.git.generate_gitolite_acls")`
		`@patch("pagure.decorators.admin_session_timedout")`
		`- def test_view_settings_pr_only(self, ast, gen_acl):`
		`+ def test_view_settings_pr_only(self, ast):`
		`"""Test the view_settings endpoint when turning on PR only."""`
		`ast.return_value = False`
		`tests.create_projects(self.session)`
		`@@ -1948,15 +1947,6 @@`
		`output_text,`
		`)`

		`- repo = pagure.lib.query.get_authorized_project(`
		`- self.session, "test"`
		`- )`
		`- self.assertEqual(gen_acl.call_count, 1)`
		`- args = gen_acl.call_args`
		`- self.assertEqual(args[0], tuple())`
		`- self.assertListEqual(list(args[1]), ["project"])`
		`- self.assertEqual(args[1]["project"].fullname, "test")`
		`-`
		`@patch("pagure.decorators.admin_session_timedout")`
		`def test_fields_in_view_settings(self, ast):`
		`"""Test the default fields in view_settings endpoint."""`
		`@@ -2151,11 +2141,6 @@`
		`creator=pingou,`
		`)`
		`self.session.commit()`
		`- repo = pagure.lib.query._get_project(self.session, "test")`
		`- pagure.lib.query.update_read_only_mode(`
		`- self.session, repo, read_only=False`
		`- )`
		`- self.session.commit()`
		`user = tests.FakeUser(username="pingou")`
		`with tests.user_set(self.app.application, user):`
		`output = self.app.get("/test")`
		`@@ -2219,32 +2204,6 @@`
		`output_text,`
		`)`

		`- def test_view_repo_read_only_no_ssh_url(self):`
		`- """Test viewing repo that is still readonly and thus user`
		`- should see a message instead of url for SSH cloning."""`
		`- tests.create_projects(self.session)`
		`- tests.create_projects_git(os.path.join(self.path, "repos"), bare=True)`
		`- repo = pagure.lib.query._get_project(self.session, "test")`
		`- pagure.lib.query.update_read_only_mode(`
		`- self.session, repo, read_only=True`
		`- )`
		`- pingou = pagure.lib.query.get_user(self.session, "pingou")`
		`- pagure.lib.query.add_sshkey_to_project_or_user(`
		`- session=self.session,`
		`- user=pingou,`
		`- ssh_key="ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDAzBMSIlvPRaEiLOTVInErkRIw9CzQQcnslDekAn1jFnGf+SNa1acvbTiATbCX71AA03giKrPxPH79dxcC7aDXerc6zRcKjJs6MAL9PrCjnbyxCKXRNNZU5U9X/DLaaL1b3caB+WD6OoorhS3LTEtKPX8xyjOzhf3OQSzNjhJp5Q==",`
		`- pushaccess=True,`
		`- creator=pingou,`
		`- )`
		`- self.session.commit()`
		`- user = tests.FakeUser(username="pingou")`
		`-`
		`- with tests.user_set(self.app.application, user):`
		`- output = self.app.get("/test")`
		`- self.assertEqual(output.status_code, 200)`
		`- output_text = output.get_data(as_text=True)`
		`- self.assertIn("Cloning over SSH is disabled.", output_text)`
		`-`
		`def test_view_repo(self):`
		`"""Test the view_repo endpoint."""`

		`@@ -3896,12 +3855,6 @@`
		`output = self.app.post("/test/delete")`
		`self.assertEqual(output.status_code, 302)`

		`- # Ensure the project isn't read-only`
		`- repo = pagure.lib.query.get_authorized_project(self.session, "test")`
		`- repo.read_only = False`
		`- self.session.add(repo)`
		`- self.session.commit()`
		`-`
		`with tests.user_set(self.app.application, user):`
		`# Only git repo`
		`output = self.app.post("/test/delete", follow_redirects=True)`
		`@@ -4094,55 +4047,6 @@`
		`)`
		`self.assertEqual(output.status_code, 404)`

		`- @patch("pagure.lib.notify.send_email")`
		`- @patch("pagure.decorators.admin_session_timedout")`
		`- def test_delete_read_only_repo(self, ast, send_email):`
		`- """Test the delete_repo endpoint when the repo is read_only"""`
		`- ast.return_value = False`
		`- send_email.return_value = True`
		`-`
		`- tests.create_projects(self.session)`
		`- tests.create_projects_git(os.path.join(self.path, "repos"))`
		`-`
		`- # Create all the git repos`
		`- tests.create_projects_git(os.path.join(self.path, "repos"))`
		`- tests.create_projects_git(os.path.join(self.path, "docs"))`
		`- tests.create_projects_git(`
		`- os.path.join(self.path, "tickets"), bare=True`
		`- )`
		`- tests.create_projects_git(`
		`- os.path.join(self.path, "requests"), bare=True`
		`- )`
		`-`
		`- user = tests.FakeUser(username="pingou")`
		`- with tests.user_set(self.app.application, user):`
		`-`
		`- repo = pagure.lib.query.get_authorized_project(`
		`- self.session, "test"`
		`- )`
		`- self.assertNotEqual(repo, None)`
		`- repo.read_only = True`
		`- self.session.add(repo)`
		`- self.session.commit()`
		`-`
		`- output = self.app.post("/test/delete", follow_redirects=True)`
		`- self.assertEqual(output.status_code, 200)`
		`- output_text = output.get_data(as_text=True)`
		`- self.assertIn(`
		`- "<title>Settings - test - Pagure</title>", output_text`
		`- )`
		`- self.assertIn(`
		`- "The ACLs of this project are being refreshed in the "`
		`- "backend this prevents the project from being deleted. "`
		`- "Please wait for this task to finish before trying again. "`
		`- "Thanks!",`
		`- output_text,`
		`- )`
		`- self.assertIn(`
		`- 'title="Action disabled while project\'s ACLs are being refreshed">',`
		`- output_text,`
		`- )`
		`-`
		`@patch("pagure.lib.notify.send_email", MagicMock(return_value=True))`
		`@patch("pagure.decorators.admin_session_timedout")`
		`def test_delete_repo(self, ast):`
		`@@ -4170,12 +4074,6 @@`
		`output = self.app.post("/test/delete")`
		`self.assertEqual(output.status_code, 302)`

		`- # Ensure the project isn't read-only`
		`- repo = pagure.lib.query.get_authorized_project(self.session, "test")`
		`- repo.read_only = False`
		`- self.session.add(repo)`
		`- self.session.commit()`
		`-`
		`user = tests.FakeUser(username="pingou")`
		`with tests.user_set(self.app.application, user):`
		`tests.create_projects_git(os.path.join(self.path, "repos"))`
		`@@ -4219,7 +4117,6 @@`
		`name="test",`
		`description="test project #1",`
		`hook_token="aaabbbggg",`
		`- read_only=False,`
		`)`
		`self.session.add(item)`
		`self.session.commit()`
		`@@ -4259,7 +4156,6 @@`
		`name="test",`
		`description="test project #1",`
		`hook_token="aaabbbhhh",`
		`- read_only=False,`
		`)`
		`self.session.add(item)`
		`self.session.commit()`
		`@@ -4299,7 +4195,6 @@`
		`name="test",`
		`description="test project #1",`
		`hook_token="aaabbbiii",`
		`- read_only=False,`
		`)`
		`self.session.add(item)`
		`self.session.commit()`
		`@@ -4482,7 +4377,6 @@`
		`is_fork=True,`
		`parent_id=2,`
		`hook_token="aaabbbjjj",`
		`- read_only=False,`
		`)`
		`self.session.add(item)`
		`self.session.commit()`
		`@@ -4570,12 +4464,6 @@`
		`tests.create_projects(self.session)`
		`tests.create_projects_git(os.path.join(self.path, "repos"))`

		`- # Ensure the project isn't read-only`
		`- repo = pagure.lib.query.get_authorized_project(self.session, "test")`
		`- repo.read_only = False`
		`- self.session.add(repo)`
		`- self.session.commit()`
		`-`
		`user = tests.FakeUser(username="pingou")`
		`with tests.user_set(self.app.application, user):`
		`# Check before deleting the project`
		`@@ -4646,7 +4534,6 @@`
		`name="test",`
		`description="test project #1",`
		`hook_token="aaabbbiii",`
		`- read_only=False,`
		`)`
		`self.session.add(item)`
		`self.session.commit()`
		`@@ -4690,15 +4577,6 @@`
		`self.session.commit()`
		`self.assertEqual(msg, "User added")`

		`- # Ensure the project isn't read-only (because adding an user`
		`- # will trigger an ACL refresh, thus read-only)`
		`- repo = pagure.lib.query.get_authorized_project(`
		`- self.session, "test"`
		`- )`
		`- repo.read_only = False`
		`- self.session.add(repo)`
		`- self.session.commit()`
		`-`
		`# Check before deleting the project`
		`output = self.app.get("/", follow_redirects=True)`
		`self.assertEqual(output.status_code, 200)`
		`@@ -4776,7 +4654,6 @@`
		`name="test",`
		`description="test project #1",`
		`hook_token="aaabbbiii",`
		`- read_only=False,`
		`)`
		`self.session.add(item)`
		`self.session.commit()`
		`@@ -4834,15 +4711,6 @@`
		`self.session.commit()`
		`self.assertEqual(msg, "Group added")`

		`- # Ensure the project isn't read-only (because adding a group`
		`- # will trigger an ACL refresh, thus read-only)`
		`- repo = pagure.lib.query.get_authorized_project(`
		`- self.session, "test"`
		`- )`
		`- repo.read_only = False`
		`- self.session.add(repo)`
		`- self.session.commit()`
		`-`
		`# check if group where we expect it`
		`repo = pagure.lib.query.get_authorized_project(`
		`self.session, "test"`
		`@@ -4918,7 +4786,6 @@`
		`name="test",`
		`description="test project #1",`
		`hook_token="aaabbbiii",`
		`- read_only=False,`
		`)`
		`self.session.add(item)`
		`self.session.commit()`
		`@@ -5818,7 +5685,7 @@`
		`self.assertIn("<strong>Create a new token</strong>", output_text)`
		`self.assertEqual(`
		`output_text.count('<label class="c-input c-checkbox">'),`
		`- len(pagure.config.config["ACLS"].keys()) - 2,`
		`+ len(pagure.config.config["ACLS"].keys()) - 1,`
		`)`

		`@patch.dict("pagure.config.config", {"USER_ACLS": ["create_project"]})`
		`@@ -7088,13 +6955,6 @@`
		`tests.create_projects_git(os.path.join(self.path, "repos"))`
		`pingou = pagure.lib.query.get_user(self.session, "pingou")`

		`- # Make the repo not read-only`
		`- repo = pagure.lib.query._get_project(self.session, "test")`
		`- pagure.lib.query.update_read_only_mode(`
		`- self.session, repo, read_only=False`
		`- )`
		`- self.session.commit()`
		`-`
		`# Add a group and make pingou a member of it`
		`item = pagure.lib.model.PagureGroup(`
		`group_name="packager",`

tests/test_pagure_flask_ui_repo_delete_project.py

file modified

-77

		`@@ -134,43 +134,6 @@`
		`projects = pagure.lib.query.search_projects(self.session)`
		`self.assertEqual(len(projects), 4)`

		`- @patch.dict("pagure.config.config", {"ENABLE_DEL_PROJECTS": False})`
		`- @patch.dict("pagure.config.config", {"ENABLE_DEL_FORKS": True})`
		`- @patch("pagure.lib.notify.send_email", MagicMock(return_value=True))`
		`- @patch(`
		`- "pagure.decorators.admin_session_timedout",`
		`- MagicMock(return_value=False),`
		`- )`
		`- def test_delete_fork_when_project_off_refreshing(self):`
		`- """Test the delete_repo endpoint for a fork when only deleting main`
		`- project is forbidden but the fork is being refreshed in the backend`
		`- """`
		`- project = pagure.lib.query.get_authorized_project(`
		`- self.session, project_name="test", user="pingou"`
		`- )`
		`- self.assertIsNotNone(project)`
		`- # Ensure the project isn't read-only`
		`- project.read_only = True`
		`- self.session.add(project)`
		`- self.session.commit()`
		`-`
		`- user = tests.FakeUser(username="pingou")`
		`- with tests.user_set(self.app.application, user):`
		`- output = self.app.post(`
		`- "/fork/pingou/test/delete", follow_redirects=True`
		`- )`
		`- self.assertEqual(output.status_code, 200)`
		`- self.assertIn(`
		`- "The ACLs of this project "`
		`- "are being refreshed in the backend this prevents the "`
		`- "project from being deleted. Please wait for this task to "`
		`- "finish before trying again. Thanks!",`
		`- output.get_data(as_text=True),`
		`- )`
		`-`
		`- projects = pagure.lib.query.search_projects(self.session)`
		`- self.assertEqual(len(projects), 4)`
		`-`
		`@patch.dict(`
		`"pagure.config.config", {"FEDORA_MESSAGING_NOTIFICATIONS": True}`
		`)`
		`@@ -374,43 +337,3 @@`

		`projects = pagure.lib.query.search_projects(self.session)`
		`self.assertEqual(len(projects), 4)`
		`-`
		`- @patch.dict("pagure.config.config", {"ENABLE_DEL_PROJECTS": False})`
		`- @patch.dict("pagure.config.config", {"ENABLE_DEL_FORKS": True})`
		`- @patch("pagure.lib.notify.send_email", MagicMock(return_value=True))`
		`- @patch(`
		`- "pagure.decorators.admin_session_timedout",`
		`- MagicMock(return_value=False),`
		`- )`
		`- def test_delete_fork_button_fork_del_allowed_read_only(self):`
		`- """Test that the delete button is absent when deletions of projects`
		`- is not allowed but deletions of forks is but fork is still being`
		`- processed.`
		`- """`
		`-`
		`- project = pagure.lib.query.get_authorized_project(`
		`- self.session, project_name="test", user="pingou"`
		`- )`
		`- self.assertIsNotNone(project)`
		`- # Ensure the project is read-only`
		`- project.read_only = True`
		`- self.session.add(project)`
		`- self.session.commit()`
		`-`
		`- user = tests.FakeUser(username="pingou")`
		`- with tests.user_set(self.app.application, user):`
		`- output = self.app.get("/fork/pingou/test/settings")`
		`- self.assertEqual(output.status_code, 200)`
		`- self.assertNotIn(`
		`- '<form action="/fork/pingou/test/delete"',`
		`- output.get_data(as_text=True),`
		`- )`
		`- self.assertIn(`
		`- "title=\"Action disabled while project's ACLs are being "`
		`- 'refreshed">',`
		`- output.get_data(as_text=True),`
		`- )`
		`- self.assertIn(`
		`- "  Delete the forks/pingou/test project",`
		`- output.get_data(as_text=True),`
		`- )`

tests/test_pagure_lib.py

file modified

-201

		`@@ -2094,7 +2094,6 @@`
		`username="skvidal",`
		`fullname="Seth",`
		`default_email="skvidal@fp.o",`
		`- keydir=pagure.config.config.get("GITOLITE_KEYDIR", None),`
		`ssh_key="ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDtgzSO9d1IrKdmyBFUvtAJPLgGOhp0lSySkWRSe+/+3KXYjSnsLnCJQlO5M7JfaXhtTHEow86rh4W9+FoJdzo5iocAwH5xPZ5ttHLy7VHgTzNMUeMgKpjy6bBOdPoGPPG4mo7QCMCRJdWBRDv4OSEMLU5jQAvC272YK2V8L918VQ== root@test",`
		`)`
		`self.session.commit()`
		`@@ -2118,7 +2117,6 @@`
		`username="skvidal",`
		`fullname="Seth V",`
		`default_email="skvidal@fp.o",`
		`- keydir=pagure.config.config.get("GITOLITE_KEYDIR", None),`
		`)`
		`self.session.commit()`
		`# Nothing changed`
		`@@ -2136,7 +2134,6 @@`
		`username="skvidal",`
		`fullname="Seth",`
		`default_email="svidal@fp.o",`
		`- keydir=pagure.config.config.get("GITOLITE_KEYDIR", None),`
		`)`
		`self.session.commit()`
		`# Email added`
		`@@ -2153,7 +2150,6 @@`
		`username="skvidal",`
		`fullname="Seth",`
		`default_email="svidal@example.o",`
		`- keydir=pagure.config.config.get("GITOLITE_KEYDIR", None),`
		`)`
		`self.session.commit()`
		`# Email should not be added`
		`@@ -2186,7 +2182,6 @@`
		`username="skvidal",`
		`fullname="Seth",`
		`default_email="skvidal@fp.o",`
		`- keydir=pagure.config.config.get("GITOLITE_KEYDIR", None),`
		`)`
		`self.session.commit()`

		`@@ -2196,7 +2191,6 @@`
		`username="skvidal",`
		`fullname="Seth",`
		`default_email="skvidal@example.c",`
		`- keydir=pagure.config.config.get("GITOLITE_KEYDIR", None),`
		`)`
		`self.session.commit()`
		`# Email added`
		`@@ -2213,7 +2207,6 @@`
		`username="skvidal",`
		`fullname="Seth",`
		`default_email="svidal@example.o",`
		`- keydir=pagure.config.config.get("GITOLITE_KEYDIR", None),`
		`)`
		`self.session.commit()`
		`# Email should not be added`
		`@@ -5291,157 +5284,6 @@`
		`)`
		`self.assertEqual(key[3], "(RSA)")`

		`- def test_create_deploykeys_ssh_keys_on_disk_empty(self):`
		`- """Test the create_deploykeys_ssh_keys_on_disk function of`
		`- pagure.lib.query."""`
		`- self.assertIsNone(`
		`- pagure.lib.query.create_deploykeys_ssh_keys_on_disk(None, None)`
		`- )`
		`- self.assertFalse(`
		`- os.path.exists(os.path.join(self.path, "deploykeys", "test"))`
		`- )`
		`-`
		`- def test_create_deploykeys_ssh_keys_on_disk_nokey(self):`
		`- """Test the create_deploykeys_ssh_keys_on_disk function of`
		`- pagure.lib.query."""`
		`- tests.create_projects(self.session)`
		`- project = pagure.lib.query._get_project(self.session, "test")`
		`-`
		`- self.assertIsNone(`
		`- pagure.lib.query.create_deploykeys_ssh_keys_on_disk(`
		`- project, self.path`
		`- )`
		`- )`
		`- self.assertTrue(`
		`- os.path.exists(os.path.join(self.path, "deploykeys", "test"))`
		`- )`
		`- self.assertEqual(`
		`- os.listdir(os.path.join(self.path, "deploykeys", "test")), []`
		`- )`
		`-`
		`- @patch(`
		`- "pagure.lib.query.is_valid_ssh_key", MagicMock(return_value="foo bar")`
		`- )`
		`- def test_create_deploykeys_ssh_keys_on_disk(self):`
		`- """Test the create_deploykeys_ssh_keys_on_disk function of`
		`- pagure.lib.query."""`
		`- tests.create_projects(self.session)`
		`- project = pagure.lib.query._get_project(self.session, "test")`
		`-`
		`- # Add a deploy key to the project`
		`- pingou = pagure.lib.query.get_user(self.session, "pingou")`
		`- msg = pagure.lib.query.add_sshkey_to_project_or_user(`
		`- self.session,`
		`- project=project,`
		`- ssh_key="foo bar",`
		`- pushaccess=False,`
		`- creator=pingou,`
		`- )`
		`- self.assertEqual(msg, "SSH key added")`
		`-`
		`- self.assertIsNone(`
		`- pagure.lib.query.create_deploykeys_ssh_keys_on_disk(`
		`- project, self.path`
		`- )`
		`- )`
		`- self.assertTrue(`
		`- os.path.exists(os.path.join(self.path, "deploykeys", "test"))`
		`- )`
		`- self.assertEqual(`
		`- os.listdir(os.path.join(self.path, "deploykeys", "test")),`
		`- ["deploykey_test_1.pub"],`
		`- )`
		`-`
		`- # Remove the deploykey`
		`- project = pagure.lib.query._get_project(self.session, "test")`
		`- self.session.delete(project.deploykeys[0])`
		`- self.session.commit()`
		`-`
		`- # Remove the file on disk`
		`- self.assertIsNone(`
		`- pagure.lib.query.create_deploykeys_ssh_keys_on_disk(`
		`- project, self.path`
		`- )`
		`- )`
		`- self.assertTrue(`
		`- os.path.exists(os.path.join(self.path, "deploykeys", "test"))`
		`- )`
		`- self.assertEqual(`
		`- os.listdir(os.path.join(self.path, "deploykeys", "test")), []`
		`- )`
		`-`
		`- @patch(`
		`- "pagure.lib.query.is_valid_ssh_key",`
		`- MagicMock(return_value="\nfoo bar"),`
		`- )`
		`- def test_create_deploykeys_ssh_keys_on_disk_empty_first_key(self):`
		`- """Test the create_deploykeys_ssh_keys_on_disk function of`
		`- pagure.lib.query."""`
		`- tests.create_projects(self.session)`
		`- project = pagure.lib.query._get_project(self.session, "test")`
		`-`
		`- # Add a deploy key to the project`
		`- new_key_obj = pagure.lib.model.SSHKey(`
		`- project_id=project.id,`
		`- pushaccess=False,`
		`- public_ssh_key="\n foo bar",`
		`- ssh_short_key="\n foo bar",`
		`- ssh_search_key="\n foo bar",`
		`- creator_user_id=1, # pingou`
		`- )`
		`-`
		`- self.session.add(new_key_obj)`
		`- self.session.commit()`
		`-`
		`- self.assertIsNone(`
		`- pagure.lib.query.create_deploykeys_ssh_keys_on_disk(`
		`- project, self.path`
		`- )`
		`- )`
		`- self.assertTrue(`
		`- os.path.exists(os.path.join(self.path, "deploykeys", "test"))`
		`- )`
		`- self.assertEqual(`
		`- os.listdir(os.path.join(self.path, "deploykeys", "test")), []`
		`- )`
		`-`
		`- def test_create_deploykeys_ssh_keys_on_disk_invalid(self):`
		`- """Test the create_deploykeys_ssh_keys_on_disk function of`
		`- pagure.lib.query."""`
		`- tests.create_projects(self.session)`
		`- project = pagure.lib.query._get_project(self.session, "test")`
		`-`
		`- # Add a deploy key to the project`
		`- new_key_obj = pagure.lib.model.SSHKey(`
		`- project_id=project.id,`
		`- pushaccess=False,`
		`- public_ssh_key="foo bar",`
		`- ssh_short_key="foo bar",`
		`- ssh_search_key="foo bar",`
		`- creator_user_id=1, # pingou`
		`- )`
		`-`
		`- self.session.add(new_key_obj)`
		`- self.session.commit()`
		`-`
		`- self.assertIsNone(`
		`- pagure.lib.query.create_deploykeys_ssh_keys_on_disk(`
		`- project, self.path`
		`- )`
		`- )`
		`- self.assertTrue(`
		`- os.path.exists(os.path.join(self.path, "deploykeys", "test"))`
		`- )`
		`- self.assertEqual(`
		`- os.listdir(os.path.join(self.path, "deploykeys", "test")), []`
		`- )`
		`-`
		`- def test_create_user_ssh_keys_on_disk_none(self):`
		`- """Test the create_user_ssh_keys_on_disk function of pagure.lib.query."""`
		`- self.assertIsNone(`
		`- pagure.lib.query.create_user_ssh_keys_on_disk(None, None)`
		`- )`
		`-`
		`def test_update_user_settings_invalid_user(self):`
		`"""Test the update_user_settings function of pagure.lib.query."""`
		`self.assertRaises(`
		`@@ -5559,23 +5401,6 @@`
		`# Check emails after`
		`self.assertEqual(len(user.emails), 4)`

		`- @patch(`
		`- "pagure.lib.query.is_valid_ssh_key", MagicMock(return_value="foo bar")`
		`- )`
		`- def test_update_user_ssh_valid_key(self):`
		`- """Test the update_user_ssh function of pagure.lib.query."""`
		`- pagure.SESSION = self.session`
		`-`
		`- pagure.lib.query.update_user_ssh(`
		`- self.session, user="pingou", ssh_key="foo key", keydir=self.path`
		`- )`
		`- self.session.commit()`
		`-`
		`- self.assertTrue(os.path.exists(os.path.join(self.path, "keys_0")))`
		`- self.assertEqual(`
		`- os.listdir(os.path.join(self.path, "keys_0")), ["pingou.pub"]`
		`- )`
		`-`
		`def test_add_user_pending_email_existing_email(self):`
		`"""Test the add_user_pending_email function of pagure.lib.query."""`
		`user = pagure.lib.query.search_user(self.session, username="pingou")`
		`@@ -5658,7 +5483,6 @@`
		`"create_project",`
		`"delete_git_alias",`
		`"fork_project",`
		`- "generate_acls_project",`
		`"group_modify",`
		`"internal_access",`
		`"issue_assign",`
		`@@ -6069,31 +5893,6 @@`
		`)`
		`self.assertEqual(len(out), 0)`

		`- def test_update_read_only_mode(self):`
		`- """Test the update_read_only_mode method of pagure.lib"""`
		`-`
		`- tests.create_projects(self.session)`
		`-`
		`- project_obj = pagure.lib.query._get_project(self.session, "test")`
		`- # Default mode of project is read only`
		`- self.assertEqual(project_obj.read_only, True)`
		`-`
		`- # Remove read only`
		`- pagure.lib.query.update_read_only_mode(`
		`- self.session, project_obj, False`
		`- )`
		`- self.session.commit()`
		`-`
		`- project_obj = pagure.lib.query._get_project(self.session, "test")`
		`- self.assertEqual(project_obj.read_only, False)`
		`-`
		`- # Try reversing it back`
		`- pagure.lib.query.update_read_only_mode(self.session, project_obj, True)`
		`- self.session.commit()`
		`-`
		`- project_obj = pagure.lib.query._get_project(self.session, "test")`
		`- self.assertEqual(project_obj.read_only, True)`
		`-`

		`if __name__ == "__main__":`
		`unittest.main(verbosity=2)`

tests/test_pagure_lib_git.py

file modified

-1345

		`@@ -37,1329 +37,6 @@`

		`maxDiff = None`

		`- def test_write_gitolite_acls(self):`
		`- """Test the write_gitolite_acls function of pagure.lib.git.`
		`- when the new uesr is an made an admin"""`
		`- tests.create_projects(self.session)`
		`-`
		`- repo = pagure.lib.query.get_authorized_project(self.session, "test")`
		`- # Add an user to a project`
		`- # The user will be an admin of the project`
		`- msg = pagure.lib.query.add_user_to_project(`
		`- session=self.session, project=repo, new_user="foo", user="pingou"`
		`- )`
		`- self.session.commit()`
		`- self.assertEqual(msg, "User added")`
		`- # Add a forked project`
		`- item = pagure.lib.model.Project(`
		`- user_id=1, # pingou`
		`- name="test3",`
		`- description="test project #2",`
		`- is_fork=True,`
		`- parent_id=1,`
		`- hook_token="aaabbbvvv",`
		`- )`
		`- self.session.add(item)`
		`- self.session.commit()`
		`-`
		`- outputconf = os.path.join(self.path, "test_gitolite.conf")`
		`-`
		`- helper = pagure.lib.git_auth.get_git_auth_helper("gitolite3")`
		`- helper.write_gitolite_acls(`
		`- self.session, configfile=outputconf, project=-1`
		`- )`
		`-`
		`- self.assertTrue(os.path.exists(outputconf))`
		`-`
		`- with open(outputconf) as stream:`
		`- data = stream.read()`
		`-`
		`- exp = """repo test`
		`- R = @all`
		`- RW+ = pingou`
		`- RW+ = foo`
		`-`
		`- repo docs/test`
		`- R = @all`
		`- RW+ = pingou`
		`- RW+ = foo`
		`-`
		`- repo tickets/test`
		`- RW+ = pingou`
		`- RW+ = foo`
		`-`
		`- repo requests/test`
		`- RW+ = pingou`
		`- RW+ = foo`
		`-`
		`- repo test2`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo docs/test2`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo tickets/test2`
		`- RW+ = pingou`
		`-`
		`- repo requests/test2`
		`- RW+ = pingou`
		`-`
		`- repo somenamespace/test3`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo docs/somenamespace/test3`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo tickets/somenamespace/test3`
		`- RW+ = pingou`
		`-`
		`- repo requests/somenamespace/test3`
		`- RW+ = pingou`
		`-`
		`- repo forks/pingou/test3`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo docs/forks/pingou/test3`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo tickets/forks/pingou/test3`
		`- RW+ = pingou`
		`-`
		`- repo requests/forks/pingou/test3`
		`- RW+ = pingou`
		`-`
		`- # end of body`
		`- """`
		`- # print data`
		`- self.assertEqual(data, exp)`
		`-`
		`- os.unlink(outputconf)`
		`- self.assertFalse(os.path.exists(outputconf))`
		`-`
		`- def test_write_gitolite_acls_preconf(self):`
		`- """Test the write_gitolite_acls function of pagure.lib.git with`
		`- a preconf set"""`
		`- tests.create_projects(self.session)`
		`-`
		`- outputconf = os.path.join(self.path, "test_gitolite.conf")`
		`- preconf = os.path.join(self.path, "header_gitolite")`
		`- with open(preconf, "w") as stream:`
		`- stream.write("# this is a header that is manually added")`
		`-`
		`- helper = pagure.lib.git_auth.get_git_auth_helper("gitolite3")`
		`- helper.write_gitolite_acls(`
		`- self.session, outputconf, project=-1, preconf=preconf`
		`- )`
		`- self.assertTrue(os.path.exists(outputconf))`
		`-`
		`- with open(outputconf) as stream:`
		`- data = stream.read()`
		`-`
		`- exp = """# this is a header that is manually added`
		`- # end of header`
		`- repo test`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo docs/test`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo tickets/test`
		`- RW+ = pingou`
		`-`
		`- repo requests/test`
		`- RW+ = pingou`
		`-`
		`- repo test2`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo docs/test2`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo tickets/test2`
		`- RW+ = pingou`
		`-`
		`- repo requests/test2`
		`- RW+ = pingou`
		`-`
		`- repo somenamespace/test3`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo docs/somenamespace/test3`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo tickets/somenamespace/test3`
		`- RW+ = pingou`
		`-`
		`- repo requests/somenamespace/test3`
		`- RW+ = pingou`
		`-`
		`- # end of body`
		`- """`
		`- # print data`
		`- self.assertEqual(data.split("\n"), exp.split("\n"))`
		`-`
		`- os.unlink(outputconf)`
		`- self.assertFalse(os.path.exists(outputconf))`
		`-`
		`- def test_write_gitolite_acls_preconf_postconf(self):`
		`- """Test the write_gitolite_acls function of pagure.lib.git with`
		`- a postconf set"""`
		`- tests.create_projects(self.session)`
		`-`
		`- outputconf = os.path.join(self.path, "test_gitolite.conf")`
		`-`
		`- preconf = os.path.join(self.path, "header_gitolite")`
		`- with open(preconf, "w") as stream:`
		`- stream.write("# this is a header that is manually added")`
		`-`
		`- postconf = os.path.join(self.path, "footer_gitolite")`
		`- with open(postconf, "w") as stream:`
		`- stream.write("# end of generated configuration")`
		`-`
		`- helper = pagure.lib.git_auth.get_git_auth_helper("gitolite3")`
		`- helper.write_gitolite_acls(`
		`- self.session,`
		`- outputconf,`
		`- project=-1,`
		`- preconf=preconf,`
		`- postconf=postconf,`
		`- )`
		`- self.assertTrue(os.path.exists(outputconf))`
		`-`
		`- with open(outputconf) as stream:`
		`- data = stream.read()`
		`-`
		`- exp = """# this is a header that is manually added`
		`- # end of header`
		`- repo test`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo docs/test`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo tickets/test`
		`- RW+ = pingou`
		`-`
		`- repo requests/test`
		`- RW+ = pingou`
		`-`
		`- repo test2`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo docs/test2`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo tickets/test2`
		`- RW+ = pingou`
		`-`
		`- repo requests/test2`
		`- RW+ = pingou`
		`-`
		`- repo somenamespace/test3`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo docs/somenamespace/test3`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo tickets/somenamespace/test3`
		`- RW+ = pingou`
		`-`
		`- repo requests/somenamespace/test3`
		`- RW+ = pingou`
		`-`
		`- # end of body`
		`- # end of generated configuration`
		`- """`
		`- # print data`
		`- self.assertEqual(data, exp)`
		`-`
		`- os.unlink(outputconf)`
		`- self.assertFalse(os.path.exists(outputconf))`
		`-`
		`- def test_write_gitolite_acls_postconf(self):`
		`- """Test the write_gitolite_acls function of pagure.lib.git with`
		`- a preconf and a postconf set"""`
		`- tests.create_projects(self.session)`
		`-`
		`- outputconf = os.path.join(self.path, "test_gitolite.conf")`
		`- postconf = os.path.join(self.path, "footer_gitolite")`
		`- with open(postconf, "w") as stream:`
		`- stream.write("# end of generated configuration")`
		`-`
		`- helper = pagure.lib.git_auth.get_git_auth_helper("gitolite3")`
		`- helper.write_gitolite_acls(`
		`- self.session, outputconf, project=-1, postconf=postconf`
		`- )`
		`- self.assertTrue(os.path.exists(outputconf))`
		`-`
		`- with open(outputconf) as stream:`
		`- data = stream.read()`
		`-`
		`- exp = """repo test`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo docs/test`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo tickets/test`
		`- RW+ = pingou`
		`-`
		`- repo requests/test`
		`- RW+ = pingou`
		`-`
		`- repo test2`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo docs/test2`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo tickets/test2`
		`- RW+ = pingou`
		`-`
		`- repo requests/test2`
		`- RW+ = pingou`
		`-`
		`- repo somenamespace/test3`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo docs/somenamespace/test3`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo tickets/somenamespace/test3`
		`- RW+ = pingou`
		`-`
		`- repo requests/somenamespace/test3`
		`- RW+ = pingou`
		`-`
		`- # end of body`
		`- # end of generated configuration`
		`- """`
		`- # print data`
		`- self.assertEqual(data, exp)`
		`-`
		`- os.unlink(outputconf)`
		`- self.assertFalse(os.path.exists(outputconf))`
		`-`
		`- def test_write_gitolite_acls_deploykeys(self):`
		`- """Test write_gitolite_acls function to add deploy keys."""`
		`- tests.create_projects(self.session)`
		`-`
		`- repo = pagure.lib.query.get_authorized_project(self.session, "test")`
		`- # Add two deploy keys (one readonly one push)`
		`- pingou = pagure.lib.query.get_user(self.session, "pingou")`
		`- msg1 = pagure.lib.query.add_sshkey_to_project_or_user(`
		`- session=self.session,`
		`- project=repo,`
		`- ssh_key="ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDAzBMSIlvPRaEiLOTVInErkRIw9CzQQcnslDekAn1jFnGf+SNa1acvbTiATbCX71AA03giKrPxPH79dxcC7aDXerc6zRcKjJs6MAL9PrCjnbyxCKXRNNZU5U9X/DLaaL1b3caB+WD6OoorhS3LTEtKPX8xyjOzhf3OQSzNjhJp5Q==",`
		`- pushaccess=False,`
		`- creator=pingou,`
		`- )`
		`- msg2 = pagure.lib.query.add_sshkey_to_project_or_user(`
		`- session=self.session,`
		`- project=repo,`
		`- ssh_key="ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQC9Xwc2RDzPBhlEDARfHldGjudIVoa04tqT1JVKGQmyllTFz7Rb8CngQL3e7zyNzotnhwYKHdoiLlPkVEiDee4dWMUe48ilqId+FJZQGhyv8fu4BoFdE1AJUVylzmltbLg14VqG5gjTpXgtlrEva9arKwBMHJjRYc8ScaSn3OgyQw==",`
		`- pushaccess=True,`
		`- creator=pingou,`
		`- )`
		`- self.session.commit()`
		`- self.assertEqual(msg1, "SSH key added")`
		`- self.assertEqual(msg2, "SSH key added")`
		`- # Add a forked project`
		`- item = pagure.lib.model.Project(`
		`- user_id=1, # pingou`
		`- name="test3",`
		`- description="test project #2",`
		`- is_fork=True,`
		`- parent_id=1,`
		`- hook_token="aaabbbvvv",`
		`- )`
		`- self.session.add(item)`
		`- self.session.commit()`
		`-`
		`- outputconf = os.path.join(self.path, "test_gitolite.conf")`
		`-`
		`- helper = pagure.lib.git_auth.get_git_auth_helper("gitolite3")`
		`- helper.write_gitolite_acls(self.session, outputconf, project=-1)`
		`-`
		`- self.assertTrue(os.path.exists(outputconf))`
		`-`
		`- with open(outputconf) as stream:`
		`- data = stream.read()`
		`-`
		`- exp = """repo test`
		`- R = @all`
		`- RW+ = pingou`
		`- R = deploykey_test_1`
		`- RW+ = deploykey_test_2`
		`-`
		`- repo docs/test`
		`- R = @all`
		`- RW+ = pingou`
		`- R = deploykey_test_1`
		`- RW+ = deploykey_test_2`
		`-`
		`- repo tickets/test`
		`- RW+ = pingou`
		`- R = deploykey_test_1`
		`- RW+ = deploykey_test_2`
		`-`
		`- repo requests/test`
		`- RW+ = pingou`
		`- R = deploykey_test_1`
		`- RW+ = deploykey_test_2`
		`-`
		`- repo test2`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo docs/test2`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo tickets/test2`
		`- RW+ = pingou`
		`-`
		`- repo requests/test2`
		`- RW+ = pingou`
		`-`
		`- repo somenamespace/test3`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo docs/somenamespace/test3`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo tickets/somenamespace/test3`
		`- RW+ = pingou`
		`-`
		`- repo requests/somenamespace/test3`
		`- RW+ = pingou`
		`-`
		`- repo forks/pingou/test3`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo docs/forks/pingou/test3`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo tickets/forks/pingou/test3`
		`- RW+ = pingou`
		`-`
		`- repo requests/forks/pingou/test3`
		`- RW+ = pingou`
		`-`
		`- # end of body`
		`- """`
		`- # print data`
		`- self.assertEqual(data, exp)`
		`-`
		`- os.unlink(outputconf)`
		`- self.assertFalse(os.path.exists(outputconf))`
		`-`
		`- def test_write_gitolite_acls_ticket(self):`
		`- """Test the write_gitolite_acls function of pagure.lib.git.`
		`- when the new uesr is just a ticketer"""`
		`- tests.create_projects(self.session)`
		`-`
		`- repo = pagure.lib.query.get_authorized_project(self.session, "test")`
		`- # Add an user to a project`
		`- # The user will be an admin of the project`
		`- msg = pagure.lib.query.add_user_to_project(`
		`- session=self.session,`
		`- project=repo,`
		`- new_user="foo",`
		`- user="pingou",`
		`- access="ticket",`
		`- )`
		`- self.session.commit()`
		`- self.assertEqual(msg, "User added")`
		`- # Add a forked project`
		`- item = pagure.lib.model.Project(`
		`- user_id=1, # pingou`
		`- name="test3",`
		`- description="test project #2",`
		`- is_fork=True,`
		`- parent_id=1,`
		`- hook_token="aaabbbvvv",`
		`- )`
		`- self.session.add(item)`
		`- self.session.commit()`
		`-`
		`- outputconf = os.path.join(self.path, "test_gitolite.conf")`
		`-`
		`- helper = pagure.lib.git_auth.get_git_auth_helper("gitolite3")`
		`- helper.write_gitolite_acls(self.session, outputconf, project=-1)`
		`-`
		`- self.assertTrue(os.path.exists(outputconf))`
		`-`
		`- with open(outputconf) as stream:`
		`- data = stream.read()`
		`-`
		`- exp = """repo test`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo docs/test`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo tickets/test`
		`- RW+ = pingou`
		`-`
		`- repo requests/test`
		`- RW+ = pingou`
		`-`
		`- repo test2`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo docs/test2`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo tickets/test2`
		`- RW+ = pingou`
		`-`
		`- repo requests/test2`
		`- RW+ = pingou`
		`-`
		`- repo somenamespace/test3`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo docs/somenamespace/test3`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo tickets/somenamespace/test3`
		`- RW+ = pingou`
		`-`
		`- repo requests/somenamespace/test3`
		`- RW+ = pingou`
		`-`
		`- repo forks/pingou/test3`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo docs/forks/pingou/test3`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo tickets/forks/pingou/test3`
		`- RW+ = pingou`
		`-`
		`- repo requests/forks/pingou/test3`
		`- RW+ = pingou`
		`-`
		`- # end of body`
		`- """`
		`- # print data`
		`- self.assertEqual(data, exp)`
		`-`
		`- os.unlink(outputconf)`
		`- self.assertFalse(os.path.exists(outputconf))`
		`-`
		`- def test_write_gitolite_acls_commit(self):`
		`- """Test the write_gitolite_acls function of pagure.lib.git.`
		`- when the new uesr is just a committer"""`
		`- tests.create_projects(self.session)`
		`-`
		`- repo = pagure.lib.query.get_authorized_project(self.session, "test")`
		`- # Add an user to a project`
		`- # The user will be an admin of the project`
		`- msg = pagure.lib.query.add_user_to_project(`
		`- session=self.session,`
		`- project=repo,`
		`- new_user="foo",`
		`- user="pingou",`
		`- access="commit",`
		`- )`
		`- self.session.commit()`
		`- self.assertEqual(msg, "User added")`
		`- # Add a forked project`
		`- item = pagure.lib.model.Project(`
		`- user_id=1, # pingou`
		`- name="test3",`
		`- description="test project #2",`
		`- is_fork=True,`
		`- parent_id=1,`
		`- hook_token="aaabbbvvv",`
		`- )`
		`- self.session.add(item)`
		`- self.session.commit()`
		`-`
		`- outputconf = os.path.join(self.path, "test_gitolite.conf")`
		`-`
		`- helper = pagure.lib.git_auth.get_git_auth_helper("gitolite3")`
		`- helper.write_gitolite_acls(self.session, outputconf, project=-1)`
		`-`
		`- self.assertTrue(os.path.exists(outputconf))`
		`-`
		`- with open(outputconf) as stream:`
		`- data = stream.read()`
		`-`
		`- exp = """repo test`
		`- R = @all`
		`- RW+ = pingou`
		`- RW+ = foo`
		`-`
		`- repo docs/test`
		`- R = @all`
		`- RW+ = pingou`
		`- RW+ = foo`
		`-`
		`- repo tickets/test`
		`- RW+ = pingou`
		`- RW+ = foo`
		`-`
		`- repo requests/test`
		`- RW+ = pingou`
		`- RW+ = foo`
		`-`
		`- repo test2`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo docs/test2`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo tickets/test2`
		`- RW+ = pingou`
		`-`
		`- repo requests/test2`
		`- RW+ = pingou`
		`-`
		`- repo somenamespace/test3`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo docs/somenamespace/test3`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo tickets/somenamespace/test3`
		`- RW+ = pingou`
		`-`
		`- repo requests/somenamespace/test3`
		`- RW+ = pingou`
		`-`
		`- repo forks/pingou/test3`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo docs/forks/pingou/test3`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo tickets/forks/pingou/test3`
		`- RW+ = pingou`
		`-`
		`- repo requests/forks/pingou/test3`
		`- RW+ = pingou`
		`-`
		`- # end of body`
		`- """`
		`- # print data`
		`- self.assertEqual(data, exp)`
		`-`
		`- os.unlink(outputconf)`
		`- self.assertFalse(os.path.exists(outputconf))`
		`-`
		`- def test_write_gitolite_acls_groups(self):`
		`- """Test the write_gitolite_acls function of pagure.lib.git with`
		`- groups as admin`
		`- """`
		`- tests.create_projects(self.session)`
		`-`
		`- repo = pagure.lib.query.get_authorized_project(self.session, "test")`
		`-`
		`- # Add a couple of groups`
		`- # They would be admins`
		`- msg = pagure.lib.query.add_group(`
		`- self.session,`
		`- group_name="sysadmin",`
		`- display_name="sysadmin group",`
		`- description=None,`
		`- group_type="user",`
		`- user="pingou",`
		`- is_admin=False,`
		`- blacklist=[],`
		`- )`
		`- self.session.commit()`
		- self.assertEqual(msg, "User `pingou` added to the group `sysadmin`.")
		`- msg = pagure.lib.query.add_group(`
		`- self.session,`
		`- group_name="devs",`
		`- display_name="devs group",`
		`- description=None,`
		`- group_type="user",`
		`- user="pingou",`
		`- is_admin=False,`
		`- blacklist=[],`
		`- )`
		`- self.session.commit()`
		- self.assertEqual(msg, "User `pingou` added to the group `devs`.")
		`-`
		`- # Associate these groups to a project`
		`- msg = pagure.lib.query.add_group_to_project(`
		`- session=self.session,`
		`- project=repo,`
		`- new_group="sysadmin",`
		`- user="pingou",`
		`- )`
		`- self.session.commit()`
		`- self.assertEqual(msg, "Group added")`
		`- msg = pagure.lib.query.add_group_to_project(`
		`- session=self.session, project=repo, new_group="devs", user="pingou"`
		`- )`
		`- self.session.commit()`
		`- self.assertEqual(msg, "Group added")`
		`-`
		`- # Add an user to a project`
		`- msg = pagure.lib.query.add_user_to_project(`
		`- session=self.session, project=repo, new_user="foo", user="pingou"`
		`- )`
		`- self.session.commit()`
		`- self.assertEqual(msg, "User added")`
		`- # Add a forked project`
		`- item = pagure.lib.model.Project(`
		`- user_id=1, # pingou`
		`- name="test2",`
		`- description="test project #2",`
		`- is_fork=True,`
		`- parent_id=1,`
		`- hook_token="aaabbbvvv",`
		`- )`
		`- self.session.add(item)`
		`- self.session.commit()`
		`-`
		`- outputconf = os.path.join(self.path, "test_gitolite.conf")`
		`-`
		`- helper = pagure.lib.git_auth.get_git_auth_helper("gitolite3")`
		`- helper.write_gitolite_acls(self.session, outputconf, project=-1)`
		`-`
		`- self.assertTrue(os.path.exists(outputconf))`
		`-`
		`- with open(outputconf) as stream:`
		`- data = stream.read()`
		`-`
		`- exp = """@devs = pingou`
		`- @sysadmin = pingou`
		`- # end of groups`
		`-`
		`- repo test`
		`- R = @all`
		`- RW+ = @devs @sysadmin`
		`- RW+ = pingou`
		`- RW+ = foo`
		`-`
		`- repo docs/test`
		`- R = @all`
		`- RW+ = @devs @sysadmin`
		`- RW+ = pingou`
		`- RW+ = foo`
		`-`
		`- repo tickets/test`
		`- RW+ = @devs @sysadmin`
		`- RW+ = pingou`
		`- RW+ = foo`
		`-`
		`- repo requests/test`
		`- RW+ = @devs @sysadmin`
		`- RW+ = pingou`
		`- RW+ = foo`
		`-`
		`- repo test2`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo docs/test2`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo tickets/test2`
		`- RW+ = pingou`
		`-`
		`- repo requests/test2`
		`- RW+ = pingou`
		`-`
		`- repo somenamespace/test3`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo docs/somenamespace/test3`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo tickets/somenamespace/test3`
		`- RW+ = pingou`
		`-`
		`- repo requests/somenamespace/test3`
		`- RW+ = pingou`
		`-`
		`- repo forks/pingou/test2`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo docs/forks/pingou/test2`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo tickets/forks/pingou/test2`
		`- RW+ = pingou`
		`-`
		`- repo requests/forks/pingou/test2`
		`- RW+ = pingou`
		`-`
		`- # end of body`
		`- """`
		`- # print data`
		`- self.assertEqual(data.split("\n"), exp.split("\n"))`
		`-`
		`- os.unlink(outputconf)`
		`- self.assertFalse(os.path.exists(outputconf))`
		`-`
		`- def test_write_gitolite_acls_groups_ticket(self):`
		`- """Test the write_gitolite_acls function of pagure.lib.git with`
		`- groups as ticketers`
		`- """`
		`- tests.create_projects(self.session)`
		`-`
		`- repo = pagure.lib.query.get_authorized_project(self.session, "test")`
		`-`
		`- # Add a couple of groups`
		`- # They would be ticketers`
		`- msg = pagure.lib.query.add_group(`
		`- self.session,`
		`- group_name="sysadmin",`
		`- display_name="sysadmin group",`
		`- description=None,`
		`- group_type="user",`
		`- user="pingou",`
		`- is_admin=False,`
		`- blacklist=[],`
		`- )`
		`- self.session.commit()`
		- self.assertEqual(msg, "User `pingou` added to the group `sysadmin`.")
		`- msg = pagure.lib.query.add_group(`
		`- self.session,`
		`- group_name="devs",`
		`- display_name="devs group",`
		`- description=None,`
		`- group_type="user",`
		`- user="pingou",`
		`- is_admin=False,`
		`- blacklist=[],`
		`- )`
		`- self.session.commit()`
		- self.assertEqual(msg, "User `pingou` added to the group `devs`.")
		`-`
		`- # Associate these groups to a project`
		`- msg = pagure.lib.query.add_group_to_project(`
		`- session=self.session,`
		`- project=repo,`
		`- new_group="sysadmin",`
		`- user="pingou",`
		`- access="ticket",`
		`- )`
		`- self.session.commit()`
		`- self.assertEqual(msg, "Group added")`
		`- msg = pagure.lib.query.add_group_to_project(`
		`- session=self.session,`
		`- project=repo,`
		`- new_group="devs",`
		`- user="pingou",`
		`- access="ticket",`
		`- )`
		`- self.session.commit()`
		`- self.assertEqual(msg, "Group added")`
		`-`
		`- # Add an user to a project`
		`- msg = pagure.lib.query.add_user_to_project(`
		`- session=self.session, project=repo, new_user="foo", user="pingou"`
		`- )`
		`- self.session.commit()`
		`- self.assertEqual(msg, "User added")`
		`- # Add a forked project`
		`- item = pagure.lib.model.Project(`
		`- user_id=1, # pingou`
		`- name="test2",`
		`- description="test project #2",`
		`- is_fork=True,`
		`- parent_id=1,`
		`- hook_token="aaabbbvvv",`
		`- )`
		`- self.session.add(item)`
		`- self.session.commit()`
		`-`
		`- outputconf = os.path.join(self.path, "test_gitolite.conf")`
		`-`
		`- helper = pagure.lib.git_auth.get_git_auth_helper("gitolite3")`
		`- helper.write_gitolite_acls(self.session, outputconf, project=-1)`
		`-`
		`- self.assertTrue(os.path.exists(outputconf))`
		`-`
		`- with open(outputconf) as stream:`
		`- data = stream.read()`
		`-`
		`- exp = """@devs = pingou`
		`- @sysadmin = pingou`
		`- # end of groups`
		`-`
		`- repo test`
		`- R = @all`
		`- RW+ = pingou`
		`- RW+ = foo`
		`-`
		`- repo docs/test`
		`- R = @all`
		`- RW+ = pingou`
		`- RW+ = foo`
		`-`
		`- repo tickets/test`
		`- RW+ = pingou`
		`- RW+ = foo`
		`-`
		`- repo requests/test`
		`- RW+ = pingou`
		`- RW+ = foo`
		`-`
		`- repo test2`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo docs/test2`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo tickets/test2`
		`- RW+ = pingou`
		`-`
		`- repo requests/test2`
		`- RW+ = pingou`
		`-`
		`- repo somenamespace/test3`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo docs/somenamespace/test3`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo tickets/somenamespace/test3`
		`- RW+ = pingou`
		`-`
		`- repo requests/somenamespace/test3`
		`- RW+ = pingou`
		`-`
		`- repo forks/pingou/test2`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo docs/forks/pingou/test2`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo tickets/forks/pingou/test2`
		`- RW+ = pingou`
		`-`
		`- repo requests/forks/pingou/test2`
		`- RW+ = pingou`
		`-`
		`- # end of body`
		`- """`
		`- # print data`
		`- self.assertEqual(data.split("\n"), exp.split("\n"))`
		`-`
		`- os.unlink(outputconf)`
		`- self.assertFalse(os.path.exists(outputconf))`
		`-`
		`- def test_write_gitolite_acls_groups_commit(self):`
		`- """Test the write_gitolite_acls function of pagure.lib.git with`
		`- groups as committers`
		`- """`
		`- tests.create_projects(self.session)`
		`-`
		`- repo = pagure.lib.query.get_authorized_project(self.session, "test")`
		`-`
		`- # Add a couple of groups`
		`- # They would be committers`
		`- msg = pagure.lib.query.add_group(`
		`- self.session,`
		`- group_name="sysadmin",`
		`- display_name="sysadmin group",`
		`- description=None,`
		`- group_type="user",`
		`- user="pingou",`
		`- is_admin=False,`
		`- blacklist=[],`
		`- )`
		`- self.session.commit()`
		- self.assertEqual(msg, "User `pingou` added to the group `sysadmin`.")
		`- msg = pagure.lib.query.add_group(`
		`- self.session,`
		`- group_name="devs",`
		`- display_name="devs group",`
		`- description=None,`
		`- group_type="user",`
		`- user="pingou",`
		`- is_admin=False,`
		`- blacklist=[],`
		`- )`
		`- self.session.commit()`
		- self.assertEqual(msg, "User `pingou` added to the group `devs`.")
		`-`
		`- # Associate these groups to a project`
		`- msg = pagure.lib.query.add_group_to_project(`
		`- session=self.session,`
		`- project=repo,`
		`- new_group="sysadmin",`
		`- user="pingou",`
		`- access="commit",`
		`- )`
		`- self.session.commit()`
		`- self.assertEqual(msg, "Group added")`
		`- msg = pagure.lib.query.add_group_to_project(`
		`- session=self.session,`
		`- project=repo,`
		`- new_group="devs",`
		`- user="pingou",`
		`- access="commit",`
		`- )`
		`- self.session.commit()`
		`- self.assertEqual(msg, "Group added")`
		`-`
		`- # Add an user to a project`
		`- msg = pagure.lib.query.add_user_to_project(`
		`- session=self.session, project=repo, new_user="foo", user="pingou"`
		`- )`
		`- self.session.commit()`
		`- self.assertEqual(msg, "User added")`
		`- # Add a forked project`
		`- item = pagure.lib.model.Project(`
		`- user_id=1, # pingou`
		`- name="test2",`
		`- description="test project #2",`
		`- is_fork=True,`
		`- parent_id=1,`
		`- hook_token="aaabbbvvv",`
		`- )`
		`- self.session.add(item)`
		`- self.session.commit()`
		`-`
		`- outputconf = os.path.join(self.path, "test_gitolite.conf")`
		`-`
		`- helper = pagure.lib.git_auth.get_git_auth_helper("gitolite3")`
		`- helper.write_gitolite_acls(self.session, outputconf, project=-1)`
		`-`
		`- self.assertTrue(os.path.exists(outputconf))`
		`-`
		`- with open(outputconf) as stream:`
		`- data = stream.read()`
		`-`
		`- exp = """@devs = pingou`
		`- @sysadmin = pingou`
		`- # end of groups`
		`-`
		`- repo test`
		`- R = @all`
		`- RW+ = @devs @sysadmin`
		`- RW+ = pingou`
		`- RW+ = foo`
		`-`
		`- repo docs/test`
		`- R = @all`
		`- RW+ = @devs @sysadmin`
		`- RW+ = pingou`
		`- RW+ = foo`
		`-`
		`- repo tickets/test`
		`- RW+ = @devs @sysadmin`
		`- RW+ = pingou`
		`- RW+ = foo`
		`-`
		`- repo requests/test`
		`- RW+ = @devs @sysadmin`
		`- RW+ = pingou`
		`- RW+ = foo`
		`-`
		`- repo test2`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo docs/test2`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo tickets/test2`
		`- RW+ = pingou`
		`-`
		`- repo requests/test2`
		`- RW+ = pingou`
		`-`
		`- repo somenamespace/test3`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo docs/somenamespace/test3`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo tickets/somenamespace/test3`
		`- RW+ = pingou`
		`-`
		`- repo requests/somenamespace/test3`
		`- RW+ = pingou`
		`-`
		`- repo forks/pingou/test2`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo docs/forks/pingou/test2`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo tickets/forks/pingou/test2`
		`- RW+ = pingou`
		`-`
		`- repo requests/forks/pingou/test2`
		`- RW+ = pingou`
		`-`
		`- # end of body`
		`- """`
		`- # print data`
		`- self.assertEqual(data.split("\n"), exp.split("\n"))`
		`-`
		`- os.unlink(outputconf)`
		`- self.assertFalse(os.path.exists(outputconf))`
		`-`
		`- def test_write_gitolite_project_pr_only(self):`
		`- """Test the write_gitolite_acls function of pagure.lib.git.`
		`- when the project enforces the PR approach.`
		`- """`
		`- tests.create_projects(self.session)`
		`-`
		`- repo = pagure.lib.query._get_project(self.session, "test")`
		`- # Make the project enforce the PR workflow`
		`- settings = repo.settings`
		`- settings["pull_request_access_only"] = True`
		`- repo.settings = settings`
		`- self.session.add(repo)`
		`- self.session.commit()`
		`-`
		`- # Add an user to a project`
		`- # The user will be an admin of the project`
		`- msg = pagure.lib.query.add_user_to_project(`
		`- session=self.session, project=repo, new_user="foo", user="pingou"`
		`- )`
		`- self.session.commit()`
		`- self.assertEqual(msg, "User added")`
		`- # Add a forked project`
		`- item = pagure.lib.model.Project(`
		`- user_id=1, # pingou`
		`- name="test3",`
		`- description="test project #2",`
		`- is_fork=True,`
		`- parent_id=1,`
		`- hook_token="aaabbbvvv",`
		`- )`
		`- self.session.add(item)`
		`- self.session.commit()`
		`-`
		`- outputconf = os.path.join(self.path, "test_gitolite.conf")`
		`-`
		`- helper = pagure.lib.git_auth.get_git_auth_helper("gitolite3")`
		`- helper.write_gitolite_acls(self.session, outputconf, project=-1)`
		`-`
		`- self.assertTrue(os.path.exists(outputconf))`
		`-`
		`- with open(outputconf) as stream:`
		`- data = stream.read()`
		`-`
		`- exp = """repo docs/test`
		`- R = @all`
		`- RW+ = pingou`
		`- RW+ = foo`
		`-`
		`- repo tickets/test`
		`- RW+ = pingou`
		`- RW+ = foo`
		`-`
		`- repo requests/test`
		`- RW+ = pingou`
		`- RW+ = foo`
		`-`
		`- repo test2`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo docs/test2`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo tickets/test2`
		`- RW+ = pingou`
		`-`
		`- repo requests/test2`
		`- RW+ = pingou`
		`-`
		`- repo somenamespace/test3`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo docs/somenamespace/test3`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo tickets/somenamespace/test3`
		`- RW+ = pingou`
		`-`
		`- repo requests/somenamespace/test3`
		`- RW+ = pingou`
		`-`
		`- repo forks/pingou/test3`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo docs/forks/pingou/test3`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo tickets/forks/pingou/test3`
		`- RW+ = pingou`
		`-`
		`- repo requests/forks/pingou/test3`
		`- RW+ = pingou`
		`-`
		`- # end of body`
		`- """`
		`- # print data`
		`- self.assertEqual(data, exp)`
		`-`
		`- os.unlink(outputconf)`
		`- self.assertFalse(os.path.exists(outputconf))`
		`-`
		`- @patch.dict("pagure.config.config", {"PR_ONLY": True})`
		`- def test_write_gitolite_global_pr_only(self):`
		`- """Test the write_gitolite_acls function of pagure.lib.git.`
		`- when the pagure instance enforces the PR approach.`
		`- """`
		`- tests.create_projects(self.session)`
		`-`
		`- repo = pagure.lib.query._get_project(self.session, "test")`
		`- self.assertFalse(repo.settings["pull_request_access_only"])`
		`-`
		`- # Add an user to a project`
		`- # The user will be an admin of the project`
		`- msg = pagure.lib.query.add_user_to_project(`
		`- session=self.session, project=repo, new_user="foo", user="pingou"`
		`- )`
		`- self.session.commit()`
		`- self.assertEqual(msg, "User added")`
		`- # Add a forked project`
		`- item = pagure.lib.model.Project(`
		`- user_id=1, # pingou`
		`- name="test3",`
		`- description="test project #2",`
		`- is_fork=True,`
		`- parent_id=1,`
		`- hook_token="aaabbbvvv",`
		`- )`
		`- self.session.add(item)`
		`- self.session.commit()`
		`-`
		`- outputconf = os.path.join(self.path, "test_gitolite.conf")`
		`-`
		`- helper = pagure.lib.git_auth.get_git_auth_helper("gitolite3")`
		`- helper.write_gitolite_acls(self.session, outputconf, project=-1)`
		`-`
		`- self.assertTrue(os.path.exists(outputconf))`
		`-`
		`- with open(outputconf) as stream:`
		`- data = stream.read()`
		`-`
		`- exp = """repo docs/test`
		`- R = @all`
		`- RW+ = pingou`
		`- RW+ = foo`
		`-`
		`- repo tickets/test`
		`- RW+ = pingou`
		`- RW+ = foo`
		`-`
		`- repo requests/test`
		`- RW+ = pingou`
		`- RW+ = foo`
		`-`
		`- repo docs/test2`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo tickets/test2`
		`- RW+ = pingou`
		`-`
		`- repo requests/test2`
		`- RW+ = pingou`
		`-`
		`- repo docs/somenamespace/test3`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo tickets/somenamespace/test3`
		`- RW+ = pingou`
		`-`
		`- repo requests/somenamespace/test3`
		`- RW+ = pingou`
		`-`
		`- repo forks/pingou/test3`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo docs/forks/pingou/test3`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo tickets/forks/pingou/test3`
		`- RW+ = pingou`
		`-`
		`- repo requests/forks/pingou/test3`
		`- RW+ = pingou`
		`-`
		`- # end of body`
		`- """`
		`- # print data`
		`- self.assertEqual(data, exp)`
		`-`
		`- os.unlink(outputconf)`
		`- self.assertFalse(os.path.exists(outputconf))`
		`-`
		`@patch("pagure.lib.notify.send_email")`
		`def test_update_git(self, email_f):`
		`"""Test the update_git of pagure.lib.git."""`
		`@@ -3571,28 +2248,6 @@`
		`domerge=False,`
		`)`

		`- @patch("subprocess.Popen")`
		`- def test_generate_gitolite_acls(self, popen):`
		`- """Test calling generate_gitolite_acls."""`
		`- pagure.SESSION = self.session`
		`- pagure.lib.git.SESSION = self.session`
		`- pagure.config.config["GITOLITE_HOME"] = "/tmp"`
		`-`
		`- proc = MagicMock()`
		`- proc.communicate.return_value = (1, 2)`
		`- proc.returncode = 0`
		`- popen.return_value = proc`
		`- helper = pagure.lib.git_auth.get_git_auth_helper("gitolite3")`
		`- helper.generate_acls(project=None)`
		`- popen.assert_called_with(`
		`- "HOME=/tmp gitolite compile && "`
		`- "HOME=/tmp gitolite trigger POST_COMPILE",`
		`- cwd="/tmp",`
		`- shell=True,`
		`- stderr=-1,`
		`- stdout=-1,`
		`- )`
		`-`
		`def test_is_forced_push_new_branch(self):`
		`self.assertFalse(`
		`pagure.lib.git.is_forced_push(`

tests/test_pagure_lib_gitolite_config.py

file removed

-999

		`@@ -1,999 +0,0 @@`
		`- # -- coding: utf-8 --`
		`-`
		`- """`
		`- (c) 2017 - Copyright Red Hat Inc`
		`-`
		`- Authors:`
		`- Pierre-Yves Chibon <pingou@pingoured.fr>`
		`-`
		`- """`
		`-`
		`- from __future__ import unicode_literals, absolute_import`
		`-`
		`- import datetime`
		`- import os`
		`- import shutil`
		`- import sys`
		`- import tempfile`
		`- import time`
		`- import unittest`
		`- from io import open`
		`-`
		`- import pygit2`
		`- from mock import patch, MagicMock`
		`-`
		`- sys.path.insert(`
		`- 0, os.path.join(os.path.dirname(os.path.abspath(__file__)), "..")`
		`- )`
		`-`
		`- import pagure.lib.git`
		`- import pagure.lib.query`
		`- import tests`
		`- from pagure.lib.repo import PagureRepo`
		`-`
		`-`
		`- CORE_CONFIG = """repo test`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo docs/test`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo tickets/test`
		`- RW+ = pingou`
		`-`
		`- repo requests/test`
		`- RW+ = pingou`
		`-`
		`- repo test2`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo docs/test2`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo tickets/test2`
		`- RW+ = pingou`
		`-`
		`- repo requests/test2`
		`- RW+ = pingou`
		`-`
		`- repo somenamespace/test3`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo docs/somenamespace/test3`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo tickets/somenamespace/test3`
		`- RW+ = pingou`
		`-`
		`- repo requests/somenamespace/test3`
		`- RW+ = pingou"""`
		`-`
		`-`
		`- class PagureLibGitoliteConfigtests(tests.Modeltests):`
		`- """Tests for pagure.lib.git"""`
		`-`
		`- maxDiff = None`
		`-`
		`- def setUp(self):`
		`- """Set up the environnment, ran before every tests."""`
		`- super(PagureLibGitoliteConfigtests, self).setUp()`
		`-`
		`- tests.create_projects(self.session)`
		`-`
		`- self.outputconf = os.path.join(self.path, "test_gitolite.conf")`
		`-`
		`- self.preconf = os.path.join(self.path, "header_gitolite")`
		`- with open(self.preconf, "w") as stream:`
		`- stream.write("# this is a header that is manually added\n")`
		`- stream.write("\n")`
		`- stream.write("@group1 = foo bar baz\n")`
		`- stream.write("@group2 = threebean puiterwijk kevin pingou\n")`
		`-`
		`- self.postconf = os.path.join(self.path, "footer_gitolite")`
		`- with open(self.postconf, "w", encoding="utf-8") as stream:`
		`- stream.write("# end of generated configuration\n")`
		`- stream.write(r"# \ó/")`
		`- stream.write("\n# end of footer\n")`
		`-`
		`- def tearDown(self):`
		`- """Tearn down the environnment, ran before every tests."""`
		`- super(PagureLibGitoliteConfigtests, self).tearDown()`
		`-`
		`- if os.path.exists(self.outputconf):`
		`- os.unlink(self.outputconf)`
		`- self.assertFalse(os.path.exists(self.outputconf))`
		`-`
		`- def test_write_gitolite_pre_post_projectNone(self):`
		`- """Test the write_gitolite_acls function of pagure.lib.git with`
		`- a postconf set"""`
		`-`
		`- helper = pagure.lib.git_auth.get_git_auth_helper("gitolite3")`
		`- helper.write_gitolite_acls(`
		`- self.session,`
		`- self.outputconf,`
		`- project=None,`
		`- preconf=self.preconf,`
		`- postconf=self.postconf,`
		`- )`
		`- self.assertTrue(os.path.exists(self.outputconf))`
		`-`
		`- with open(self.outputconf, "r") as stream:`
		`- data = stream.read()`
		`-`
		`- exp = (`
		`- r"""# this is a header that is manually added`
		`-`
		`- @group1 = foo bar baz`
		`- @group2 = threebean puiterwijk kevin pingou`
		`-`
		`- # end of header`
		`- %s`
		`-`
		`- # end of body`
		`- # end of generated configuration`
		`- # \ó/`
		`- # end of footer`
		`-`
		`- """`
		`- % CORE_CONFIG`
		`- )`
		`- # print data`
		`- self.assertEqual(data, exp)`
		`-`
		`- def test_write_gitolite_pre_post_projectNone_to_existing_file(self):`
		`- """Test the write_gitolite_acls function of pagure.lib.git with`
		`- a postconf set with existing output file"""`
		`-`
		`- with open(self.outputconf, "w") as stream:`
		`- pass`
		`-`
		`- helper = pagure.lib.git_auth.get_git_auth_helper("gitolite3")`
		`- helper.write_gitolite_acls(`
		`- self.session,`
		`- self.outputconf,`
		`- project=None,`
		`- preconf=self.preconf,`
		`- postconf=self.postconf,`
		`- )`
		`- self.assertTrue(os.path.exists(self.outputconf))`
		`-`
		`- with open(self.outputconf) as stream:`
		`- data = stream.read()`
		`- self.assertEqual(data, "")`
		`-`
		`- def test_write_gitolite_pre_post_project_1(self):`
		`- """Test the write_gitolite_acls function of pagure.lib.git with`
		`- a postconf set"""`
		`-`
		`- with open(self.outputconf, "w") as stream:`
		`- pass`
		`-`
		`- helper = pagure.lib.git_auth.get_git_auth_helper("gitolite3")`
		`- helper.write_gitolite_acls(`
		`- self.session,`
		`- self.outputconf,`
		`- project=-1,`
		`- preconf=self.preconf,`
		`- postconf=self.postconf,`
		`- )`
		`- self.assertTrue(os.path.exists(self.outputconf))`
		`-`
		`- with open(self.outputconf) as stream:`
		`- data = stream.read()`
		`-`
		`- exp = (`
		`- r"""# this is a header that is manually added`
		`-`
		`- @group1 = foo bar baz`
		`- @group2 = threebean puiterwijk kevin pingou`
		`-`
		`- # end of header`
		`- %s`
		`-`
		`- # end of body`
		`- # end of generated configuration`
		`- # \ó/`
		`- # end of footer`
		`-`
		`- """`
		`- % CORE_CONFIG`
		`- )`
		`-`
		`- # print data`
		`- self.assertEqual(data, exp)`
		`-`
		`- def test_write_gitolite_pre_post_project_test(self):`
		`- """Test the write_gitolite_acls function of pagure.lib.git with`
		`- a postconf set"""`
		`-`
		`- with open(self.outputconf, "w") as stream:`
		`- pass`
		`-`
		`- project = pagure.lib.query._get_project(self.session, "test")`
		`-`
		`- helper = pagure.lib.git_auth.get_git_auth_helper("gitolite3")`
		`- helper.write_gitolite_acls(`
		`- self.session,`
		`- self.outputconf,`
		`- project=project,`
		`- preconf=self.preconf,`
		`- postconf=self.postconf,`
		`- )`
		`- self.assertTrue(os.path.exists(self.outputconf))`
		`-`
		`- with open(self.outputconf) as stream:`
		`- data = stream.read()`
		`-`
		`- exp = r"""# this is a header that is manually added`
		`-`
		`- @group1 = foo bar baz`
		`- @group2 = threebean puiterwijk kevin pingou`
		`-`
		`- # end of header`
		`- repo test`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo docs/test`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo tickets/test`
		`- RW+ = pingou`
		`-`
		`- repo requests/test`
		`- RW+ = pingou`
		`-`
		`- # end of body`
		`- # end of generated configuration`
		`- # \ó/`
		`- # end of footer`
		`-`
		`- """`
		`- # print data`
		`- self.assertEqual(data, exp)`
		`-`
		`- def test_write_gitolite_pre_post_project_test_full_file(self):`
		`- """Test the write_gitolite_acls function of pagure.lib.git with`
		`- a postconf set"""`
		`-`
		`- # Re-generate the gitolite config for all the projects`
		`- self.test_write_gitolite_pre_post_project_1()`
		`- self.assertTrue(os.path.exists(self.outputconf))`
		`-`
		`- project = pagure.lib.query._get_project(self.session, "test")`
		`- project.user_id = 2`
		`- self.session.add(project)`
		`- self.session.commit()`
		`-`
		`- project = pagure.lib.query._get_project(self.session, "test")`
		`- msg = pagure.lib.query.add_user_to_project(`
		`- self.session,`
		`- project=project,`
		`- new_user="pingou",`
		`- user="foo",`
		`- access="commit",`
		`- )`
		`- self.assertEqual(msg, "User added")`
		`- self.session.commit()`
		`-`
		`- project = pagure.lib.query._get_project(self.session, "test")`
		`- helper = pagure.lib.git_auth.get_git_auth_helper("gitolite3")`
		`- helper.write_gitolite_acls(`
		`- self.session,`
		`- self.outputconf,`
		`- project=project,`
		`- preconf=self.preconf,`
		`- postconf=self.postconf,`
		`- )`
		`- self.assertTrue(os.path.exists(self.outputconf))`
		`-`
		`- with open(self.outputconf) as stream:`
		`- data = stream.read()`
		`-`
		`- exp = r"""# this is a header that is manually added`
		`-`
		`- @group1 = foo bar baz`
		`- @group2 = threebean puiterwijk kevin pingou`
		`-`
		`- # end of header`
		`- repo test2`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo docs/test2`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo tickets/test2`
		`- RW+ = pingou`
		`-`
		`- repo requests/test2`
		`- RW+ = pingou`
		`-`
		`- repo somenamespace/test3`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo docs/somenamespace/test3`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo tickets/somenamespace/test3`
		`- RW+ = pingou`
		`-`
		`- repo requests/somenamespace/test3`
		`- RW+ = pingou`
		`-`
		`- repo test`
		`- R = @all`
		`- RW+ = foo`
		`- RW+ = pingou`
		`-`
		`- repo docs/test`
		`- R = @all`
		`- RW+ = foo`
		`- RW+ = pingou`
		`-`
		`- repo tickets/test`
		`- RW+ = foo`
		`- RW+ = pingou`
		`-`
		`- repo requests/test`
		`- RW+ = foo`
		`- RW+ = pingou`
		`-`
		`- # end of body`
		`- # end of generated configuration`
		`- # \ó/`
		`- # end of footer`
		`-`
		`- """`
		`- # print data`
		`- self.assertEqual(data, exp)`
		`-`
		`- @patch.dict(`
		`- "pagure.config.config", {"ENABLE_DOCS": False, "ENABLE_TICKETS": False}`
		`- )`
		`- def test_write_gitolite_disabled_docs_tickets(self):`
		`- """Test the write_gitolite_acls function when docs and tickets`
		`- are disabled"""`
		`-`
		`- # Re-generate the gitolite config for all the projects`
		`- project = pagure.lib.query._get_project(self.session, "test")`
		`- project.user_id = 2`
		`- self.session.add(project)`
		`- self.session.commit()`
		`-`
		`- project = pagure.lib.query._get_project(self.session, "test")`
		`- msg = pagure.lib.query.add_user_to_project(`
		`- self.session,`
		`- project=project,`
		`- new_user="pingou",`
		`- user="foo",`
		`- access="commit",`
		`- )`
		`- self.assertEqual(msg, "User added")`
		`- self.session.commit()`
		`-`
		`- project = pagure.lib.query._get_project(self.session, "test")`
		`- helper = pagure.lib.git_auth.get_git_auth_helper("gitolite3")`
		`- helper.write_gitolite_acls(`
		`- self.session, self.outputconf, project=project`
		`- )`
		`- self.assertTrue(os.path.exists(self.outputconf))`
		`-`
		`- with open(self.outputconf) as stream:`
		`- data = stream.read()`
		`-`
		`- exp = """repo test`
		`- R = @all`
		`- RW+ = foo`
		`- RW+ = pingou`
		`-`
		`- repo requests/test`
		`- RW+ = foo`
		`- RW+ = pingou`
		`-`
		`- repo test2`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo requests/test2`
		`- RW+ = pingou`
		`-`
		`- repo somenamespace/test3`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo requests/somenamespace/test3`
		`- RW+ = pingou`
		`-`
		`- # end of body`
		`- """`
		`- self.assertEqual(data, exp)`
		`-`
		`-`
		`- class PagureLibGitoliteGroupConfigtests(tests.Modeltests):`
		`- """Tests for generating the gitolite configuration file for a group`
		`- change`
		`-`
		`- """`
		`-`
		`- maxDiff = None`
		`-`
		`- def setUp(self):`
		`- """Set up the environnment, ran before every tests."""`
		`- super(PagureLibGitoliteGroupConfigtests, self).setUp()`
		`-`
		`- tests.create_projects(self.session)`
		`-`
		`- pagure.lib.query.add_group(`
		`- self.session,`
		`- group_name="grp",`
		`- display_name="grp group",`
		`- description=None,`
		`- group_type="user",`
		`- user="pingou",`
		`- is_admin=False,`
		`- blacklist=[],`
		`- )`
		`- pagure.lib.query.add_group(`
		`- self.session,`
		`- group_name="grp2",`
		`- display_name="grp2 group",`
		`- description=None,`
		`- group_type="user",`
		`- user="foo",`
		`- is_admin=False,`
		`- blacklist=[],`
		`- )`
		`- self.session.commit()`
		`-`
		`- self.outputconf = os.path.join(self.path, "test_gitolite.conf")`
		`-`
		`- self.preconf = os.path.join(self.path, "header_gitolite")`
		`- with open(self.preconf, "w") as stream:`
		`- stream.write("# this is a header that is manually added\n")`
		`- stream.write("\n")`
		`- stream.write("@group1 = foo bar baz\n")`
		`- stream.write("@group2 = threebean puiterwijk kevin pingou\n")`
		`-`
		`- self.postconf = os.path.join(self.path, "footer_gitolite")`
		`- with open(self.postconf, "w") as stream:`
		`- stream.write("# end of generated configuration\n")`
		`- stream.write(r"# \ó/")`
		`- stream.write("\n# end of footer\n")`
		`-`
		`- def tearDown(self):`
		`- """Tearn down the environnment, ran before every tests."""`
		`- super(PagureLibGitoliteGroupConfigtests, self).tearDown()`
		`-`
		`- if os.path.exists(self.outputconf):`
		`- os.unlink(self.outputconf)`
		`- self.assertFalse(os.path.exists(self.outputconf))`
		`-`
		`- def test_write_gitolite_project_test_group(self):`
		`- """Test the write_gitolite_acls when updating a single group."""`
		`-`
		`- with open(self.outputconf, "w") as stream:`
		`- pass`
		`-`
		`- project = pagure.lib.query._get_project(self.session, "test")`
		`- group = pagure.lib.query.search_groups(self.session, group_name="grp")`
		`-`
		`- helper = pagure.lib.git_auth.get_git_auth_helper("gitolite3")`
		`- helper.write_gitolite_acls(`
		`- self.session,`
		`- self.outputconf,`
		`- project=project,`
		`- preconf=self.preconf,`
		`- postconf=self.postconf,`
		`- group=group,`
		`- )`
		`- self.assertTrue(os.path.exists(self.outputconf))`
		`-`
		`- with open(self.outputconf) as stream:`
		`- data = stream.read()`
		`-`
		`- exp = r"""# this is a header that is manually added`
		`-`
		`- @group1 = foo bar baz`
		`- @group2 = threebean puiterwijk kevin pingou`
		`-`
		`- # end of header`
		`- @grp = pingou`
		`-`
		`- repo test`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo docs/test`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo tickets/test`
		`- RW+ = pingou`
		`-`
		`- repo requests/test`
		`- RW+ = pingou`
		`-`
		`- # end of body`
		`- # end of generated configuration`
		`- # \ó/`
		`- # end of footer`
		`-`
		`- """`
		`- # print data`
		`- self.assertEqual(data, exp)`
		`-`
		`- def test_write_gitolite_project_test_all_groups(self):`
		`- """Test the write_gitolite_acls when updating all groups."""`
		`-`
		`- with open(self.outputconf, "w") as stream:`
		`- pass`
		`-`
		`- project = pagure.lib.query._get_project(self.session, "test")`
		`-`
		`- helper = pagure.lib.git_auth.get_git_auth_helper("gitolite3")`
		`- helper.write_gitolite_acls(`
		`- self.session,`
		`- self.outputconf,`
		`- project=project,`
		`- preconf=self.preconf,`
		`- postconf=self.postconf,`
		`- )`
		`- self.assertTrue(os.path.exists(self.outputconf))`
		`-`
		`- with open(self.outputconf) as stream:`
		`- data = stream.read()`
		`-`
		`- exp = r"""# this is a header that is manually added`
		`-`
		`- @group1 = foo bar baz`
		`- @group2 = threebean puiterwijk kevin pingou`
		`-`
		`- # end of header`
		`- @grp = pingou`
		`- @grp2 = foo`
		`- # end of groups`
		`-`
		`- repo test`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo docs/test`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo tickets/test`
		`- RW+ = pingou`
		`-`
		`- repo requests/test`
		`- RW+ = pingou`
		`-`
		`- # end of body`
		`- # end of generated configuration`
		`- # \ó/`
		`- # end of footer`
		`-`
		`- """`
		`- # print data`
		`- self.assertEqual(data, exp)`
		`-`
		`- def test_write_gitolite_project_all_projects_groups(self):`
		`- """Test the generating the entire gitolite config."""`
		`-`
		`- with open(self.outputconf, "w") as stream:`
		`- pass`
		`-`
		`- helper = pagure.lib.git_auth.get_git_auth_helper("gitolite3")`
		`- helper.write_gitolite_acls(`
		`- self.session,`
		`- self.outputconf,`
		`- project=-1,`
		`- preconf=self.preconf,`
		`- postconf=self.postconf,`
		`- )`
		`- self.assertTrue(os.path.exists(self.outputconf))`
		`-`
		`- with open(self.outputconf) as stream:`
		`- data = stream.read()`
		`-`
		`- exp = (`
		`- r"""# this is a header that is manually added`
		`-`
		`- @group1 = foo bar baz`
		`- @group2 = threebean puiterwijk kevin pingou`
		`-`
		`- # end of header`
		`- @grp = pingou`
		`- @grp2 = foo`
		`- # end of groups`
		`-`
		`- %s`
		`-`
		`- # end of body`
		`- # end of generated configuration`
		`- # \ó/`
		`- # end of footer`
		`-`
		`- """`
		`- % CORE_CONFIG`
		`- )`
		`- # print data`
		`- self.assertEqual(data, exp)`
		`-`
		`- def test_write_gitolite_project_all_projects_one_group(self):`
		`- """Test the generating the entire gitolite config."""`
		`-`
		`- # Generate the full gitolite config that we will update`
		`- self.test_write_gitolite_project_all_projects_groups()`
		`-`
		`- project = pagure.lib.query._get_project(self.session, "test")`
		`- group = pagure.lib.query.search_groups(self.session, group_name="grp")`
		`-`
		- # Let's add `foo` to `grp` so something changes
		`- msg = pagure.lib.query.add_user_to_group(`
		`- self.session,`
		`- username="foo",`
		`- group=group,`
		`- user="pingou",`
		`- is_admin=False,`
		`- )`
		`- self.session.commit()`
		- self.assertEqual(msg, "User `foo` added to the group `grp`.")
		`-`
		- # Let's add `foo` to `test` so the project changes as well
		`- msg = pagure.lib.query.add_user_to_project(`
		`- self.session,`
		`- project=project,`
		`- new_user="foo",`
		`- user="pingou",`
		`- access="commit",`
		`- )`
		`- self.assertEqual(msg, "User added")`
		`- self.session.commit()`
		`-`
		`- helper = pagure.lib.git_auth.get_git_auth_helper("gitolite3")`
		`- helper.write_gitolite_acls(`
		`- self.session,`
		`- self.outputconf,`
		`- project=project,`
		`- group=group,`
		`- preconf=self.preconf,`
		`- postconf=self.postconf,`
		`- )`
		`- self.assertTrue(os.path.exists(self.outputconf))`
		`-`
		`- with open(self.outputconf) as stream:`
		`- data = stream.read()`
		`-`
		`- exp = r"""# this is a header that is manually added`
		`-`
		`- @group1 = foo bar baz`
		`- @group2 = threebean puiterwijk kevin pingou`
		`-`
		`- # end of header`
		`- @grp = foo pingou`
		`- @grp2 = foo`
		`- # end of groups`
		`-`
		`- repo test2`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo docs/test2`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo tickets/test2`
		`- RW+ = pingou`
		`-`
		`- repo requests/test2`
		`- RW+ = pingou`
		`-`
		`- repo somenamespace/test3`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo docs/somenamespace/test3`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo tickets/somenamespace/test3`
		`- RW+ = pingou`
		`-`
		`- repo requests/somenamespace/test3`
		`- RW+ = pingou`
		`-`
		`- repo test`
		`- R = @all`
		`- RW+ = pingou`
		`- RW+ = foo`
		`-`
		`- repo docs/test`
		`- R = @all`
		`- RW+ = pingou`
		`- RW+ = foo`
		`-`
		`- repo tickets/test`
		`- RW+ = pingou`
		`- RW+ = foo`
		`-`
		`- repo requests/test`
		`- RW+ = pingou`
		`- RW+ = foo`
		`-`
		`- # end of body`
		`- # end of generated configuration`
		`- # \ó/`
		`- # end of footer`
		`-`
		`- """`
		`- # print data`
		`- self.assertEqual(data, exp)`
		`-`
		`- def test_write_gitolite_delete_group(self):`
		`- """Test the updating the gitolite config after having`
		`- deleted a group.`
		`- """`
		`-`
		`- # Generate the full gitolite config that we will update`
		`- self.test_write_gitolite_project_all_projects_groups()`
		`-`
		- # Delete the group `grp`
		`- self.assertEqual(len(pagure.lib.query.search_groups(self.session)), 2)`
		`- group = pagure.lib.query.search_groups(self.session, group_name="grp")`
		`- self.session.delete(group)`
		`- self.session.commit()`
		`- self.assertEqual(len(pagure.lib.query.search_groups(self.session)), 1)`
		`-`
		`- helper = pagure.lib.git_auth.get_git_auth_helper("gitolite3")`
		`- helper.write_gitolite_acls(`
		`- self.session,`
		`- self.outputconf,`
		`- project=None,`
		`- preconf=self.preconf,`
		`- postconf=self.postconf,`
		`- )`
		`- self.assertTrue(os.path.exists(self.outputconf))`
		`-`
		`- with open(self.outputconf) as stream:`
		`- data = stream.read()`
		`-`
		`- exp = (`
		`- r"""# this is a header that is manually added`
		`-`
		`- @group1 = foo bar baz`
		`- @group2 = threebean puiterwijk kevin pingou`
		`-`
		`- # end of header`
		`- @grp2 = foo`
		`- # end of groups`
		`-`
		`- %s`
		`-`
		`- # end of body`
		`- # end of generated configuration`
		`- # \ó/`
		`- # end of footer`
		`-`
		`- """`
		`- % CORE_CONFIG`
		`- )`
		`- # print data`
		`- self.assertEqual(data, exp)`
		`-`
		`- @patch("pagure.lib.git_auth.get_git_auth_helper")`
		`- def test_task_generate_gitolite_acls_one_group(self, get_helper):`
		`- """Test the generate_gitolite_acls task to ensure if group is None`
		`- then None is passed to the helper."""`
		`- helper = MagicMock()`
		`- get_helper.return_value = helper`
		`- pagure.lib.query.SESSIONMAKER = self.session.session_factory`
		`-`
		`- pagure.lib.tasks.generate_gitolite_acls(`
		`- namespace=None, name="test", user=None, group=None`
		`- )`
		`-`
		`- get_helper.assert_called_with()`
		`- args = helper.generate_acls.call_args`
		`- self.assertIsNone(args[1].get("group"))`
		`- self.assertIsNotNone(args[1].get("project"))`
		`-`
		`- def test_write_gitolite_project_test_private(self):`
		`- """Test the write_gitolite_acls function of pagure.lib.git with`
		`- a postconf set"""`
		`-`
		`- # Make the test project private`
		`- project = pagure.lib.query._get_project(self.session, "test")`
		`- project.private = True`
		`- self.session.add(project)`
		`- self.session.commit()`
		`-`
		`- # Re-generate the gitolite config just for this project`
		`- helper = pagure.lib.git_auth.get_git_auth_helper("gitolite3")`
		`- helper.write_gitolite_acls(self.session, self.outputconf, project=None)`
		`- self.assertTrue(os.path.exists(self.outputconf))`
		`-`
		`- with open(self.outputconf) as stream:`
		`- data = stream.read()`
		`-`
		`- exp = """@grp = pingou`
		`- @grp2 = foo`
		`- # end of groups`
		`-`
		`- repo test`
		`- RW+ = pingou`
		`-`
		`- repo docs/test`
		`- RW+ = pingou`
		`-`
		`- repo tickets/test`
		`- RW+ = pingou`
		`-`
		`- repo requests/test`
		`- RW+ = pingou`
		`-`
		`- repo test2`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo docs/test2`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo tickets/test2`
		`- RW+ = pingou`
		`-`
		`- repo requests/test2`
		`- RW+ = pingou`
		`-`
		`- repo somenamespace/test3`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo docs/somenamespace/test3`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo tickets/somenamespace/test3`
		`- RW+ = pingou`
		`-`
		`- repo requests/somenamespace/test3`
		`- RW+ = pingou`
		`-`
		`- # end of body`
		`- """`
		`- # print data`
		`- self.assertEqual(data, exp)`
		`-`
		`- def test_remove_acls(self):`
		`- """Test the remove_acls function of pagure.lib.git when deleting`
		`- a project"""`
		`- pagure.config.config["GITOLITE_CONFIG"] = self.outputconf`
		`-`
		`- with open(self.outputconf, "w") as stream:`
		`- pass`
		`-`
		`- helper = pagure.lib.git_auth.get_git_auth_helper("gitolite3")`
		`- helper.write_gitolite_acls(self.session, self.outputconf, project=-1)`
		`- self.assertTrue(os.path.exists(self.outputconf))`
		`-`
		`- with open(self.outputconf) as stream:`
		`- data = stream.read()`
		`-`
		`- exp = (`
		`- """@grp = pingou`
		`- @grp2 = foo`
		`- # end of groups`
		`-`
		`- %s`
		`-`
		`- # end of body`
		`- """`
		`- % CORE_CONFIG`
		`- )`
		`-`
		`- # print data`
		`- self.assertEqual(data, exp)`
		`-`
		`- # Test removing a project from the existing config`
		`- project = pagure.lib.query.get_authorized_project(`
		`- self.session, project_name="test"`
		`- )`
		`-`
		`- helper.remove_acls(self.session, project=project)`
		`-`
		`- with open(self.outputconf) as stream:`
		`- data = stream.read()`
		`-`
		`- exp = """@grp = pingou`
		`- @grp2 = foo`
		`- # end of groups`
		`-`
		`- repo test2`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo docs/test2`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo tickets/test2`
		`- RW+ = pingou`
		`-`
		`- repo requests/test2`
		`- RW+ = pingou`
		`-`
		`- repo somenamespace/test3`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo docs/somenamespace/test3`
		`- R = @all`
		`- RW+ = pingou`
		`-`
		`- repo tickets/somenamespace/test3`
		`- RW+ = pingou`
		`-`
		`- repo requests/somenamespace/test3`
		`- RW+ = pingou`
		`-`
		`- # end of body`
		`- """`
		`-`
		`- # print data`
		`- self.assertEqual(data, exp)`
		`-`
		`- def test_remove_acls_no_project(self):`
		`- """Test the remove_acls function of pagure.lib.git when no project`
		`- is specified"""`
		`- pagure.config.config["GITOLITE_CONFIG"] = self.outputconf`
		`-`
		`- with open(self.outputconf, "w") as stream:`
		`- pass`
		`-`
		`- helper = pagure.lib.git_auth.get_git_auth_helper("gitolite3")`
		`- helper.write_gitolite_acls(self.session, self.outputconf, project=-1)`
		`- self.assertTrue(os.path.exists(self.outputconf))`
		`-`
		`- with open(self.outputconf) as stream:`
		`- data = stream.read()`
		`-`
		`- exp = (`
		`- """@grp = pingou`
		`- @grp2 = foo`
		`- # end of groups`
		`-`
		`- %s`
		`-`
		`- # end of body`
		`- """`
		`- % CORE_CONFIG`
		`- )`
		`-`
		`- # print data`
		`- self.assertEqual(data, exp)`
		`-`
		`- # Test nothing changes if no project is specified`
		`-`
		`- self.assertRaises(`
		`- RuntimeError, helper.remove_acls, self.session, project=None`
		`- )`
		`-`
		`- with open(self.outputconf) as stream:`
		`- data = stream.read()`
		`-`
		`- self.assertEqual(data, exp)`
		`-`
		`-`
		`- if __name__ == "__main__":`
		`- unittest.main(verbosity=2)`

tests/test_tasks.py

file modified

-19

		`@@ -228,22 +228,3 @@`
		`self.assertEqual(`
		`authors, [(2, [("Alice", None, None)]), (1, [("Bob", "", None)])]`
		`)`
		`-`
		`-`
		`- class TestGitolitePostCompileOnly(object):`
		`- @patch("pagure.lib.git_auth.get_git_auth_helper")`
		`- def test_backend_has_post_compile_only(self, get_helper):`
		`- helper = MagicMock()`
		`- get_helper.return_value = helper`
		`- helper.post_compile_only = MagicMock()`
		`- tasks.gitolite_post_compile_only()`
		`- helper.post_compile_only.assert_called_once()`
		`-`
		`- @patch("pagure.lib.git_auth.get_git_auth_helper")`
		`- def test_backend_doesnt_have_post_compile_only(self, get_helper):`
		`- helper = MagicMock()`
		`- get_helper.return_value = helper`
		`- helper.generate_acls = MagicMock()`
		`- del helper.post_compile_only`
		`- tasks.gitolite_post_compile_only()`
		`- helper.generate_acls.assert_called_once_with(project=None)`

wombelix commented a month ago

Removal of all gitolite related code. pagure as default auth backend.

ngompa commented a month ago

If this passes all the tests, can you squash this into a single commit? I don't think this needs to be split into 58 non-atomic changes.

wombelix commented a month ago

OK I missed one black finding. The AssertionError: unexpectedly None errors can be ignored, those are issues that only happen in the CI. I'm pretty sure at some point we hit memory/cpu issues and a celery task get lost somehow. So I will later push a fix for the style issue.

wombelix commented a month ago

If this passes all the tests, can you squash this into a single commit? I don't think this needs to be split into 58 non-atomic changes.

Sure, was more a pre-caution during carving that stuff out in case I need to dig up parts again :smile:

1 new commit added

tests: Fix a style check finding in tests/test_pagure_lib.py

a month ago

wombelix commented a month ago

CI errors are all AssertionError: unexpectedly None which doesn't happy in local tests and will hopefully solved in the pipeline when https://pagure.io/pagure/issue/5466 is implemented.
I'm going to squash and push it as single commit as requested.
Last chance to do a review, especially of tests I dropped, those changes are the most risky.

rebased onto 62e1ab7

a month ago

ngompa commented a month ago

This is gargantuan and well done, thanks! :thumbsup:

The tests look good too. If nobody has anything to say about it by midday PDT, I'll merge it.

Pull-Request has been merged by ngompa

a month ago

ngompa commented a month ago

This is now merged. Let's see how things go...

Metadata

Assignee

None

Tags

No Tags

Changes Summary 58

file added

alembic/versions/6a8ca213d503_drop_project_read_only_column.py

-196

file removed

dev/ansible/roles/pagure-dev/files/gitolite3.rc

+0 -1

file changed

dev/ansible/roles/pagure-dev/files/pagure.cfg

-26

file removed

dev/ansible/roles/pagure-dev/tasks/gitolite.yml

+0 -1

file changed

dev/ansible/roles/pagure-dev/tasks/main.yml

+4 -221

file changed

doc/configuration.rst

-41

file removed

doc/custom_gitolite_conf.rst

doc/overview_simple.ascii

+0 -3

file changed

doc/usage/first_steps.rst

file removed

doc/usage/read_only.rst

file removed

file removed

files/pagure.cfg.sample

file removed

files/pagure_gitolite_worker.service

+1 -1

file changed

files/pagure_worker.service.example

+0 -1

file changed

pagure/api/__init__.py

pagure/api/project.py

pagure/default_config.py

pagure/hooks/files/git_multimail_upstream.py

pagure/lib/git_auth.py

pagure/templates/repo_master.html

+0 -8

file changed

pagure/templates/settings.html

pagure/ui/fas_login.py

pagure/ui/oidc_login.py

tests/test_pagure_admin.py

+0 -116

file changed

tests/test_pagure_flask_api_project.py

+0 -11

file changed

tests/test_pagure_flask_api_project_delete_project.py

+0 -5

file changed

tests/test_pagure_flask_ui_app_give_project.py

+0 -13

file changed

tests/test_pagure_flask_ui_clone.py

+0 -4

file changed

tests/test_pagure_flask_ui_issues.py

+2 -142

file changed

tests/test_pagure_flask_ui_repo.py

+0 -77

file changed

tests/test_pagure_flask_ui_repo_delete_project.py

+0 -201

file changed

tests/test_pagure_lib.py

+0 -1345

file changed

tests/test_pagure_lib_git.py

-999

file removed

tests/test_pagure_lib_gitolite_config.py

+0 -19

file changed

tests/test_tasks.py

		`@@ -6,7 +6,8 @@`
		`Grants/Denies access \| \|`
		`+------------+ +-----------+ \| +----------------------+ \|`
		`\| \| \| \| \| \| \| \|`
		`- User's git actions +--------------------->+ Gitolite +-------------------------->+ Git repos +----+--->+ pagure logcom \| \|`
		`+ User's git actions +--------------------->+ pagure +-------------------------->+ Git repos +----+--->+ pagure logcom \| \|`
		`+ \| auth keys \| \| \| \| \|`
		`\| \| \| \| \| \| \|`
		`+-----+------+ +---------+-+ +----------------+-----+ \|`
		`^ ^ \| \|`

pagure

Source Code

Documentation

#5469 Remove gitolite support Merged a month ago by ngompa. Opened a month ago by wombelix. wombelix/pagure chore_remove_gitolite_support into master

Metadata

Changes Summary 58

#5469 Remove gitolite support

Merged a month ago by ngompa. Opened a month ago by wombelix.

wombelix/pagure chore_remove_gitolite_support into master