nik/davical
1
0
Fork 0
mirror of https://gitlab.com/davical-project/davical.git synced 2026-05-31 03:34:18 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add testing for LDAP with memcache

Browse Source
This commit is contained in:
Andrew Ruthven 2022-12-19 23:04:09 +13:00
parent 7898efdfda
commit 353a2d1b13
30 changed files with 770 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
.gitlab-ci.yml
View File

@ -2,6 +2,7 @@ stages:
- build - build
- test - test
- testall - testall
- testldap
build: build:
stage: build stage: build
@ -260,7 +261,7 @@ test_memcache:
- echo "en_NZ.UTF-8 UTF-8" >> /etc/locale.gen - echo "en_NZ.UTF-8 UTF-8" >> /etc/locale.gen
- locale-gen - locale-gen
- echo "LANG=en_NZ.UTF-8" > /etc/default/locale - echo "LANG=en_NZ.UTF-8" > /etc/default/locale
- apt-get -y install libdbd-pg-perl libyaml-perl php php-cli php-pgsql php-xml php-memcached postgresql-client postgresql libapache2-mod-php curl xmlstarlet memcached - apt-get -y install libdbd-pg-perl libyaml-perl php php-cli php-pgsql php-xml php-memcached postgresql-client postgresql libapache2-mod-php curl xmlstarlet memcached netcat-openbsd
- phpenmod memcached - phpenmod memcached
- curl 'https://gitlab.com/davical-project/awl/-/archive/master/awl-master.tar.gz' | tar zxf - - curl 'https://gitlab.com/davical-project/awl/-/archive/master/awl-master.tar.gz' | tar zxf -
- mv awl-master /usr/share/awl/ - mv awl-master /usr/share/awl/
@ -299,3 +300,63 @@ test_memcache:
- xz apache2_log/test_memcache/* - xz apache2_log/test_memcache/*
- mkdir -p davical_log - mkdir -p davical_log
- cp -r /var/log/davical davical_log/test_memcache - cp -r /var/log/davical davical_log/test_memcache
# Only test if the memcache test passes
test_memcache_and_ldap:
stage: testldap
image: debian:unstable
artifacts:
paths:
- testing/report.xml
- apache2_log/*
- davical_log/*
reports:
junit: testing/report.xml
when:
always
script:
- apt-get -y update
- bash -c 'mkdir -p /usr/share/man/man{0..10}'
- apt-get -y install locales
- echo "en_NZ.UTF-8 UTF-8" >> /etc/locale.gen
- locale-gen
- echo "LANG=en_NZ.UTF-8" > /etc/default/locale
- apt-get -y install libdbd-pg-perl libyaml-perl php php-cli php-pgsql php-xml php-memcached php-ldap postgresql-client postgresql libapache2-mod-php curl xmlstarlet memcached libnet-ldap-server-test-perl netcat-openbsd
- phpenmod memcached
- phpenmod ldap
- curl 'https://gitlab.com/davical-project/awl/-/archive/master/awl-master.tar.gz' | tar zxf -
- mv awl-master /usr/share/awl/
- chown -R www-data /usr/share/awl/
- dpkg --ignore-depends=libawl-php -i *.deb
- echo '127.0.1.1 regression mycaldav mycaldav_ldap myempty' >> /etc/hosts
- rm /etc/apache2/ports.conf /etc/apache2/sites-enabled/000-default.conf && touch /etc/apache2/ports.conf
- cp testing/apache-site.conf.example /etc/apache2/sites-enabled/davical-regression.conf
- sed -i 's/\/path\/to/\/usr\/share/g' /etc/apache2/sites-enabled/davical-regression.conf
- mkdir /usr/share/davical/testing/
- cp testing/*.php /usr/share/davical/testing/
- rm /etc/davical/config.php
- cat testing/regression-conf.php.example | sed 's.//$c->dbg.$c->dbg.' | sed -E 's.//(memcache|ldap) ..g' > /etc/davical/regression-conf.php
- ln -s /etc/davical/regression-conf.php /etc/davical/mycaldav_ldap-conf.php
- mkdir -p /var/log/davical
- chown www-data /var/log/davical
- sed -i '/peer/d' /etc/postgresql/16/main/pg_hba.conf
- echo 'local all all trust' >> /etc/postgresql/16/main/pg_hba.conf
- pg_ctlcluster 16 main start
- su postgres -c 'createuser davical_dba --createdb --createrole --superuser'
- su postgres -c 'createuser davical_app --superuser'
- su postgres -c 'createuser testrunner --superuser'
- pg_ctlcluster 16 main restart
- a2enmod rewrite
- a2enmod headers
- apache2ctl start
- /etc/init.d/memcached start
- useradd testrunner
# testrunner needs to be able to read /var/log/apache2/regression-error.log for the ldap tests.
- adduser testrunner adm
- cd testing && su testrunner -c 'IS_CI=yes ALLSUITES="ldap" ./run_regressions.sh all x'
after_script:
- mkdir -p apache2_log
- cp -r /var/log/apache2 apache2_log/test_memcache_and_ldap
- xz apache2_log/test_memcache_and_ldap/*
- mkdir -p davical_log
- cp -r /var/log/davical davical_log/test_memcache_and_ldap

2
testing/apache-site.conf.example
View File

@ -1,7 +1,7 @@
Listen 127.0.1.1:80 Listen 127.0.1.1:80
<VirtualHost 127.0.1.1:80> <VirtualHost 127.0.1.1:80>
ServerName regression ServerName regression
ServerAlias myempty mycaldav ServerAlias myempty mycaldav mycaldav_ldap
DocumentRoot /path/to/davical/htdocs DocumentRoot /path/to/davical/htdocs
CustomLog ${APACHE_LOG_DIR}/regression-access.log combined CustomLog ${APACHE_LOG_DIR}/regression-access.log combined
ErrorLog ${APACHE_LOG_DIR}/regression-error.log ErrorLog ${APACHE_LOG_DIR}/regression-error.log

22
testing/regression-conf.php.example
View File

@ -23,4 +23,26 @@
// if testing memcache // if testing memcache
//memcache $c->memcache_servers[] = '127.0.0.1,11211'; //memcache $c->memcache_servers[] = '127.0.0.1,11211';
//memcache $c->auth_cache = true; //memcache $c->auth_cache = true;
// if testing LDAP
//ldap $c->authenticate_hook['call'] = 'LDAP_check';
//ldap $c->authenticate_hook['config'] = array(
//ldap 'host' => 'localhost',
//ldap 'port' => '21394',
//ldap 'baseDNUsers' => 'dc=example,dc=com',
//ldap 'mapping_field' => array("username" => "uid",
//ldap "modified" => "modifyTimestamp",
//ldap "fullname" => "cn" ,
//ldap "email" =>"mail"
//ldap ),
//ldap 'group_mapping_field' => array("username" => "cn",
//ldap "modified" => "modifyTimestamp",
//ldap "fullname" => "cn" ,
//ldap "members" =>"memberUid"
//ldap ),
//ldap 'format_updated' => array('Y' => array(0,4), 'm' => array(4,2), 'd' => array(6,2), 'H' => array(8,2), 'M' => array(10,2), 'S' => array(12,2))
//ldap );
//ldap include('drivers_ldap.php');
?> ?>

1
testing/tests/ldap/0000-clear-memcached.result Normal file
View File

@ -0,0 +1 @@
OK

3
testing/tests/ldap/0000-clear-memcached.test Normal file
View File

@ -0,0 +1,3 @@
# Ensure that memcached has nothing cached.
SCRIPT=echo flush_all | nc -N 127.0.0.1 11211

1
testing/tests/ldap/0000-confirm-no-ldap1-user.result Normal file
View File

@ -0,0 +1 @@

6
testing/tests/ldap/0000-confirm-no-ldap1-user.test Normal file
View File

@ -0,0 +1,6 @@
# Check that no usr record exists
QUERY
SELECT active ,email, fullname, last_used, password, username, user_no
FROM usr
WHERE username = 'ldap1';
ENDQUERY

67
testing/tests/ldap/0001-test-ldap.result Normal file
View File

@ -0,0 +1,67 @@
HTTP/1.1 207 Multi-Status
Date: Dow, 01 Jan 2000 00:00:00 GMT
DAV: 1, 2, 3, access-control, calendar-access, calendar-schedule
DAV: extended-mkcol, bind, addressbook, calendar-auto-schedule, calendar-proxy
ETag: "ed58709591152964fd4a584af5b55d79"
Content-Length: 942
Content-Type: text/xml; charset="utf-8"
<?xml version="1.0" encoding="utf-8" ?>
<multistatus xmlns="DAV:">
<response>
<href>/caldav.php/</href>
<propstat>
<prop>
<resourcetype>
<collection/>
</resourcetype>
</prop>
<status>HTTP/1.1 200 OK</status>
</propstat>
</response>
<response>
<href>/caldav.php/resource1/</href>
<propstat>
<prop>
<resourcetype>
<collection/>
<principal/>
</resourcetype>
</prop>
<status>HTTP/1.1 200 OK</status>
</propstat>
</response>
<response>
<href>/caldav.php/resource2/</href>
<propstat>
<prop>
<resourcetype>
<collection/>
<principal/>
</resourcetype>
</prop>
<status>HTTP/1.1 200 OK</status>
</propstat>
</response>
<response>
<href>/caldav.php/ldap1/</href>
<propstat>
<prop>
<resourcetype>
<collection/>
<principal/>
</resourcetype>
</prop>
<status>HTTP/1.1 200 OK</status>
</propstat>
</response>
</multistatus>
active: >1<
email: >ldap1@example.com<
fullname: >ldap1<
last_used: >NULL<
password: >NULL<
user_no: >1001<
username: >ldap1<

64
testing/tests/ldap/0001-test-ldap.test Normal file
View File

@ -0,0 +1,64 @@
BEGINPERL
if ($debug) { $ENV{'LDAP_DEBUG'} = 1 };
use Net::LDAP::Server::Test;
use Net::LDAP;
use IO::Socket::INET;
#my $port = find_idle_port();
#my $ldap_port = RT::Test->find_idle_port;
my $ldap_port = 21394;
my $ldap_socket = IO::Socket::INET->new(
Listen => 5,
Proto => 'tcp',
Reuse => 1,
LocalPort => $ldap_port,
);
# Keep it around after this block exits.
$evaled{'ldap_server'} = Net::LDAP::Server::Test->new( $ldap_socket, auto_schema => 1 );
my $ldap = Net::LDAP->new("localhost:$ldap_port") || die "Failed to instantiate Net::LDAP: $!";
$ldap->bind();
my $username = "ldap1";
my $base = "dc=example,dc=com";
my $dn = "uid=$username,$base";
my $entry = {
cn => $username,
mail => "$username\@example.com",
uid => $username,
objectClass => 'User',
userPassword => 'ldap1',
};
$ldap->add( $base );
$ldap->add( $dn, attr => [%$entry] );
# We need to keep the client around, otherwise the test server will exit.
$evaled{'ldap_client'} = $ldap;
#sleep 100;
ENDPERL
TYPE=PROPFIND
URL=http://regression_ldap.host/caldav.php/
HEADER=Content-Type: text/xml
HEADER=Depth: 1
AUTH=ldap1:ldap1
HEAD
BEGINDATA
<?xml version="1.0" encoding="utf-8" ?>
<D:propfind xmlns:D="DAV:">
<D:prop>
<D:resourcetype/>
</D:prop>
</D:propfind>
ENDDATA
# Check that a usr record has been created.
QUERY
SELECT active, email, fullname, last_used, password, username, user_no
FROM usr
WHERE username = 'ldap1';
ENDQUERY

2
testing/tests/ldap/0002-NoCachedCredentials-ldap1.result Normal file
View File

@ -0,0 +1,2 @@
No cached credentials found - no salt
No cached credentials found

4
testing/tests/ldap/0002-NoCachedCredentials-ldap1.test Normal file
View File

@ -0,0 +1,4 @@
# Make sure there are no cached credentials present.
SCRIPT=if [ $(grep "HTTPAuthLogin:CheckCache: No salt stored for ldap1" /var/log/apache2/regression-error.log | wc -l) -eq 1 ] ; then echo "No cached credentials found" - no salt; else echo "Cached credentials, salt present, failed"; fi
SCRIPT=if [ $(grep "HTTPAuthLogin:CheckCache: Cached credentials for ldap1 are good" /var/log/apache2/regression-error.log | wc -l) -eq 0 ] ; then echo "No cached credentials found"; else echo "Cached credentials, failed"; fi

67
testing/tests/ldap/0003-test-ldap.result Normal file
View File

@ -0,0 +1,67 @@
HTTP/1.1 207 Multi-Status
Date: Dow, 01 Jan 2000 00:00:00 GMT
DAV: 1, 2, 3, access-control, calendar-access, calendar-schedule
DAV: extended-mkcol, bind, addressbook, calendar-auto-schedule, calendar-proxy
ETag: "ed58709591152964fd4a584af5b55d79"
Content-Length: 942
Content-Type: text/xml; charset="utf-8"
<?xml version="1.0" encoding="utf-8" ?>
<multistatus xmlns="DAV:">
<response>
<href>/caldav.php/</href>
<propstat>
<prop>
<resourcetype>
<collection/>
</resourcetype>
</prop>
<status>HTTP/1.1 200 OK</status>
</propstat>
</response>
<response>
<href>/caldav.php/resource1/</href>
<propstat>
<prop>
<resourcetype>
<collection/>
<principal/>
</resourcetype>
</prop>
<status>HTTP/1.1 200 OK</status>
</propstat>
</response>
<response>
<href>/caldav.php/resource2/</href>
<propstat>
<prop>
<resourcetype>
<collection/>
<principal/>
</resourcetype>
</prop>
<status>HTTP/1.1 200 OK</status>
</propstat>
</response>
<response>
<href>/caldav.php/ldap1/</href>
<propstat>
<prop>
<resourcetype>
<collection/>
<principal/>
</resourcetype>
</prop>
<status>HTTP/1.1 200 OK</status>
</propstat>
</response>
</multistatus>
active: >1<
email: >ldap1@example.com<
fullname: >ldap1<
last_used: >NULL<
password: >NULL<
user_no: >1001<
username: >ldap1<

1
testing/tests/ldap/0003-test-ldap.test Symbolic link
View File

@ -0,0 +1 @@
0001-test-ldap.test

1
testing/tests/ldap/0004-CachedCredentials-ldap1.result Normal file
View File

@ -0,0 +1 @@
Cached credentials found

5
testing/tests/ldap/0004-CachedCredentials-ldap1.test Normal file
View File

@ -0,0 +1,5 @@
# Check to see if the log line for cached credentials being valid is
# present. That is only issued if we're successfully fetch valid credentials
# from our cache.
SCRIPT=if [ $(grep "HTTPAuthLogin:CheckCache: Cached credentials for ldap1 are good" /var/log/apache2/regression-error.log | wc -l) -eq 1 ] ; then echo "Cached credentials found"; else echo "Cached credentials failed"; fi

7
testing/tests/ldap/0005-test-invalid-user.result Normal file
View File

@ -0,0 +1,7 @@
HTTP/1.1 401 Unauthorized
Date: Dow, 01 Jan 2000 00:00:00 GMT
WWW-Authenticate: Basic realm="DAViCal CalDAV Server"
Content-Length: 40
Content-Type: text/plain; ; charset="utf-8"
Please log in for access to this system.

64
testing/tests/ldap/0005-test-invalid-user.test Normal file
View File

@ -0,0 +1,64 @@
BEGINPERL
if ($debug) { $ENV{'LDAP_DEBUG'} = 1 };
use Net::LDAP::Server::Test;
use Net::LDAP;
use IO::Socket::INET;
#my $port = find_idle_port();
#my $ldap_port = RT::Test->find_idle_port;
my $ldap_port = 21394;
my $ldap_socket = IO::Socket::INET->new(
Listen => 5,
Proto => 'tcp',
Reuse => 1,
LocalPort => $ldap_port,
);
# Keep it around after this block exits.
$evaled{'ldap_server'} = Net::LDAP::Server::Test->new( $ldap_socket, auto_schema => 1 );
my $ldap = Net::LDAP->new("localhost:$ldap_port") || die "Failed to instantiate Net::LDAP: $!";
$ldap->bind();
my $username = "ldap1";
my $base = "dc=example,dc=com";
my $dn = "uid=$username,$base";
my $entry = {
cn => $username,
mail => "$username\@example.com",
uid => $username,
objectClass => 'User',
userPassword => 'ldap1',
};
$ldap->add( $base );
$ldap->add( $dn, attr => [%$entry] );
# We need to keep the client around, otherwise the test server will exit.
$evaled{'ldap_client'} = $ldap;
#sleep 100;
ENDPERL
TYPE=PROPFIND
URL=http://regression_ldap.host/caldav.php/
HEADER=Content-Type: text/xml
HEADER=Depth: 1
AUTH=ldap2:ldap2
HEAD
BEGINDATA
<?xml version="1.0" encoding="utf-8" ?>
<D:propfind xmlns:D="DAV:">
<D:prop>
<D:resourcetype/>
</D:prop>
</D:propfind>
ENDDATA
# Check that no usr record has been created.
QUERY
SELECT active, email, fullname, last_used, password, username, user_no
FROM usr
WHERE username = 'ldap2';
ENDQUERY

2
testing/tests/ldap/0006-NoCachedCredentials-ldap2.result Normal file
View File

@ -0,0 +1,2 @@
No cached credentials found - no salt
No cached credentials found

4
testing/tests/ldap/0006-NoCachedCredentials-ldap2.test Normal file
View File

@ -0,0 +1,4 @@
# Make sure there are no cached credentials present.
SCRIPT=if [ $(grep "HTTPAuthLogin:CheckCache: No salt stored for ldap2" /var/log/apache2/regression-error.log | wc -l) -eq 1 ] ; then echo "No cached credentials found - no salt"; else echo "Cached credentials, present, failed"; fi
SCRIPT=if [ $(grep "HTTPAuthLogin:CheckCache: Cached credentials for ldap2" /var/log/apache2/regression-error.log | wc -l) -eq 0 ] ; then echo "No cached credentials found"; else echo "Cached credentials, failed"; fi

7
testing/tests/ldap/0007-test-invalid-user.result Normal file
View File

@ -0,0 +1,7 @@
HTTP/1.1 401 Unauthorized
Date: Dow, 01 Jan 2000 00:00:00 GMT
WWW-Authenticate: Basic realm="DAViCal CalDAV Server"
Content-Length: 40
Content-Type: text/plain; ; charset="utf-8"
Please log in for access to this system.

66
testing/tests/ldap/0007-test-invalid-user.test Normal file
View File

@ -0,0 +1,66 @@
# Test again for an invalid user to check that the failed credentials are
# cached.
BEGINPERL
if ($debug) { $ENV{'LDAP_DEBUG'} = 1 };
use Net::LDAP::Server::Test;
use Net::LDAP;
use IO::Socket::INET;
#my $port = find_idle_port();
#my $ldap_port = RT::Test->find_idle_port;
my $ldap_port = 21394;
my $ldap_socket = IO::Socket::INET->new(
Listen => 5,
Proto => 'tcp',
Reuse => 1,
LocalPort => $ldap_port,
);
# Keep it around after this block exits.
$evaled{'ldap_server'} = Net::LDAP::Server::Test->new( $ldap_socket, auto_schema => 1 );
my $ldap = Net::LDAP->new("localhost:$ldap_port") || die "Failed to instantiate Net::LDAP: $!";
$ldap->bind();
my $username = "ldap1";
my $base = "dc=example,dc=com";
my $dn = "uid=$username,$base";
my $entry = {
cn => $username,
mail => "$username\@example.com",
uid => $username,
objectClass => 'User',
userPassword => 'ldap1',
};
$ldap->add( $base );
$ldap->add( $dn, attr => [%$entry] );
# We need to keep the client around, otherwise the test server will exit.
$evaled{'ldap_client'} = $ldap;
#sleep 100;
ENDPERL
TYPE=PROPFIND
URL=http://regression_ldap.host/caldav.php/
HEADER=Content-Type: text/xml
HEADER=Depth: 1
AUTH=ldap2:ldap2
HEAD
BEGINDATA
<?xml version="1.0" encoding="utf-8" ?>
<D:propfind xmlns:D="DAV:">
<D:prop>
<D:resourcetype/>
</D:prop>
</D:propfind>
ENDDATA
# Check that no usr record has been created.
QUERY
SELECT active, email, fullname, last_used, password, username, user_no
FROM usr
WHERE username = 'ldap2';
ENDQUERY

1
testing/tests/ldap/0008-CachedCredentialsFailed-ldap2.result Normal file
View File

@ -0,0 +1 @@
Cached credentials found, password incorrect

5
testing/tests/ldap/0008-CachedCredentialsFailed-ldap2.test Normal file
View File

@ -0,0 +1,5 @@
# Check to see if the log line for cached credentials being invalid is
# present. That is only issued if we've fetch a fail for the credentials
# from our cache.
SCRIPT=if [ $(grep "HTTPAuthLogin:CheckCache: Cached credentials for ldap2 are good and invalid" /var/log/apache2/regression-error.log | wc -l) -eq 1 ] ; then echo "Cached credentials found, password incorrect"; else echo "Cached credentials failed"; fi

14
testing/tests/ldap/Create-Database.result Normal file
View File

@ -0,0 +1,14 @@
Supported locales updated.
Updated view: dav_principal.sql applied.
CalDAV functions updated.
RRULE functions updated.
Database permissions updated.
NOTE
====
* The password for the 'admin' user has been set to 'nimda'
Thanks for trying DAViCal! Check the configuration in /etc/davical/config.php.
For help, look at our website and wiki, or visit #davical on irc.oftc.net.

0
testing/tests/ldap/Dump-Database.result Normal file
View File

15
testing/tests/ldap/Load-Sample-Data.result Normal file
View File

@ -0,0 +1,15 @@
setval
--------
1000
(1 row)
setval
--------
1000
(1 row)
setval
--------
10
(1 row)

7
testing/tests/ldap/Really-Upgrade-Database.result Normal file
View File

@ -0,0 +1,7 @@
The database is version XX currently at revision 1.3.5.
No patches were applied.
Supported locales updated.
Updated view: dav_principal.sql applied.
CalDAV functions updated.
RRULE functions updated.
Database permissions updated.

140
testing/tests/ldap/Restore-Database.result Normal file
View File

@ -0,0 +1,140 @@
set_config
------------
public
(1 row)
setval
--------
1013
(1 row)
setval
--------
1
(1 row)
setval
--------
1
(1 row)
setval
--------
1
(1 row)
setval
--------
1
(1 row)
setval
--------
1
(1 row)
setval
--------
1
(1 row)
setval
--------
1
(1 row)
setval
--------
1
(1 row)
setval
--------
1
(1 row)
setval
--------
1
(1 row)
setval
--------
1
(1 row)
setval
--------
1
(1 row)
setval
--------
1
(1 row)
setval
--------
1
(1 row)
setval
--------
1
(1 row)
setval
--------
1
(1 row)
setval
--------
1
(1 row)
setval
--------
1
(1 row)
setval
--------
1
(1 row)
setval
--------
1
(1 row)
setval
--------
10
(1 row)
setval
--------
10
(1 row)
setval
--------
1
(1 row)
setval
--------
1
(1 row)
setval
--------
1
(1 row)
setval
--------
1000
(1 row)

5
testing/tests/ldap/Upgrade-Database.result Normal file
View File

@ -0,0 +1,5 @@
Supported locales updated.
Updated view: dav_principal.sql applied.
CalDAV functions updated.
RRULE functions updated.
Database permissions updated.

126
testing/tests/ldap/sample-data.sql Normal file
View File

@ -0,0 +1,126 @@
-- Some sample data to prime the database...
-- base-data.sql should be processed before this
INSERT INTO usr ( user_no, active, email_ok, updated, username, password, fullname, email )
VALUES( 2, TRUE, current_date, current_date, 'andrew', '**x', 'Andrew McMillan', 'andrew@catalyst.net.nz' );
INSERT INTO role_member (user_no, role_no) VALUES( 2, 1);
INSERT INTO usr ( user_no, active, email_ok, updated, username, password, fullname, email )
VALUES( 10, TRUE, current_date, current_date, 'user1', '**user1', 'User 1', 'user1@example.net' );
INSERT INTO usr ( user_no, active, email_ok, updated, username, password, fullname, email )
VALUES( 11, TRUE, current_date, current_date, 'user2', '**user2', 'User 2', 'user2@example.net' );
INSERT INTO usr ( user_no, active, email_ok, updated, username, password, fullname, email )
VALUES( 12, TRUE, current_date, current_date, 'user3', '**user3', 'User 3', 'user3@example.net' );
INSERT INTO usr ( user_no, active, email_ok, updated, username, password, fullname, email )
VALUES( 13, TRUE, current_date, current_date, 'user4', '**user4', 'User 4', 'user4@example.net' );
INSERT INTO usr ( user_no, active, email_ok, updated, username, password, fullname, email )
VALUES( 14, TRUE, current_date, current_date, 'user5', '**user5', 'User 5', 'user5@example.net' );
INSERT INTO usr ( user_no, active, email_ok, updated, username, password, fullname, email )
VALUES( 15, TRUE, current_date, current_date, 'User Six', '**user6', 'User 6', 'user6@example.net' );
INSERT INTO usr ( user_no, active, email_ok, updated, username, password, fullname, email )
VALUES( 20, TRUE, current_date, current_date, 'manager1', '**manager1', 'Manager 1', 'manager1@example.net' );
INSERT INTO usr ( user_no, active, email_ok, updated, username, password, fullname, email )
VALUES( 30, TRUE, current_date, current_date, 'assistant1', '**assistant1', 'Assistant 1', 'assistant1@example.net' );
INSERT INTO usr ( user_no, active, email_ok, updated, username, password, fullname, email )
VALUES( 100, TRUE, current_date, current_date, 'resource1', '*salt*unpossible', 'Resource 1', 'resource1@example.net' );
INSERT INTO role_member (user_no, role_no) VALUES( 100, 4);
INSERT INTO usr ( user_no, active, email_ok, updated, username, password, fullname, email )
VALUES( 101, TRUE, current_date, current_date, 'resource2', '*salt*unpossible', 'Resource 2', 'resource2@example.net' );
INSERT INTO role_member (user_no, role_no) VALUES( 101, 4);
INSERT INTO usr ( user_no, active, email_ok, updated, username, password, fullname, email )
VALUES( 200, TRUE, current_date, current_date, 'resmgr1', '*salt*unpossible', 'Resource Managers', 'resource-managers@example.net' );
INSERT INTO role_member (user_no, role_no) VALUES( 200, 2);
INSERT INTO usr ( user_no, active, email_ok, updated, username, password, fullname, email )
VALUES( 300, TRUE, current_date, current_date, 'teamclient1', '*salt*unpossible', 'Team for Client1', 'team-client1@example.net' );
INSERT INTO role_member (user_no, role_no) VALUES( 300, 2);
SELECT setval('usr_user_no_seq', 1000);
SELECT setval('dav_id_seq', 1000);
UPDATE usr SET joined = '2009-06-01', updated = '2009-06-02';
INSERT INTO collection (user_no, parent_container, dav_name, dav_etag,
dav_displayname, is_calendar, created, modified,
public_events_only, publicly_readable, collection_id, resourcetypes )
SELECT user_no, '/' || username || '/', '/' || username || '/home/', md5(username),
username || ' home', TRUE, '2009-06-03', '2009-06-04',
FALSE, FALSE, user_no + 150, '<DAV::collection/><urn:ietf:params:xml:ns:caldav:calendar/>'
FROM usr ORDER BY user_no;
INSERT INTO collection (user_no, parent_container, dav_name, dav_etag,
dav_displayname, is_calendar, is_addressbook, created, modified,
public_events_only, publicly_readable, collection_id, resourcetypes )
SELECT user_no, '/' || username || '/', '/' || username || '/addresses/', md5(username),
username || ' addresses', FALSE, TRUE, '1957-07-26', '1998-03-16',
FALSE, FALSE, user_no + 450, '<DAV::collection/><urn:ietf:params:xml:ns:carddav:addressbook/>'
FROM usr ORDER BY user_no;
INSERT INTO principal (type_id, user_no, displayname, default_privileges)
SELECT 1, user_no, fullname, privilege_to_bits(ARRAY['read-free-busy','schedule-send','schedule-deliver']) FROM usr
WHERE NOT EXISTS(SELECT 1 FROM role_member JOIN roles USING(role_no) WHERE role_name = 'Group' AND role_member.user_no = usr.user_no)
AND NOT EXISTS(SELECT 1 FROM role_member JOIN roles USING(role_no) WHERE role_name = 'Resource' AND role_member.user_no = usr.user_no)
AND NOT EXISTS(SELECT 1 FROM principal WHERE principal.user_no = usr.user_no) ORDER BY user_no;
INSERT INTO principal (type_id, user_no, displayname, default_privileges)
SELECT 2, user_no, fullname, privilege_to_bits(ARRAY['read','schedule-send','schedule-deliver']) FROM usr
WHERE EXISTS(SELECT 1 FROM role_member JOIN roles USING(role_no) WHERE role_name = 'Resource' AND role_member.user_no = usr.user_no)
AND NOT EXISTS(SELECT 1 FROM principal WHERE principal.user_no = usr.user_no) ORDER BY user_no;
INSERT INTO principal (type_id, user_no, displayname, default_privileges)
SELECT 3, user_no, fullname, privilege_to_bits(ARRAY['read-free-busy','schedule-send','schedule-deliver']) FROM usr
WHERE EXISTS(SELECT 1 FROM role_member JOIN roles USING(role_no) WHERE role_name = 'Group' AND role_member.user_no = usr.user_no)
AND NOT EXISTS(SELECT 1 FROM principal WHERE principal.user_no = usr.user_no) ORDER BY user_no;
-- Set the insert sequence to the next number, with a minimum of 1000
SELECT setval('relationship_type_rt_id_seq', (SELECT 10 UNION SELECT rt_id FROM relationship_type ORDER BY 1 DESC LIMIT 1) );
-- The resources for meetings
INSERT INTO relationship ( from_user, to_user, rt_id ) VALUES( 200, 100, 1 );
INSERT INTO relationship ( from_user, to_user, rt_id ) VALUES( 200, 101, 1 );
-- The people who administer meetings
INSERT INTO relationship ( from_user, to_user, rt_id ) VALUES( 10, 200, 1 );
INSERT INTO relationship ( from_user, to_user, rt_id ) VALUES( 11, 200, 1 );
INSERT INTO relationship ( from_user, to_user, rt_id ) VALUES( 30, 200, 1 );
-- Between a PA and their Manager
INSERT INTO relationship ( from_user, to_user, rt_id ) VALUES( 30, 20, 2 );
INSERT INTO relationship ( from_user, to_user, rt_id ) VALUES( 30, 10, 2 );
-- Between a team
INSERT INTO relationship ( from_user, to_user, rt_id ) VALUES( 20, 300, 3 );
INSERT INTO relationship ( from_user, to_user, rt_id ) VALUES( 10, 300, 3 );
INSERT INTO relationship ( from_user, to_user, rt_id ) VALUES( 30, 300, 3 );
INSERT INTO relationship ( from_user, to_user, rt_id ) VALUES( 300, 20, 3 );
INSERT INTO relationship ( from_user, to_user, rt_id ) VALUES( 300, 10, 3 );
INSERT INTO relationship ( from_user, to_user, rt_id ) VALUES( 300, 30, 3 );
-- Granting explicit free/busy permission
INSERT INTO relationship ( from_user, to_user, rt_id ) VALUES( 11, 10, 4 );
INSERT INTO relationship ( from_user, to_user, rt_id ) VALUES( 10, 11, 4 );
UPDATE relationship r SET confers = (SELECT bit_confers FROM relationship_type rt WHERE rt.rt_id=r.rt_id);
INSERT INTO group_member ( group_id, member_id)
SELECT g.principal_id, m.principal_id
FROM relationship JOIN principal g ON(to_user=g.user_no AND g.type_id = 3) -- Group
JOIN principal m ON(from_user=m.user_no AND m.type_id IN (1,2)) ORDER BY 1, 2; -- Person | Resource
INSERT INTO grants ( by_principal, to_principal, privileges, is_group )
SELECT pby.principal_id AS by_principal, pto.principal_id AS to_principal,
confers AS privileges, pto.type_id > 2 AS is_group
FROM relationship r JOIN usr f ON(f.user_no=r.from_user)
JOIN usr t ON(t.user_no=r.to_user)
JOIN principal pby ON(t.user_no=pby.user_no)
JOIN principal pto ON(pto.user_no=f.user_no)
WHERE rt_id < 4 AND pby.type_id < 3 ORDER BY 1, 2;