#
#
# add_file "test/monotonerc"
#  content [a9d96e258ff70b93d9f9a089ebd07eb3b2b34543]
# 
# add_file "test/read-permissions"
#  content [54cdd7a94f8a850db29ca0df95b52cd417fd9620]
# 
# add_file "test/write-permissions"
#  content [b462aee1c6c401b3c709a746e9400677c2ffbeb2]
# 
# patch "test/1_basic-workspace/__driver__.lua"
#  from [1a632bb1f802ee25d30534c21176b36702a0d07c]
#    to [dc4478056e6ff861ecde04cfa6d794ab039a1f07]
# 
# patch "test/testsuite.lua"
#  from [4c7127d0b1ff9eee6ba0695465d6efcf75942694]
#    to [3413ff59e34dd6a7793ddd4cea6ee538ea45f858]
#
============================================================
--- test/monotonerc	a9d96e258ff70b93d9f9a089ebd07eb3b2b34543
+++ test/monotonerc	a9d96e258ff70b93d9f9a089ebd07eb3b2b34543
@@ -0,0 +1,5 @@
+include("policy.lua")
+
+function get_passphrase(key)
+   return key
+end
============================================================
--- test/read-permissions	54cdd7a94f8a850db29ca0df95b52cd417fd9620
+++ test/read-permissions	54cdd7a94f8a850db29ca0df95b52cd417fd9620
@@ -0,0 +1,2 @@
+pattern "*"
+allow "*"
============================================================
--- test/write-permissions	b462aee1c6c401b3c709a746e9400677c2ffbeb2
+++ test/write-permissions	b462aee1c6c401b3c709a746e9400677c2ffbeb2
@@ -0,0 +1 @@
+*
============================================================
--- test/1_basic-workspace/__driver__.lua	1a632bb1f802ee25d30534c21176b36702a0d07c
+++ test/1_basic-workspace/__driver__.lua	dc4478056e6ff861ecde04cfa6d794ab039a1f07
@@ -1,4 +1,50 @@
+-- basic_workspace
 
 admin = new_person("admin")
 developer = new_person("developer")
+evilguy = new_person("evilguy")
 user = new_person("user")
+
+server = new_person("server")
+server:fetch_keys(admin, developer, evilguy, user)
+
+
+-- Updating a workspace should validate candidate revisions
+-- against the policy.
+
+mkdir(user.confdir.."/policy")
+writefile(user.confdir.."/policy/write-permissions", "admin\ndeveloper\n")
+
+-- Need something to start with...
+dev_ws = developer:setup("test.branch")
+dev_ws:addfile("version", "1")
+dev_ws:commit("Initial commit")
+developer:push_to(server)
+
+user:pull_from(server)
+user_ws = user:checkout("test.branch")
+
+-- Check an allowed update...
+dev_ws:editfile("version", "2")
+dev_ws:commit("bugfix")
+developer:push_to(server)
+user:pull_from(server)
+check(user_ws:run("update"), 0, false, false)
+check(user_ws:readfile("version") == "2")
+
+-- Check a disallowed update...
+evilguy:pull_from(server)
+evil_ws = evilguy:checkout("test.branch")
+evil_ws:editfile("version", "3")
+evil_ws:commit("add backdoor")
+evilguy:push_to(server)
+
+user:pull_from(server)
+check(user_ws:run("update"), 0, false, false)
+check(user_ws:readfile("version") == "2")
+
+-- More complex
+
+--policy_ws = admin.setup("policy-branch")
+--policy_ws.add_file("write_permissions", "admin\ndeveloper\n")
+--admin.push_to(server)
============================================================
--- test/testsuite.lua	4c7127d0b1ff9eee6ba0695465d6efcf75942694
+++ test/testsuite.lua	3413ff59e34dd6a7793ddd4cea6ee538ea45f858
@@ -1,9 +1,9 @@ math.randomseed(get_pid())
 
 math.randomseed(get_pid())
-testdir = srcdir.."/test"
+testdir = srcdir
 
 function run_netsync(what, client, server, result, ...)
-   local srv = bg(server.run("--bind="..server.address, "serve"),
+   local srv = bg(server:run("--bind="..server.address, "serve"),
 		  false, false, false)
 
   -- wait for "beginning service..."
@@ -12,8 +12,13 @@ function run_netsync(what, client, serve
     check(not srv:wait(0))
  end
 
- check(client.run("pull", server.address, unpack(arg)), result, false, false)
- srv:stop()
+ local t = arg
+ if #t == 0 then
+    t = {"*"}
+ end
+
+ check(client:run(what, server.address, unpack(t)), result, false, false)
+ srv:finish()
 end
 
 function setup_confdir(dest)
@@ -21,13 +26,57 @@ function setup_confdir(dest)
    copy(srcdir.."/update-policy.lua", dest.."/update-policy.lua")
    copy(srcdir.."/update-policy.sh", dest.."/update-policy.sh")
    copy(testdir.."/monotonerc", dest.."/monotonerc")
+   copy(testdir.."/read-permissions", dest.."/read-permissions")
+   copy(testdir.."/write-permissions", dest.."/write-permissions")
 end
 
+function new_workspace(person, dir)
+   local workspace = {}
+   local mt = {}
+   mt.__index = mt
+
+   workspace.owner = person
+   workspace.dir = dir
+
+   mt.fullpath = function(obj, path)
+		    return obj.owner:fullpath(obj.dir).."/"..path
+		 end
+   mt.run = function(obj, ...)
+	       return obj.owner:runin(obj.dir, unpack(arg))
+	    end
+   mt.commit = function(obj, comment)
+		  if comment == nil then
+		     comment = "no comment"
+		  end
+		  check(obj:run("commit", "-m", comment), 0, false, false)
+	       end
+   mt.drop = function(obj, ...)
+		check(obj:run("drop", "-R", unpack(arg)), 0, false, false)
+	     end
+   mt.adddir = function(obj, dirname)
+		  mkdir(obj:fullpath(dirname))
+		  check(obj:run("add", dirname), 0, false, false)
+	       end
+   mt.addfile = function(obj, filename, contents)
+		   writefile(obj:fullpath(filename), contents)
+		   check(obj:run("add", filename), 0, false, false)
+		end
+   mt.editfile = function(obj, filename, contents)
+		    writefile(obj:fullpath(filename), contents)
+		 end
+   mt.readfile = function(obj, filename)
+		    return readfile(obj:fullpath(filename))
+		 end
+
+   return setmetatable(workspace, mt)
+end
+
 function new_person(name)
    local person = {}
    local mt = {}
    mt.__index = mt
 
+   person.name = name
    person.basedir = test.root.."/"..name
    person.confdir = person.basedir.."/conf"
    person.keydir = person.confdir.."/keys"
@@ -39,15 +88,18 @@ function new_person(name)
 
    setup_confdir(person.confdir)
 
+   mt.fullpath = function(obj, path)
+		    return obj.basedir.."/"..path
+		 end
    mt.runin = function(obj, dir, ...)
-	       return indir(obj.basedir.."/"..dir,
-			    {"mtn",
-			       "--root="..obj.basedir,
-			       "--confdir="..obj.confdir,
-			       "--keydir="..obj.keydir,
-			       "--db="..obj.db,
-			       unpack(arg)})
-		 end
+		 return indir(obj:fullpath(dir),
+			      {"mtn",
+				 "--root="..obj.basedir,
+				 "--confdir="..obj.confdir,
+				 "--keydir="..obj.keydir,
+				 "--db="..obj.db,
+				 unpack(arg)})
+	      end
    mt.run = function(obj, ...)
 	       return obj:runin("", unpack(arg))
 	    end
@@ -61,6 +113,29 @@ function new_person(name)
    mt.sync_with = function(...)
 		     run_netsync("sync", unpack(arg))
 		  end
+   mt.setup = function(obj, branch)
+		 check(obj:run("setup", branch, "-b", branch), 0, false, false)
+		 return new_workspace(obj, branch)
+	      end
+   mt.checkout = function(obj, branch)
+		    check(obj:run("checkout", branch, "-b", branch), 0, false, false)
+		    return new_workspace(obj, branch)
+		 end
+   mt.pubkey = function(obj)
+		  check(obj:run("pubkey", obj.name), 0, true, false)
+		  return readfile("stdout")
+	       end
+   mt.read = function(obj, what)
+		check(obj:run("read"), 0, false, false, what)
+	     end
+   mt.fetch_keys = function(obj, ...)
+		      for i,x in ipairs(arg) do
+			 obj:read(x:pubkey())
+		      end
+		   end
 
-   return setmetatable(person, mt)
+   person = setmetatable(person, mt)
+   check(person:run("db", "init"), 0, false, false)
+   check(person:run("genkey", person.name), 0, false, false, string.rep(person.name.."\n", 2))
+   return person
 end