2012-03-08 09:00:13 +01:00
|
|
|
package Gitolite::Conf::Load;
|
|
|
|
|
|
|
|
|
|
# load conf data from stored files
|
|
|
|
|
# ----------------------------------------------------------------------
|
|
|
|
|
|
|
|
|
|
@EXPORT = qw(
|
|
|
|
|
load
|
2012-03-20 12:13:45 +01:00
|
|
|
|
2012-03-08 09:00:13 +01:00
|
|
|
access
|
2012-03-16 09:59:45 +01:00
|
|
|
git_config
|
2012-03-20 12:13:45 +01:00
|
|
|
|
2012-03-17 17:20:48 +01:00
|
|
|
option
|
2012-03-17 02:30:17 +01:00
|
|
|
repo_missing
|
2012-03-20 02:49:07 +01:00
|
|
|
creator
|
2012-03-20 12:13:45 +01:00
|
|
|
|
2012-03-11 03:06:42 +01:00
|
|
|
vrefs
|
2012-03-12 16:24:30 +01:00
|
|
|
lister_dispatch
|
2012-03-08 09:00:13 +01:00
|
|
|
);
|
|
|
|
|
|
|
|
|
|
use Exporter 'import';
|
|
|
|
|
|
|
|
|
|
use Gitolite::Common;
|
|
|
|
|
use Gitolite::Rc;
|
|
|
|
|
|
|
|
|
|
use strict;
|
|
|
|
|
use warnings;
|
|
|
|
|
|
|
|
|
|
# ----------------------------------------------------------------------
|
|
|
|
|
|
|
|
|
|
# our variables, because they get loaded by a 'do'
|
|
|
|
|
our $data_version = '';
|
|
|
|
|
our %repos;
|
|
|
|
|
our %one_repo;
|
|
|
|
|
our %groups;
|
2012-11-14 10:42:30 +01:00
|
|
|
our %patterns;
|
2012-03-08 09:00:13 +01:00
|
|
|
our %configs;
|
|
|
|
|
our %one_config;
|
|
|
|
|
our %split_conf;
|
|
|
|
|
|
2012-03-12 16:24:30 +01:00
|
|
|
my $subconf = 'master';
|
|
|
|
|
|
|
|
|
|
my %listers = (
|
|
|
|
|
'list-groups' => \&list_groups,
|
|
|
|
|
'list-users' => \&list_users,
|
|
|
|
|
'list-repos' => \&list_repos,
|
|
|
|
|
'list-memberships' => \&list_memberships,
|
|
|
|
|
'list-members' => \&list_members,
|
|
|
|
|
);
|
|
|
|
|
|
2012-03-08 09:00:13 +01:00
|
|
|
# helps maintain the "cache" in both "load_common" and "load_1"
|
|
|
|
|
my $last_repo = '';
|
|
|
|
|
|
|
|
|
|
# ----------------------------------------------------------------------
|
|
|
|
|
|
|
|
|
|
{
|
|
|
|
|
my $loaded_repo = '';
|
|
|
|
|
|
|
|
|
|
sub load {
|
|
|
|
|
my $repo = shift or _die "load() needs a reponame";
|
2012-03-15 16:30:39 +01:00
|
|
|
trace( 3, "$repo" );
|
2012-03-08 09:00:13 +01:00
|
|
|
if ( $repo ne $loaded_repo ) {
|
2012-03-08 08:01:01 +01:00
|
|
|
load_common();
|
|
|
|
|
load_1($repo);
|
2012-03-08 09:00:13 +01:00
|
|
|
$loaded_repo = $repo;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
sub access {
|
|
|
|
|
my ( $repo, $user, $aa, $ref ) = @_;
|
2012-05-06 15:23:52 +02:00
|
|
|
_die "invalid user '$user'" if not( $user and $user =~ $USERNAME_PATT );
|
2012-10-05 03:49:59 +02:00
|
|
|
sanity($repo);
|
|
|
|
|
|
2012-11-08 14:42:20 +01:00
|
|
|
my @rules;
|
|
|
|
|
my $deny_rules;
|
|
|
|
|
|
2012-03-08 09:00:13 +01:00
|
|
|
load($repo);
|
2012-11-08 14:42:20 +01:00
|
|
|
@rules = rules( $repo, $user );
|
|
|
|
|
$deny_rules = option( $repo, 'deny-rules' );
|
2012-03-08 09:00:13 +01:00
|
|
|
|
2012-03-20 19:21:18 +01:00
|
|
|
# sanity check the only piece the user can control
|
2012-05-21 11:52:19 +02:00
|
|
|
_die "invalid characters in ref or filename: '$ref'\n" unless $ref =~ $REF_OR_FILENAME_PATT;
|
2012-03-20 19:21:18 +01:00
|
|
|
|
2012-03-18 10:27:13 +01:00
|
|
|
# when a real repo doesn't exist, ^C is a pre-requisite for any other
|
|
|
|
|
# check to give valid results.
|
|
|
|
|
if ( $aa ne '^C' and $repo !~ /^\@/ and $repo =~ $REPONAME_PATT and repo_missing($repo) ) {
|
|
|
|
|
my $iret = access( $repo, $user, '^C', $ref );
|
|
|
|
|
$iret =~ s/\^C/$aa/;
|
|
|
|
|
return $iret if $iret =~ /DENIED/;
|
|
|
|
|
}
|
2012-04-22 06:04:06 +02:00
|
|
|
# similarly, ^C must be denied if the repo exists
|
|
|
|
|
if ( $aa eq '^C' and not repo_missing($repo) ) {
|
|
|
|
|
trace( 2, "DENIED by existence" );
|
|
|
|
|
return "$aa $ref $repo $user DENIED by existence";
|
|
|
|
|
}
|
2012-03-18 10:27:13 +01:00
|
|
|
|
2012-03-15 16:30:39 +01:00
|
|
|
trace( 2, scalar(@rules) . " rules found" );
|
2012-03-08 09:00:13 +01:00
|
|
|
for my $r (@rules) {
|
2012-03-15 15:34:30 +01:00
|
|
|
my $perm = $r->[1];
|
|
|
|
|
my $refex = $r->[2]; $refex =~ s(/USER/)(/$user/);
|
2012-03-15 16:30:39 +01:00
|
|
|
trace( 3, "perm=$perm, refex=$refex" );
|
2012-03-08 09:00:13 +01:00
|
|
|
|
|
|
|
|
# skip 'deny' rules if the ref is not (yet) known
|
2012-03-19 10:20:48 +01:00
|
|
|
next if $perm eq '-' and $ref eq 'any' and not $deny_rules;
|
2012-03-08 09:00:13 +01:00
|
|
|
|
2012-03-09 09:03:32 +01:00
|
|
|
# rule matches if ref matches or ref is any (see gitolite-shell)
|
|
|
|
|
next unless $ref =~ /^$refex/ or $ref eq 'any';
|
2012-03-08 09:00:13 +01:00
|
|
|
|
2012-03-15 16:30:39 +01:00
|
|
|
trace( 2, "DENIED by $refex" ) if $perm eq '-';
|
2012-03-09 09:03:32 +01:00
|
|
|
return "$aa $ref $repo $user DENIED by $refex" if $perm eq '-';
|
2012-03-08 09:00:13 +01:00
|
|
|
|
|
|
|
|
# $perm can be RW\+?(C|D|CD|DC)?M?. $aa can be W, +, C or D, or
|
|
|
|
|
# any of these followed by "M".
|
|
|
|
|
( my $aaq = $aa ) =~ s/\+/\\+/;
|
|
|
|
|
$aaq =~ s/M/.*M/;
|
|
|
|
|
# as far as *this* ref is concerned we're ok
|
|
|
|
|
return $refex if ( $perm =~ /$aaq/ );
|
|
|
|
|
}
|
2012-03-15 16:30:39 +01:00
|
|
|
trace( 2, "DENIED by fallthru" );
|
2012-03-09 09:03:32 +01:00
|
|
|
return "$aa $ref $repo $user DENIED by fallthru";
|
2012-03-08 09:00:13 +01:00
|
|
|
}
|
|
|
|
|
|
2012-03-16 09:59:45 +01:00
|
|
|
sub git_config {
|
2012-05-04 13:03:04 +02:00
|
|
|
my ( $repo, $key, $empty_values_OK ) = @_;
|
2012-03-16 09:59:45 +01:00
|
|
|
$key ||= '.';
|
|
|
|
|
|
2012-06-01 01:54:27 +02:00
|
|
|
if (repo_missing($repo)) {
|
|
|
|
|
load_common();
|
|
|
|
|
} else {
|
|
|
|
|
load($repo);
|
|
|
|
|
}
|
2012-03-16 09:59:45 +01:00
|
|
|
|
|
|
|
|
# read comments bottom up
|
|
|
|
|
my %ret =
|
|
|
|
|
# and take the second and third elements to make up your new hash
|
|
|
|
|
map { $_->[1] => $_->[2] }
|
|
|
|
|
# keep only the ones where the second element matches your key
|
|
|
|
|
grep { $_->[1] =~ qr($key) }
|
|
|
|
|
# sort this list of listrefs by the first element in each list ref'd to
|
|
|
|
|
sort { $a->[0] <=> $b->[0] }
|
|
|
|
|
# dereference it (into a list of listrefs)
|
2012-03-17 02:30:17 +01:00
|
|
|
map { @$_ }
|
2012-03-16 09:59:45 +01:00
|
|
|
# take the value of that entry
|
|
|
|
|
map { $configs{$_} }
|
|
|
|
|
# if it has an entry in %configs
|
|
|
|
|
grep { $configs{$_} }
|
|
|
|
|
# for each "repo" that represents us
|
2012-03-17 02:30:17 +01:00
|
|
|
memberships( 'repo', $repo );
|
2012-03-16 09:59:45 +01:00
|
|
|
|
|
|
|
|
# %configs looks like this (for each 'foo' that is in memberships())
|
|
|
|
|
# 'foo' => [ [ 6, 'foo.bar', 'repo' ], [ 7, 'foodbar', 'repoD' ], [ 8, 'foo.czar', 'jule' ] ],
|
|
|
|
|
# the first map gets you the value
|
|
|
|
|
# [ [ 6, 'foo.bar', 'repo' ], [ 7, 'foodbar', 'repoD' ], [ 8, 'foo.czar', 'jule' ] ],
|
|
|
|
|
# the deref gets you
|
|
|
|
|
# [ 6, 'foo.bar', 'repo' ], [ 7, 'foodbar', 'repoD' ], [ 8, 'foo.czar', 'jule' ]
|
|
|
|
|
# the sort rearranges it (in this case it's already sorted but anyway...)
|
|
|
|
|
# the grep gets you this, assuming the key is foo.bar (and "." is regex ".')
|
|
|
|
|
# [ 6, 'foo.bar', 'repo' ], [ 7, 'foodbar', 'repoD' ]
|
|
|
|
|
# and the final map does this:
|
|
|
|
|
# 'foo.bar'=>'repo' , 'foodbar'=>'repoD'
|
|
|
|
|
|
2012-05-04 13:03:04 +02:00
|
|
|
# now some of these will have an empty key; we need to delete them unless
|
|
|
|
|
# we're told empty values are OK
|
|
|
|
|
unless ($empty_values_OK) {
|
|
|
|
|
my($k, $v);
|
|
|
|
|
while (($k, $v) = each %ret) {
|
|
|
|
|
delete $ret{$k} if not $v;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2012-10-30 07:39:16 +01:00
|
|
|
my($k, $v);
|
|
|
|
|
my $creator = creator($repo);
|
|
|
|
|
while (($k, $v) = each %ret) {
|
|
|
|
|
$v =~ s/%GL_REPO/$repo/g;
|
|
|
|
|
$v =~ s/%GL_CREATOR/$creator/g if $creator;
|
|
|
|
|
$ret{$k} = $v;
|
|
|
|
|
}
|
|
|
|
|
|
2012-03-17 03:10:17 +01:00
|
|
|
trace( 3, map { ( "$_" => "-> $ret{$_}" ) } ( sort keys %ret ) );
|
2012-03-16 09:59:45 +01:00
|
|
|
return \%ret;
|
|
|
|
|
}
|
|
|
|
|
|
2012-03-17 17:20:48 +01:00
|
|
|
sub option {
|
|
|
|
|
my ( $repo, $option ) = @_;
|
|
|
|
|
$option = "gitolite-options.$option";
|
|
|
|
|
my $ret = git_config( $repo, "^\Q$option\E\$" );
|
|
|
|
|
return '' unless %$ret;
|
|
|
|
|
return $ret->{$option};
|
|
|
|
|
}
|
|
|
|
|
|
2012-10-05 03:49:59 +02:00
|
|
|
sub sanity {
|
|
|
|
|
my $repo = shift;
|
|
|
|
|
|
|
|
|
|
_die "invalid repo '$repo'" if not( $repo and $repo =~ $REPOPATT_PATT );
|
|
|
|
|
_die "'$repo' ends with a '/'" if $repo =~ m(/$);
|
|
|
|
|
_die "'$repo' contains '..'" if $repo =~ $REPONAME_PATT and $repo =~ m(\.\.);
|
|
|
|
|
}
|
|
|
|
|
|
2012-03-17 02:30:17 +01:00
|
|
|
sub repo_missing {
|
|
|
|
|
my $repo = shift;
|
2012-10-05 03:49:59 +02:00
|
|
|
sanity($repo);
|
|
|
|
|
|
2012-03-17 02:30:17 +01:00
|
|
|
return not -d "$rc{GL_REPO_BASE}/$repo.git";
|
|
|
|
|
}
|
|
|
|
|
|
2012-03-08 09:00:13 +01:00
|
|
|
# ----------------------------------------------------------------------
|
|
|
|
|
|
|
|
|
|
sub load_common {
|
|
|
|
|
|
2012-03-16 05:29:45 +01:00
|
|
|
_chdir( $rc{GL_ADMIN_BASE} );
|
2012-03-08 08:01:01 +01:00
|
|
|
|
2012-03-08 09:00:13 +01:00
|
|
|
# we take an unusual approach to caching this function!
|
|
|
|
|
# (requires that first call to load_common is before first call to load_1)
|
|
|
|
|
if ( $last_repo and $split_conf{$last_repo} ) {
|
|
|
|
|
delete $repos{$last_repo};
|
|
|
|
|
delete $configs{$last_repo};
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
my $cc = "conf/gitolite.conf-compiled.pm";
|
|
|
|
|
|
2012-05-21 11:52:19 +02:00
|
|
|
_die "parse '$cc' failed: " . ( $! or $@ ) unless do $cc;
|
2012-03-08 09:00:13 +01:00
|
|
|
|
|
|
|
|
if ( data_version_mismatch() ) {
|
2012-03-10 14:26:29 +01:00
|
|
|
_system("gitolite setup");
|
2012-05-21 11:52:19 +02:00
|
|
|
_die "parse '$cc' failed: " . ( $! or $@ ) unless do $cc;
|
2012-03-08 09:00:13 +01:00
|
|
|
_die "data version update failed; this is serious" if data_version_mismatch();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
sub load_1 {
|
|
|
|
|
my $repo = shift;
|
2012-03-15 01:37:41 +01:00
|
|
|
return if $repo =~ /^\@/;
|
2012-03-15 16:30:39 +01:00
|
|
|
trace( 3, $repo );
|
2012-03-08 09:00:13 +01:00
|
|
|
|
2012-03-17 02:30:17 +01:00
|
|
|
if ( repo_missing($repo) ) {
|
2012-09-25 15:35:12 +02:00
|
|
|
trace( 1, "repo '$repo' missing" ) if $repo =~ $REPONAME_PATT;
|
2012-03-17 02:30:17 +01:00
|
|
|
return;
|
|
|
|
|
}
|
2012-03-12 16:24:30 +01:00
|
|
|
_chdir("$rc{GL_REPO_BASE}/$repo.git");
|
2012-03-08 08:01:01 +01:00
|
|
|
|
2012-03-08 09:00:13 +01:00
|
|
|
if ( $repo eq $last_repo ) {
|
|
|
|
|
$repos{$repo} = $one_repo{$repo};
|
|
|
|
|
$configs{$repo} = $one_config{$repo} if $one_config{$repo};
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2012-03-10 18:27:01 +01:00
|
|
|
if ( -f "gl-conf" ) {
|
2012-12-31 01:53:00 +01:00
|
|
|
return if not $split_conf{$repo};
|
2012-03-08 09:00:13 +01:00
|
|
|
|
2012-11-22 15:52:35 +01:00
|
|
|
my $cc = "./gl-conf";
|
2012-05-21 11:52:19 +02:00
|
|
|
_die "parse '$cc' failed: " . ( $! or $@ ) unless do $cc;
|
2012-03-08 09:00:13 +01:00
|
|
|
|
|
|
|
|
$last_repo = $repo;
|
|
|
|
|
$repos{$repo} = $one_repo{$repo};
|
|
|
|
|
$configs{$repo} = $one_config{$repo} if $one_config{$repo};
|
|
|
|
|
} else {
|
2012-04-22 16:19:56 +02:00
|
|
|
_die "split conf set, gl-conf not present for '$repo'" if $split_conf{$repo};
|
2012-03-08 09:00:13 +01:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2012-03-11 03:06:42 +01:00
|
|
|
{
|
|
|
|
|
my $lastrepo = '';
|
|
|
|
|
my $lastuser = '';
|
2012-03-12 16:24:30 +01:00
|
|
|
my @cached = ();
|
2012-03-11 03:06:42 +01:00
|
|
|
|
|
|
|
|
sub rules {
|
|
|
|
|
my ( $repo, $user ) = @_;
|
2012-03-15 16:30:39 +01:00
|
|
|
trace( 3, "repo=$repo, user=$user" );
|
2012-03-11 03:06:42 +01:00
|
|
|
|
2012-03-12 16:24:30 +01:00
|
|
|
return @cached if ( $lastrepo eq $repo and $lastuser eq $user and @cached );
|
2012-03-11 03:06:42 +01:00
|
|
|
|
|
|
|
|
my @rules = ();
|
2012-03-08 09:00:13 +01:00
|
|
|
|
2012-03-17 02:30:17 +01:00
|
|
|
my @repos = memberships( 'repo', $repo );
|
2012-03-17 07:55:38 +01:00
|
|
|
my @users = memberships( 'user', $user, $repo );
|
2012-03-15 16:30:39 +01:00
|
|
|
trace( 3, "memberships: " . scalar(@repos) . " repos and " . scalar(@users) . " users found" );
|
2012-03-08 09:00:13 +01:00
|
|
|
|
2012-03-11 03:06:42 +01:00
|
|
|
for my $r (@repos) {
|
|
|
|
|
for my $u (@users) {
|
2012-09-25 01:37:05 +02:00
|
|
|
push @rules, @{ $repos{$r}{$u} } if exists $repos{$r} and exists $repos{$r}{$u};
|
2012-03-11 03:06:42 +01:00
|
|
|
}
|
2012-03-08 09:00:13 +01:00
|
|
|
}
|
2012-03-11 03:06:42 +01:00
|
|
|
|
|
|
|
|
@rules = sort { $a->[0] <=> $b->[0] } @rules;
|
|
|
|
|
|
|
|
|
|
$lastrepo = $repo;
|
|
|
|
|
$lastuser = $user;
|
2012-03-12 16:24:30 +01:00
|
|
|
@cached = @rules;
|
2012-03-11 03:06:42 +01:00
|
|
|
|
wildrepos almost done (except setperms etc)
implementation notes
- new sugar role_names() to prefix an "@" to CREATOR, and any role
names listed in the rc file.
- invalidate the cache in rules() if the repo was missing. Without
this, an auto-create operation succeeds the ^C check and calls
new_wild_repo(), but then -- due to the cached rules not containing
a rule for CREATOR, the actual read/write fails.
- treat roles (READERS, WRITERS, etc.) as group names that apply only
to that particular repo. Don't add them to %groups, because that
would screw up caching, but add them in when memberships() is called
for the user.
This is why the membership call for the user also has a reponame
tacked on -- i.e., a user's membership list varied depending on
which repo you're talking about.
- while we're about it, pretend we added "CREATOR = <content of
gl-creator>" as another "role". Makes things so much easier dealing
with "RW+ = CREATOR"
- searching for rules pertaining to foo/CREATOR/bar when looking at
repo foo/sitaram/bar is done backwards from what g2 used to do. G2
used to play tricks with the do-eval'd file using global variables
so that what you get after the do may not even contain 'CREATOR'.
We go the other way. We replace sitaram with CREATOR and start
looking for memberships of *both* foo/sitaram/bar and
foo/CREATOR/bar.
- this doesn't work (because we don't know *what* to replace) for
missing repos if GL_USER is not set. This means that 'gitolite
access ...' queries (which do not set GL_USER) cannot be used
reliably for non-existant repos.
Since a ^C check is the only meaningful one for a non-existent repo,
this means you cannot do that from 'gitolite access'.
'GL_USER=luser gitolite info' will still work though ;-)
all in all, much cleaner and simpler than g2.
2012-03-18 02:14:02 +01:00
|
|
|
# however if the repo was missing, invalidate the cache
|
|
|
|
|
$lastrepo = '' if repo_missing($repo);
|
|
|
|
|
|
2012-03-11 03:06:42 +01:00
|
|
|
return @rules;
|
2012-03-08 09:00:13 +01:00
|
|
|
}
|
|
|
|
|
|
2012-03-11 03:06:42 +01:00
|
|
|
sub vrefs {
|
|
|
|
|
my ( $repo, $user ) = @_;
|
|
|
|
|
# fill the cache if needed
|
2012-03-12 16:24:30 +01:00
|
|
|
rules( $repo, $user ) unless ( $lastrepo eq $repo and $lastuser eq $user and @cached );
|
2012-03-08 09:00:13 +01:00
|
|
|
|
2012-03-11 03:06:42 +01:00
|
|
|
my %seen;
|
|
|
|
|
my @vrefs = grep { /^VREF\// and not $seen{$_}++ } map { $_->[2] } @cached;
|
|
|
|
|
return @vrefs;
|
|
|
|
|
}
|
2012-03-08 09:00:13 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
sub memberships {
|
2012-03-17 07:55:38 +01:00
|
|
|
trace( 3, @_ );
|
2012-03-17 17:20:48 +01:00
|
|
|
my ( $type, $base, $repo ) = @_;
|
2012-11-08 14:42:20 +01:00
|
|
|
$repo ||= '';
|
|
|
|
|
my @ret;
|
2012-03-17 07:55:38 +01:00
|
|
|
my $base2 = '';
|
2012-03-08 09:00:13 +01:00
|
|
|
|
2012-11-08 14:42:20 +01:00
|
|
|
@ret = ( $base, '@all' );
|
2012-03-08 09:00:13 +01:00
|
|
|
|
2012-03-17 02:30:17 +01:00
|
|
|
if ( $type eq 'repo' ) {
|
2012-03-17 07:55:38 +01:00
|
|
|
# first, if a repo, say, pub/sitaram/project, has a gl-creator file
|
|
|
|
|
# that says "sitaram", find memberships for pub/CREATOR/project also
|
|
|
|
|
$base2 = generic_name($base);
|
|
|
|
|
|
|
|
|
|
# second, you need to check in %repos also
|
2012-03-26 02:10:49 +02:00
|
|
|
for my $i ( keys %repos, keys %configs ) {
|
2012-03-17 07:55:38 +01:00
|
|
|
if ( $base eq $i or $base =~ /^$i$/ or $base2 and ( $base2 eq $i or $base2 =~ /^$i$/ ) ) {
|
2012-03-16 17:09:26 +01:00
|
|
|
push @ret, $i;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2012-11-14 10:42:30 +01:00
|
|
|
push @ret, @{ $groups{$base} } if exists $groups{$base};
|
|
|
|
|
push @ret, @{ $groups{$base2} } if $base2 and exists $groups{$base2};
|
|
|
|
|
for my $i ( keys %{ $patterns{groups} } ) {
|
|
|
|
|
if ( $base =~ /^$i$/ or $base2 and ( $base2 =~ /^$i$/ ) ) {
|
2012-03-16 17:09:26 +01:00
|
|
|
push @ret, @{ $groups{$i} };
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2012-10-04 18:31:57 +02:00
|
|
|
push @ret, @{ ext_grouplist($base) } if $type eq 'user' and $rc{GROUPLIST_PGM};
|
|
|
|
|
|
2012-03-30 02:41:06 +02:00
|
|
|
if ( $type eq 'user' and $repo and not repo_missing($repo) ) {
|
2012-03-17 07:55:38 +01:00
|
|
|
# find the roles this user has when accessing this repo and add those
|
|
|
|
|
# in as groupnames he is a member of. You need the already existing
|
|
|
|
|
# memberships for this; see below this function for an example
|
2012-03-17 17:20:48 +01:00
|
|
|
push @ret, user_roles( $base, $repo, @ret );
|
2012-03-17 07:55:38 +01:00
|
|
|
}
|
|
|
|
|
|
2012-03-17 02:30:17 +01:00
|
|
|
@ret = @{ sort_u( \@ret ) };
|
2012-03-17 03:10:17 +01:00
|
|
|
trace( 3, sort @ret );
|
2012-03-08 09:00:13 +01:00
|
|
|
return @ret;
|
|
|
|
|
}
|
|
|
|
|
|
2012-03-17 07:55:38 +01:00
|
|
|
=for example
|
|
|
|
|
|
|
|
|
|
conf/gitolite.conf:
|
|
|
|
|
@g1 = u1
|
|
|
|
|
@g2 = u1
|
|
|
|
|
# now user is a member of both g1 and g2
|
|
|
|
|
|
|
|
|
|
gl-perms for repo being accessed:
|
|
|
|
|
READERS @g1
|
|
|
|
|
|
|
|
|
|
This should result in @READERS being added to the memberships that u1 has
|
|
|
|
|
(when accessing this repo). So we send the current list (@g1, @g2) to
|
|
|
|
|
user_roles(), otherwise it has to redo that logic.
|
|
|
|
|
|
|
|
|
|
=cut
|
|
|
|
|
|
2012-03-08 09:00:13 +01:00
|
|
|
sub data_version_mismatch {
|
2012-03-16 05:29:45 +01:00
|
|
|
return $data_version ne glrc('current-data-version');
|
2012-03-08 09:00:13 +01:00
|
|
|
}
|
|
|
|
|
|
2012-03-17 07:55:38 +01:00
|
|
|
sub user_roles {
|
2012-03-17 17:20:48 +01:00
|
|
|
my ( $user, $repo, @eg ) = @_;
|
2012-03-17 07:55:38 +01:00
|
|
|
|
|
|
|
|
# eg == existing groups (that user is already known to be a member of)
|
|
|
|
|
my %eg = map { $_ => 1 } @eg;
|
|
|
|
|
|
2012-03-18 10:27:13 +01:00
|
|
|
my %ret = ();
|
|
|
|
|
my $f = "$rc{GL_REPO_BASE}/$repo.git/gl-perms";
|
wildrepos almost done (except setperms etc)
implementation notes
- new sugar role_names() to prefix an "@" to CREATOR, and any role
names listed in the rc file.
- invalidate the cache in rules() if the repo was missing. Without
this, an auto-create operation succeeds the ^C check and calls
new_wild_repo(), but then -- due to the cached rules not containing
a rule for CREATOR, the actual read/write fails.
- treat roles (READERS, WRITERS, etc.) as group names that apply only
to that particular repo. Don't add them to %groups, because that
would screw up caching, but add them in when memberships() is called
for the user.
This is why the membership call for the user also has a reponame
tacked on -- i.e., a user's membership list varied depending on
which repo you're talking about.
- while we're about it, pretend we added "CREATOR = <content of
gl-creator>" as another "role". Makes things so much easier dealing
with "RW+ = CREATOR"
- searching for rules pertaining to foo/CREATOR/bar when looking at
repo foo/sitaram/bar is done backwards from what g2 used to do. G2
used to play tricks with the do-eval'd file using global variables
so that what you get after the do may not even contain 'CREATOR'.
We go the other way. We replace sitaram with CREATOR and start
looking for memberships of *both* foo/sitaram/bar and
foo/CREATOR/bar.
- this doesn't work (because we don't know *what* to replace) for
missing repos if GL_USER is not set. This means that 'gitolite
access ...' queries (which do not set GL_USER) cannot be used
reliably for non-existant repos.
Since a ^C check is the only meaningful one for a non-existent repo,
this means you cannot do that from 'gitolite access'.
'GL_USER=luser gitolite info' will still work though ;-)
all in all, much cleaner and simpler than g2.
2012-03-18 02:14:02 +01:00
|
|
|
my @roles = ();
|
2012-03-17 07:55:38 +01:00
|
|
|
if ( -f $f ) {
|
2012-03-17 17:20:48 +01:00
|
|
|
my $fh = _open( "<", $f );
|
2012-03-18 10:27:13 +01:00
|
|
|
chomp( @roles = <$fh> );
|
wildrepos almost done (except setperms etc)
implementation notes
- new sugar role_names() to prefix an "@" to CREATOR, and any role
names listed in the rc file.
- invalidate the cache in rules() if the repo was missing. Without
this, an auto-create operation succeeds the ^C check and calls
new_wild_repo(), but then -- due to the cached rules not containing
a rule for CREATOR, the actual read/write fails.
- treat roles (READERS, WRITERS, etc.) as group names that apply only
to that particular repo. Don't add them to %groups, because that
would screw up caching, but add them in when memberships() is called
for the user.
This is why the membership call for the user also has a reponame
tacked on -- i.e., a user's membership list varied depending on
which repo you're talking about.
- while we're about it, pretend we added "CREATOR = <content of
gl-creator>" as another "role". Makes things so much easier dealing
with "RW+ = CREATOR"
- searching for rules pertaining to foo/CREATOR/bar when looking at
repo foo/sitaram/bar is done backwards from what g2 used to do. G2
used to play tricks with the do-eval'd file using global variables
so that what you get after the do may not even contain 'CREATOR'.
We go the other way. We replace sitaram with CREATOR and start
looking for memberships of *both* foo/sitaram/bar and
foo/CREATOR/bar.
- this doesn't work (because we don't know *what* to replace) for
missing repos if GL_USER is not set. This means that 'gitolite
access ...' queries (which do not set GL_USER) cannot be used
reliably for non-existant repos.
Since a ^C check is the only meaningful one for a non-existent repo,
this means you cannot do that from 'gitolite access'.
'GL_USER=luser gitolite info' will still work though ;-)
all in all, much cleaner and simpler than g2.
2012-03-18 02:14:02 +01:00
|
|
|
}
|
|
|
|
|
push @roles, "CREATOR = " . creator($repo);
|
|
|
|
|
for (@roles) {
|
|
|
|
|
# READERS u3 u4 @g1
|
|
|
|
|
s/^\s+//; s/ +$//; s/=/ /; s/\s+/ /g; s/^\@//;
|
2012-12-29 08:44:36 +01:00
|
|
|
next if /^#/;
|
|
|
|
|
next unless /\S/;
|
wildrepos almost done (except setperms etc)
implementation notes
- new sugar role_names() to prefix an "@" to CREATOR, and any role
names listed in the rc file.
- invalidate the cache in rules() if the repo was missing. Without
this, an auto-create operation succeeds the ^C check and calls
new_wild_repo(), but then -- due to the cached rules not containing
a rule for CREATOR, the actual read/write fails.
- treat roles (READERS, WRITERS, etc.) as group names that apply only
to that particular repo. Don't add them to %groups, because that
would screw up caching, but add them in when memberships() is called
for the user.
This is why the membership call for the user also has a reponame
tacked on -- i.e., a user's membership list varied depending on
which repo you're talking about.
- while we're about it, pretend we added "CREATOR = <content of
gl-creator>" as another "role". Makes things so much easier dealing
with "RW+ = CREATOR"
- searching for rules pertaining to foo/CREATOR/bar when looking at
repo foo/sitaram/bar is done backwards from what g2 used to do. G2
used to play tricks with the do-eval'd file using global variables
so that what you get after the do may not even contain 'CREATOR'.
We go the other way. We replace sitaram with CREATOR and start
looking for memberships of *both* foo/sitaram/bar and
foo/CREATOR/bar.
- this doesn't work (because we don't know *what* to replace) for
missing repos if GL_USER is not set. This means that 'gitolite
access ...' queries (which do not set GL_USER) cannot be used
reliably for non-existant repos.
Since a ^C check is the only meaningful one for a non-existent repo,
this means you cannot do that from 'gitolite access'.
'GL_USER=luser gitolite info' will still work though ;-)
all in all, much cleaner and simpler than g2.
2012-03-18 02:14:02 +01:00
|
|
|
my ( $role, @members ) = split;
|
|
|
|
|
# role = READERS, members = u3, u4, @g1
|
|
|
|
|
if ( $role ne 'CREATOR' and not $rc{ROLES}{$role} ) {
|
|
|
|
|
_warn "role '$role' not allowed, ignoring";
|
|
|
|
|
next;
|
|
|
|
|
}
|
|
|
|
|
for my $m (@members) {
|
|
|
|
|
if ( $m !~ $USERNAME_PATT ) {
|
|
|
|
|
_warn "ignoring '$m' in perms line";
|
2012-03-17 07:55:38 +01:00
|
|
|
next;
|
|
|
|
|
}
|
wildrepos almost done (except setperms etc)
implementation notes
- new sugar role_names() to prefix an "@" to CREATOR, and any role
names listed in the rc file.
- invalidate the cache in rules() if the repo was missing. Without
this, an auto-create operation succeeds the ^C check and calls
new_wild_repo(), but then -- due to the cached rules not containing
a rule for CREATOR, the actual read/write fails.
- treat roles (READERS, WRITERS, etc.) as group names that apply only
to that particular repo. Don't add them to %groups, because that
would screw up caching, but add them in when memberships() is called
for the user.
This is why the membership call for the user also has a reponame
tacked on -- i.e., a user's membership list varied depending on
which repo you're talking about.
- while we're about it, pretend we added "CREATOR = <content of
gl-creator>" as another "role". Makes things so much easier dealing
with "RW+ = CREATOR"
- searching for rules pertaining to foo/CREATOR/bar when looking at
repo foo/sitaram/bar is done backwards from what g2 used to do. G2
used to play tricks with the do-eval'd file using global variables
so that what you get after the do may not even contain 'CREATOR'.
We go the other way. We replace sitaram with CREATOR and start
looking for memberships of *both* foo/sitaram/bar and
foo/CREATOR/bar.
- this doesn't work (because we don't know *what* to replace) for
missing repos if GL_USER is not set. This means that 'gitolite
access ...' queries (which do not set GL_USER) cannot be used
reliably for non-existant repos.
Since a ^C check is the only meaningful one for a non-existent repo,
this means you cannot do that from 'gitolite access'.
'GL_USER=luser gitolite info' will still work though ;-)
all in all, much cleaner and simpler than g2.
2012-03-18 02:14:02 +01:00
|
|
|
# if user eq u3/u4, or is a member of @g1, he has role READERS
|
|
|
|
|
$ret{ '@' . $role } = 1 if $m eq $user or $eg{$m};
|
2012-03-17 07:55:38 +01:00
|
|
|
}
|
|
|
|
|
}
|
wildrepos almost done (except setperms etc)
implementation notes
- new sugar role_names() to prefix an "@" to CREATOR, and any role
names listed in the rc file.
- invalidate the cache in rules() if the repo was missing. Without
this, an auto-create operation succeeds the ^C check and calls
new_wild_repo(), but then -- due to the cached rules not containing
a rule for CREATOR, the actual read/write fails.
- treat roles (READERS, WRITERS, etc.) as group names that apply only
to that particular repo. Don't add them to %groups, because that
would screw up caching, but add them in when memberships() is called
for the user.
This is why the membership call for the user also has a reponame
tacked on -- i.e., a user's membership list varied depending on
which repo you're talking about.
- while we're about it, pretend we added "CREATOR = <content of
gl-creator>" as another "role". Makes things so much easier dealing
with "RW+ = CREATOR"
- searching for rules pertaining to foo/CREATOR/bar when looking at
repo foo/sitaram/bar is done backwards from what g2 used to do. G2
used to play tricks with the do-eval'd file using global variables
so that what you get after the do may not even contain 'CREATOR'.
We go the other way. We replace sitaram with CREATOR and start
looking for memberships of *both* foo/sitaram/bar and
foo/CREATOR/bar.
- this doesn't work (because we don't know *what* to replace) for
missing repos if GL_USER is not set. This means that 'gitolite
access ...' queries (which do not set GL_USER) cannot be used
reliably for non-existant repos.
Since a ^C check is the only meaningful one for a non-existent repo,
this means you cannot do that from 'gitolite access'.
'GL_USER=luser gitolite info' will still work though ;-)
all in all, much cleaner and simpler than g2.
2012-03-18 02:14:02 +01:00
|
|
|
|
2012-03-17 07:55:38 +01:00
|
|
|
return keys %ret;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
sub generic_name {
|
2012-03-17 17:20:48 +01:00
|
|
|
my $base = shift;
|
2012-03-17 07:55:38 +01:00
|
|
|
my $base2 = '';
|
wildrepos almost done (except setperms etc)
implementation notes
- new sugar role_names() to prefix an "@" to CREATOR, and any role
names listed in the rc file.
- invalidate the cache in rules() if the repo was missing. Without
this, an auto-create operation succeeds the ^C check and calls
new_wild_repo(), but then -- due to the cached rules not containing
a rule for CREATOR, the actual read/write fails.
- treat roles (READERS, WRITERS, etc.) as group names that apply only
to that particular repo. Don't add them to %groups, because that
would screw up caching, but add them in when memberships() is called
for the user.
This is why the membership call for the user also has a reponame
tacked on -- i.e., a user's membership list varied depending on
which repo you're talking about.
- while we're about it, pretend we added "CREATOR = <content of
gl-creator>" as another "role". Makes things so much easier dealing
with "RW+ = CREATOR"
- searching for rules pertaining to foo/CREATOR/bar when looking at
repo foo/sitaram/bar is done backwards from what g2 used to do. G2
used to play tricks with the do-eval'd file using global variables
so that what you get after the do may not even contain 'CREATOR'.
We go the other way. We replace sitaram with CREATOR and start
looking for memberships of *both* foo/sitaram/bar and
foo/CREATOR/bar.
- this doesn't work (because we don't know *what* to replace) for
missing repos if GL_USER is not set. This means that 'gitolite
access ...' queries (which do not set GL_USER) cannot be used
reliably for non-existant repos.
Since a ^C check is the only meaningful one for a non-existent repo,
this means you cannot do that from 'gitolite access'.
'GL_USER=luser gitolite info' will still work though ;-)
all in all, much cleaner and simpler than g2.
2012-03-18 02:14:02 +01:00
|
|
|
my $creator;
|
|
|
|
|
|
|
|
|
|
# get the creator name. For not-yet-born repos this is $ENV{GL_USER},
|
|
|
|
|
# which should be set in all cases that we care about, viz., where we are
|
|
|
|
|
# checking ^C permissions before new_wild_repo(), and the info command.
|
2012-04-22 06:04:06 +02:00
|
|
|
# In particular, 'gitolite access' can't be used to check ^C perms on wild
|
|
|
|
|
# repos that contain "CREATOR" if GL_USER is not set.
|
wildrepos almost done (except setperms etc)
implementation notes
- new sugar role_names() to prefix an "@" to CREATOR, and any role
names listed in the rc file.
- invalidate the cache in rules() if the repo was missing. Without
this, an auto-create operation succeeds the ^C check and calls
new_wild_repo(), but then -- due to the cached rules not containing
a rule for CREATOR, the actual read/write fails.
- treat roles (READERS, WRITERS, etc.) as group names that apply only
to that particular repo. Don't add them to %groups, because that
would screw up caching, but add them in when memberships() is called
for the user.
This is why the membership call for the user also has a reponame
tacked on -- i.e., a user's membership list varied depending on
which repo you're talking about.
- while we're about it, pretend we added "CREATOR = <content of
gl-creator>" as another "role". Makes things so much easier dealing
with "RW+ = CREATOR"
- searching for rules pertaining to foo/CREATOR/bar when looking at
repo foo/sitaram/bar is done backwards from what g2 used to do. G2
used to play tricks with the do-eval'd file using global variables
so that what you get after the do may not even contain 'CREATOR'.
We go the other way. We replace sitaram with CREATOR and start
looking for memberships of *both* foo/sitaram/bar and
foo/CREATOR/bar.
- this doesn't work (because we don't know *what* to replace) for
missing repos if GL_USER is not set. This means that 'gitolite
access ...' queries (which do not set GL_USER) cannot be used
reliably for non-existant repos.
Since a ^C check is the only meaningful one for a non-existent repo,
this means you cannot do that from 'gitolite access'.
'GL_USER=luser gitolite info' will still work though ;-)
all in all, much cleaner and simpler than g2.
2012-03-18 02:14:02 +01:00
|
|
|
$creator = creator($base);
|
|
|
|
|
|
2012-03-20 04:43:05 +01:00
|
|
|
$base2 = $base;
|
2012-12-14 02:59:20 +01:00
|
|
|
$base2 =~ s(\b$creator\b)(CREATOR) if $creator;
|
wildrepos almost done (except setperms etc)
implementation notes
- new sugar role_names() to prefix an "@" to CREATOR, and any role
names listed in the rc file.
- invalidate the cache in rules() if the repo was missing. Without
this, an auto-create operation succeeds the ^C check and calls
new_wild_repo(), but then -- due to the cached rules not containing
a rule for CREATOR, the actual read/write fails.
- treat roles (READERS, WRITERS, etc.) as group names that apply only
to that particular repo. Don't add them to %groups, because that
would screw up caching, but add them in when memberships() is called
for the user.
This is why the membership call for the user also has a reponame
tacked on -- i.e., a user's membership list varied depending on
which repo you're talking about.
- while we're about it, pretend we added "CREATOR = <content of
gl-creator>" as another "role". Makes things so much easier dealing
with "RW+ = CREATOR"
- searching for rules pertaining to foo/CREATOR/bar when looking at
repo foo/sitaram/bar is done backwards from what g2 used to do. G2
used to play tricks with the do-eval'd file using global variables
so that what you get after the do may not even contain 'CREATOR'.
We go the other way. We replace sitaram with CREATOR and start
looking for memberships of *both* foo/sitaram/bar and
foo/CREATOR/bar.
- this doesn't work (because we don't know *what* to replace) for
missing repos if GL_USER is not set. This means that 'gitolite
access ...' queries (which do not set GL_USER) cannot be used
reliably for non-existant repos.
Since a ^C check is the only meaningful one for a non-existent repo,
this means you cannot do that from 'gitolite access'.
'GL_USER=luser gitolite info' will still work though ;-)
all in all, much cleaner and simpler than g2.
2012-03-18 02:14:02 +01:00
|
|
|
$base2 = '' if $base2 eq $base; # if there was no change
|
|
|
|
|
|
2012-03-17 07:55:38 +01:00
|
|
|
return $base2;
|
|
|
|
|
}
|
|
|
|
|
|
wildrepos almost done (except setperms etc)
implementation notes
- new sugar role_names() to prefix an "@" to CREATOR, and any role
names listed in the rc file.
- invalidate the cache in rules() if the repo was missing. Without
this, an auto-create operation succeeds the ^C check and calls
new_wild_repo(), but then -- due to the cached rules not containing
a rule for CREATOR, the actual read/write fails.
- treat roles (READERS, WRITERS, etc.) as group names that apply only
to that particular repo. Don't add them to %groups, because that
would screw up caching, but add them in when memberships() is called
for the user.
This is why the membership call for the user also has a reponame
tacked on -- i.e., a user's membership list varied depending on
which repo you're talking about.
- while we're about it, pretend we added "CREATOR = <content of
gl-creator>" as another "role". Makes things so much easier dealing
with "RW+ = CREATOR"
- searching for rules pertaining to foo/CREATOR/bar when looking at
repo foo/sitaram/bar is done backwards from what g2 used to do. G2
used to play tricks with the do-eval'd file using global variables
so that what you get after the do may not even contain 'CREATOR'.
We go the other way. We replace sitaram with CREATOR and start
looking for memberships of *both* foo/sitaram/bar and
foo/CREATOR/bar.
- this doesn't work (because we don't know *what* to replace) for
missing repos if GL_USER is not set. This means that 'gitolite
access ...' queries (which do not set GL_USER) cannot be used
reliably for non-existant repos.
Since a ^C check is the only meaningful one for a non-existent repo,
this means you cannot do that from 'gitolite access'.
'GL_USER=luser gitolite info' will still work though ;-)
all in all, much cleaner and simpler than g2.
2012-03-18 02:14:02 +01:00
|
|
|
sub creator {
|
|
|
|
|
my $repo = shift;
|
2012-10-05 03:49:59 +02:00
|
|
|
sanity($repo);
|
|
|
|
|
|
wildrepos almost done (except setperms etc)
implementation notes
- new sugar role_names() to prefix an "@" to CREATOR, and any role
names listed in the rc file.
- invalidate the cache in rules() if the repo was missing. Without
this, an auto-create operation succeeds the ^C check and calls
new_wild_repo(), but then -- due to the cached rules not containing
a rule for CREATOR, the actual read/write fails.
- treat roles (READERS, WRITERS, etc.) as group names that apply only
to that particular repo. Don't add them to %groups, because that
would screw up caching, but add them in when memberships() is called
for the user.
This is why the membership call for the user also has a reponame
tacked on -- i.e., a user's membership list varied depending on
which repo you're talking about.
- while we're about it, pretend we added "CREATOR = <content of
gl-creator>" as another "role". Makes things so much easier dealing
with "RW+ = CREATOR"
- searching for rules pertaining to foo/CREATOR/bar when looking at
repo foo/sitaram/bar is done backwards from what g2 used to do. G2
used to play tricks with the do-eval'd file using global variables
so that what you get after the do may not even contain 'CREATOR'.
We go the other way. We replace sitaram with CREATOR and start
looking for memberships of *both* foo/sitaram/bar and
foo/CREATOR/bar.
- this doesn't work (because we don't know *what* to replace) for
missing repos if GL_USER is not set. This means that 'gitolite
access ...' queries (which do not set GL_USER) cannot be used
reliably for non-existant repos.
Since a ^C check is the only meaningful one for a non-existent repo,
this means you cannot do that from 'gitolite access'.
'GL_USER=luser gitolite info' will still work though ;-)
all in all, much cleaner and simpler than g2.
2012-03-18 02:14:02 +01:00
|
|
|
return ( $ENV{GL_USER} || '' ) if repo_missing($repo);
|
|
|
|
|
my $f = "$rc{GL_REPO_BASE}/$repo.git/gl-creator";
|
|
|
|
|
my $creator = '';
|
|
|
|
|
chomp( $creator = slurp($f) ) if -f $f;
|
|
|
|
|
return $creator;
|
|
|
|
|
}
|
|
|
|
|
|
2012-04-02 17:55:06 +02:00
|
|
|
{
|
|
|
|
|
my %cache = ();
|
|
|
|
|
|
|
|
|
|
sub ext_grouplist {
|
|
|
|
|
my $user = shift;
|
2012-04-18 02:56:18 +02:00
|
|
|
my $pgm = $rc{GROUPLIST_PGM};
|
2012-04-02 17:55:06 +02:00
|
|
|
return [] if not $pgm;
|
|
|
|
|
|
|
|
|
|
return $cache{$user} if $cache{$user};
|
|
|
|
|
my @extgroups = map { s/^@?/@/; $_; } split ' ', `$rc{GROUPLIST_PGM} $user`;
|
2012-04-18 02:56:18 +02:00
|
|
|
return ( $cache{$user} = \@extgroups );
|
2012-04-02 17:55:06 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2012-03-08 07:43:50 +01:00
|
|
|
# ----------------------------------------------------------------------
|
|
|
|
|
# api functions
|
|
|
|
|
# ----------------------------------------------------------------------
|
|
|
|
|
|
2012-03-12 16:24:30 +01:00
|
|
|
sub lister_dispatch {
|
|
|
|
|
my $command = shift;
|
|
|
|
|
|
|
|
|
|
my $fn = $listers{$command} or _die "unknown gitolite sub-command";
|
|
|
|
|
return $fn;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
=for list_groups
|
2012-03-08 11:44:13 +01:00
|
|
|
Usage: gitolite list-groups
|
|
|
|
|
|
|
|
|
|
- lists all group names in conf
|
|
|
|
|
- no options, no flags
|
2012-03-12 16:24:30 +01:00
|
|
|
=cut
|
2012-03-08 11:44:13 +01:00
|
|
|
|
2012-03-12 16:24:30 +01:00
|
|
|
sub list_groups {
|
|
|
|
|
usage() if @_;
|
2012-03-08 07:43:50 +01:00
|
|
|
|
|
|
|
|
load_common();
|
|
|
|
|
|
|
|
|
|
my @g = ();
|
2012-03-16 05:29:45 +01:00
|
|
|
while ( my ( $k, $v ) = each(%groups) ) {
|
|
|
|
|
push @g, @{$v};
|
2012-03-08 07:43:50 +01:00
|
|
|
}
|
2012-03-16 05:29:45 +01:00
|
|
|
return ( sort_u( \@g ) );
|
2012-03-08 07:43:50 +01:00
|
|
|
}
|
|
|
|
|
|
2012-03-12 16:24:30 +01:00
|
|
|
=for list_users
|
2012-03-23 12:53:26 +01:00
|
|
|
Usage: gitolite list-users [<repo name pattern>]
|
2012-03-08 11:44:13 +01:00
|
|
|
|
2012-03-23 12:53:26 +01:00
|
|
|
List all users and groups explicitly named in a rule. User names not
|
|
|
|
|
mentioned in an access rule will not show up; you have to run 'list-members'
|
|
|
|
|
on each group name yourself to see them.
|
|
|
|
|
|
|
|
|
|
WARNING: may be slow if you have thousands of repos. The optional repo name
|
|
|
|
|
pattern is an unanchored regex; it can speed things up if you're interested
|
|
|
|
|
only in users of a matching set of repos. This is only an optimisation, not
|
|
|
|
|
an actual access list; you will still have to pipe it to 'gitolite access'
|
|
|
|
|
with appropriate arguments to get an actual access list.
|
2012-03-12 16:24:30 +01:00
|
|
|
=cut
|
2012-03-08 11:44:13 +01:00
|
|
|
|
2012-03-12 16:24:30 +01:00
|
|
|
sub list_users {
|
2012-03-23 12:53:26 +01:00
|
|
|
my $patt = shift || '.';
|
|
|
|
|
usage() if $patt eq '-h' or @_;
|
2012-03-12 16:24:30 +01:00
|
|
|
my $count = 0;
|
|
|
|
|
my $total = 0;
|
2012-03-08 10:36:05 +01:00
|
|
|
|
|
|
|
|
load_common();
|
|
|
|
|
|
2012-03-16 05:29:45 +01:00
|
|
|
my @u = map { keys %{$_} } values %repos;
|
2012-03-23 12:53:26 +01:00
|
|
|
$total = scalar( grep { /$patt/ } keys %split_conf );
|
2012-03-08 10:36:05 +01:00
|
|
|
warn "WARNING: you have $total repos to check; this could take some time!\n" if $total > 100;
|
2012-03-23 12:53:26 +01:00
|
|
|
for my $one ( grep { /$patt/ } keys %split_conf ) {
|
2012-03-08 10:36:05 +01:00
|
|
|
load_1($one);
|
2012-03-16 05:29:45 +01:00
|
|
|
$count++; print STDERR "$count / $total\r" if not( $count % 100 ) and timer(5);
|
|
|
|
|
push @u, map { keys %{$_} } values %one_repo;
|
2012-03-08 10:36:05 +01:00
|
|
|
}
|
2012-03-12 16:24:30 +01:00
|
|
|
print STDERR "\n" if $count >= 100;
|
2012-03-16 05:29:45 +01:00
|
|
|
return ( sort_u( \@u ) );
|
2012-03-08 10:36:05 +01:00
|
|
|
}
|
|
|
|
|
|
2012-03-12 16:24:30 +01:00
|
|
|
=for list_repos
|
2012-03-08 11:44:13 +01:00
|
|
|
Usage: gitolite list-repos
|
|
|
|
|
|
|
|
|
|
- lists all repos/repo groups in conf
|
|
|
|
|
- no options, no flags
|
2012-03-12 16:24:30 +01:00
|
|
|
=cut
|
2012-03-08 11:44:13 +01:00
|
|
|
|
2012-03-12 16:24:30 +01:00
|
|
|
sub list_repos {
|
|
|
|
|
usage() if @_;
|
2012-03-08 11:44:13 +01:00
|
|
|
|
|
|
|
|
load_common();
|
|
|
|
|
|
|
|
|
|
my @r = keys %repos;
|
|
|
|
|
push @r, keys %split_conf;
|
|
|
|
|
|
2012-03-16 05:29:45 +01:00
|
|
|
return ( sort_u( \@r ) );
|
2012-03-08 11:44:13 +01:00
|
|
|
}
|
|
|
|
|
|
2012-03-12 16:24:30 +01:00
|
|
|
=for list_memberships
|
2012-03-08 12:30:27 +01:00
|
|
|
Usage: gitolite list-memberships <name>
|
|
|
|
|
|
|
|
|
|
- list all groups a name is a member of
|
|
|
|
|
- takes one user/repo name
|
2012-03-12 16:24:30 +01:00
|
|
|
=cut
|
2012-03-08 12:30:27 +01:00
|
|
|
|
2012-03-12 16:24:30 +01:00
|
|
|
sub list_memberships {
|
|
|
|
|
usage() if @_ and $_[0] eq '-h' or not @_;
|
2012-03-08 12:30:27 +01:00
|
|
|
|
2012-03-12 16:24:30 +01:00
|
|
|
my $name = shift;
|
2012-03-08 12:30:27 +01:00
|
|
|
|
|
|
|
|
load_common();
|
2012-03-17 02:30:17 +01:00
|
|
|
my @m = memberships( '', $name );
|
2012-03-16 05:29:45 +01:00
|
|
|
return ( sort_u( \@m ) );
|
2012-03-08 12:30:27 +01:00
|
|
|
}
|
|
|
|
|
|
2012-03-12 16:24:30 +01:00
|
|
|
=for list_members
|
2012-03-08 13:29:44 +01:00
|
|
|
Usage: gitolite list-members <group name>
|
|
|
|
|
|
|
|
|
|
- list all members of a group
|
|
|
|
|
- takes one group name
|
2012-03-12 16:24:30 +01:00
|
|
|
=cut
|
2012-03-08 13:29:44 +01:00
|
|
|
|
2012-03-12 16:24:30 +01:00
|
|
|
sub list_members {
|
|
|
|
|
usage() if @_ and $_[0] eq '-h' or not @_;
|
2012-03-08 13:29:44 +01:00
|
|
|
|
2012-03-12 16:24:30 +01:00
|
|
|
my $name = shift;
|
2012-03-08 13:29:44 +01:00
|
|
|
|
|
|
|
|
load_common();
|
|
|
|
|
|
|
|
|
|
my @m = ();
|
2012-03-16 05:29:45 +01:00
|
|
|
while ( my ( $k, $v ) = each(%groups) ) {
|
|
|
|
|
for my $g ( @{$v} ) {
|
2012-03-08 13:29:44 +01:00
|
|
|
push @m, $k if $g eq $name;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2012-03-16 05:29:45 +01:00
|
|
|
return ( sort_u( \@m ) );
|
2012-03-08 13:29:44 +01:00
|
|
|
}
|
|
|
|
|
|
2012-03-08 10:36:05 +01:00
|
|
|
# ----------------------------------------------------------------------
|
|
|
|
|
|
|
|
|
|
{
|
|
|
|
|
my $start_time = 0;
|
|
|
|
|
|
|
|
|
|
sub timer {
|
|
|
|
|
unless ($start_time) {
|
|
|
|
|
$start_time = time();
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
my $elapsed = shift;
|
|
|
|
|
return 0 if time() - $start_time < $elapsed;
|
|
|
|
|
$start_time = time();
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2012-03-08 09:00:13 +01:00
|
|
|
1;
|
|
|
|
|
|