gitolite/contrib/adc/get-rights-and-owner.in-perl

#!/usr/bin/perl

use strict;
use warnings;

die "ENV GL_RC not set\n" unless $ENV{GL_RC};
die "ENV GL_BINDIR not set\n" unless $ENV{GL_BINDIR};

unshift @INC, $ENV{GL_BINDIR};
require gitolite or die "parse gitolite.pm failed\n";
gitolite->import;

# get the repo name
my $repo = shift;
$repo =~ s/\.git$//;
# IMPORTANT NOTE: to do any of this inside a hook, you should just use
# $ENV{GL_REPO}, since it's guaranteed to be set to the right value


# to do a "level 1" check (repo level -- not branch level), do this:
my ($perm, $creator) = check_access($repo);
# you can pass in any repo name you wish instead of the active repo

# the first return value looks like one of these, so you can just check for
# the presence of "R" or "W" and be done:
#   _____R___W_
#   _____R_____
#   ___________

# The second value is "<gitolite>" for a normal repo,  an actual username for
# a wildrepo, or "<notfound>" for a non-existent repo.


# to do a "level 2" check (branches), do something like this
my $ret = check_access($repo, 'refs/heads/foo', 'W', 1);
# the 2nd argument must be a *full* refname (i.e., not "master", but
# "refs/heads/master").  The 3rd argument is one of W, +, C, or D.  The 4th
# argument should be any non-false perl value, like 1.

# the return value may look like this:
#   refs/.*
# or perhaps this, if you were denied
#   DENIED by fallthru

# NOTE: do NOT pass "R" as the 3rd argument.  It will seem to work because
# you're merely testing the permissions in this code, but an *actual* "git
# fetch" for even a DENIED ref will succeed if the user has read access to at
# least one branch.  This is because the information on what ref is being read
# is not made available externally in any useful way (the way the "update"
# hook gets its arguments when a push happens).
allow access checks from ADC or hook For sample code see new file contrib/adc/get-rights-and-owner.in-perl. Despite the name, you can use similar code in a hook also -- comments in that file will tell you how. implementation notes: - check_access now takes an optional last arg "dry_run", which is also passes through to check_ref - check_ref returns a "DENIED by ..." instead of die-ing if dry_run is passed in - as a side effect, cli_repo_rights is now just a stub calling check_access (we kept it hanging around for backward compat -- too much adc pain for too many people if we change it now) 2010-12-24 04:22:13 +01:00			`#!/usr/bin/perl`

			`use strict;`
			`use warnings;`

gitolite v2.0rc1 -- please see new developer-notes doc 2011-01-15 16:39:56 +01:00			`die "ENV GL_RC not set\n" unless $ENV{GL_RC};`
			`die "ENV GL_BINDIR not set\n" unless $ENV{GL_BINDIR};`

allow access checks from ADC or hook For sample code see new file contrib/adc/get-rights-and-owner.in-perl. Despite the name, you can use similar code in a hook also -- comments in that file will tell you how. implementation notes: - check_access now takes an optional last arg "dry_run", which is also passes through to check_ref - check_ref returns a "DENIED by ..." instead of die-ing if dry_run is passed in - as a side effect, cli_repo_rights is now just a stub calling check_access (we kept it hanging around for backward compat -- too much adc pain for too many people if we change it now) 2010-12-24 04:22:13 +01:00			`unshift @INC, $ENV{GL_BINDIR};`
			`require gitolite or die "parse gitolite.pm failed\n";`
gitolite v2.0rc1 -- please see new developer-notes doc 2011-01-15 16:39:56 +01:00			`gitolite->import;`
allow access checks from ADC or hook For sample code see new file contrib/adc/get-rights-and-owner.in-perl. Despite the name, you can use similar code in a hook also -- comments in that file will tell you how. implementation notes: - check_access now takes an optional last arg "dry_run", which is also passes through to check_ref - check_ref returns a "DENIED by ..." instead of die-ing if dry_run is passed in - as a side effect, cli_repo_rights is now just a stub calling check_access (we kept it hanging around for backward compat -- too much adc pain for too many people if we change it now) 2010-12-24 04:22:13 +01:00
			`# get the repo name`
			`my $repo = shift;`
			`$repo =~ s/\.git$//;`
			`# IMPORTANT NOTE: to do any of this inside a hook, you should just use`
			`# $ENV{GL_REPO}, since it's guaranteed to be set to the right value`



			`# to do a "level 1" check (repo level -- not branch level), do this:`
gitolite v2.0rc1 -- please see new developer-notes doc 2011-01-15 16:39:56 +01:00			`my ($perm, $creator) = check_access($repo);`
allow access checks from ADC or hook For sample code see new file contrib/adc/get-rights-and-owner.in-perl. Despite the name, you can use similar code in a hook also -- comments in that file will tell you how. implementation notes: - check_access now takes an optional last arg "dry_run", which is also passes through to check_ref - check_ref returns a "DENIED by ..." instead of die-ing if dry_run is passed in - as a side effect, cli_repo_rights is now just a stub calling check_access (we kept it hanging around for backward compat -- too much adc pain for too many people if we change it now) 2010-12-24 04:22:13 +01:00			`# you can pass in any repo name you wish instead of the active repo`

			`# the first return value looks like one of these, so you can just check for`
			`# the presence of "R" or "W" and be done:`
			`# _____R___W_`
			`# _____R_____`
			`# ___________`

			`# The second value is "<gitolite>" for a normal repo, an actual username for`
			`# a wildrepo, or "<notfound>" for a non-existent repo.`



			`# to do a "level 2" check (branches), do something like this`
gitolite v2.0rc1 -- please see new developer-notes doc 2011-01-15 16:39:56 +01:00			`my $ret = check_access($repo, 'refs/heads/foo', 'W', 1);`
allow access checks from ADC or hook For sample code see new file contrib/adc/get-rights-and-owner.in-perl. Despite the name, you can use similar code in a hook also -- comments in that file will tell you how. implementation notes: - check_access now takes an optional last arg "dry_run", which is also passes through to check_ref - check_ref returns a "DENIED by ..." instead of die-ing if dry_run is passed in - as a side effect, cli_repo_rights is now just a stub calling check_access (we kept it hanging around for backward compat -- too much adc pain for too many people if we change it now) 2010-12-24 04:22:13 +01:00			`# the 2nd argument must be a full refname (i.e., not "master", but`
			`# "refs/heads/master"). The 3rd argument is one of W, +, C, or D. The 4th`
			`# argument should be any non-false perl value, like 1.`

			`# the return value may look like this:`
			`# refs/.*`
			`# or perhaps this, if you were denied`
			`# DENIED by fallthru`
(minor doc fixes) 2011-02-21 16:55:43 +01:00
			`# NOTE: do NOT pass "R" as the 3rd argument. It will seem to work because`
			`# you're merely testing the permissions in this code, but an actual "git`
			`# fetch" for even a DENIED ref will succeed if the user has read access to at`
			`# least one branch. This is because the information on what ref is being read`
			`# is not made available externally in any useful way (the way the "update"`
			`# hook gets its arguments when a push happens).`