(minor doc fixes)

2011-02-21 21:25:43 +05:30 · 2011-02-21 21:25:43 +05:30 · 02128ff48f
parent dfdab0f3c8
commit 02128ff48f
2 changed files with 9 additions and 0 deletions
--- a/contrib/adc/get-rights-and-owner.in-perl
+++ b/contrib/adc/get-rights-and-owner.in-perl
@ -43,3 +43,10 @@ my $ret = check_access($repo, 'refs/heads/foo', 'W', 1);
 #   refs/.*
 # or perhaps this, if you were denied
 #   DENIED by fallthru
+
+# NOTE: do NOT pass "R" as the 3rd argument.  It will seem to work because
+# you're merely testing the permissions in this code, but an *actual* "git
+# fetch" for even a DENIED ref will succeed if the user has read access to at
+# least one branch.  This is because the information on what ref is being read
+# is not made available externally in any useful way (the way the "update"
+# hook gets its arguments when a push happens).
--- a/doc/gitolite.conf.mkd
+++ b/doc/gitolite.conf.mkd
@ -113,6 +113,8 @@ check.  Much of the complexity applies only to the second level check, so that
 is all we will be discussing here.  This check is done by the update hook, and
 determines whether the push succeeds or fails.

+[l2]: http://sitaramc.github.com/gitolite/doc/3-faq-tips-etc.html#_two_levels_of_access_rights_checking
+
 For basic permissions like this, matching is simple.  Gitolite already knows:

  * the user