From 02cee1d5cf513f21023a223b554b05903cf027da Mon Sep 17 00:00:00 2001
From: Sitaram Chamarty <sitaram@sita-lt.atc.tcs.com>
Date: Sun, 6 Dec 2009 15:26:53 +0530
Subject: [PATCH] wildrepos: expanded access reporting

This feature has *no* warranty, and so no documentation.  Not more than
this transcript anyway.

config file:

    @prof = u1
    @TAs = u2 u3
    @students = u4 u5 u6

    repo    assignments/CREATER/a[0-9][0-9]
        C   =   @students
        RW+ =   CREATER
        RW  =   WRITERS @TAs
        R   =   READERS @prof

session:

as user "u4":
    # check your permissions
    $ ssh git@server
    PTY allocation request failed on channel 0
    hello u4, the gitolite version here is v0.95-31-gbcb14ca
    you have the following permissions:
     C      assignments/CREATER/a[0-9][0-9]
       @ @  testing
    Connection to localhost closed.

    # autovivify repos for assignment 12 and 24
    $ git clone git@server:assignments/u4/a12 a12
    Initialized empty Git repository in /home/sitaram/t/a12/.git/
    Initialized empty Git repository in /home/gitolite/repositories/assignments/u4/a12.git/
    warning: You appear to have cloned an empty repository.
    $ git clone git@server:assignments/u4/a24 a24
    Initialized empty Git repository in /home/sitaram/t/a24/.git/
    Initialized empty Git repository in /home/gitolite/repositories/assignments/u4/a24.git/
    warning: You appear to have cloned an empty repository.

    # check what repos you autovivified
    $ ssh git@server expand assignments/u4/a[0-9][0-9]
    (u4)    assignments/u4/a12
    (u4)    assignments/u4/a24

as user "u5":
    # check your basic permissions
    $ ssh git@server
    PTY allocation request failed on channel 0
    hello u5, the gitolite version here is v0.95-31-gbcb14ca
    you have the following permissions:
     C      assignments/CREATER/a[0-9][0-9]
       @ @  testing
    Connection to localhost closed.

    # see if you have access to any of u4's repos
    $ ssh git@server expand assignments/u4/a[0-9][0-9]
    # (no output produced)

as user "u4":
    # allow "u5" read access to assignment 12
    # note you type in "R u5", hit enter, then hit Ctrl-D.  Gitolite
    # then produces a confirmation message starting "New perms are:"
    $ ssh git@server setperms assignments/u4/a12
    R u5
    New perms are:
    R u5

as user "u5":
    # again see if you have access to any u4 repos
    $ ssh git@server expand assignments/u4/a[0-9][0-9]
    (u4)    assignments/u4/a12

as user "u4":
    # check what permissions you gave to assignment 12
    $ ssh git@server getperms assignments/u4/a12
    R u5

    # add RW access to "u6" to assignment 12
    # again, type 'em in, then hit Ctrl-D; and note each time you run
    # this you're starting from scratch -- you can't "add to" the
    # permissions.  Deal with it...
    $ ssh git@server setperms assignments/u4/a12
    R u5
    RW u6
    New perms are:
    R u5
    RW u6

as user "u6":
    # check what u4 stuff you have access to
    $ ssh git@server expand assignments/u4/a[0-9][0-9]
    (u4)    assignments/u4/a12
---
 doc/4-wildcard-repositories.mkd | 21 ++++++++-----------
 src/gitolite.pm                 | 36 ++++++++++++++++++++++++++++++---
 src/gl-auth-command             |  2 +-
 3 files changed, 42 insertions(+), 17 deletions(-)

diff --git a/doc/4-wildcard-repositories.mkd b/doc/4-wildcard-repositories.mkd
index 07cc9a8..a4c1f75 100644
--- a/doc/4-wildcard-repositories.mkd
+++ b/doc/4-wildcard-repositories.mkd
@@ -134,23 +134,23 @@ cumbersome for non-secret environments.
 Create a small text file that contains the permissions you desire:
 
     $ cat > myperms
-    R user1 user3
-    RW user2
+    R u5
+    RW u6
     (hit ctrl-d here)
 
 ...and use the new "getperms" command to set permissions for your repo:
 
-    $ ssh git@server setperms XXX/XXX/XXX < myperms
+    $ ssh git@server setperms assignments/u4/a12 < myperms
     New perms are:
-    R user1 user3
-    RW user2
+    R u5
+    RW u6
 
 'setperms' will helpfully print what the new permissions are but you can also
 use 'getperms' to check:
 
-    $ ssh git@server getperms XXX/XXX/XXX
-    R user1 user3
-    RW user2
+    $ ssh git@server getperms assignments/u4/a12
+    R u5
+    RW u6
 
 The following points are important:
 
@@ -172,11 +172,6 @@ This still works, except the format is a little more compressed to accommodate
 a new column (at the start) for "C" permissions, which indicate that you are
 allowed to *create* repos matching that pattern.
 
-In addition, there's a second level of reporting now, which is used to find
-what *actual* repos are available when you supply a pattern.
-
-    XXX to be done XXX
-
 ### Other issues and discussion
 
   * *what if the repo name being pushed matches more than one pattern*?
diff --git a/src/gitolite.pm b/src/gitolite.pm
index 4507f54..41c45b1 100644
--- a/src/gitolite.pm
+++ b/src/gitolite.pm
@@ -156,8 +156,8 @@ sub parse_acl
 
     # void $r if same as $w (otherwise "readers" overrides "writers"; this is
     # the same problem that needed a sort sub for the Dumper in the compile
-    # script, but localised to just $readers and $writers)
-    $r = "" if $r eq $w;
+    # script, but in this case it's limited to just $readers and $writers)
+    $r = "NOBODY" if $r eq $w;
 
     # set up the variables for a parse to interpolate stuff from the dumped
     # hash (remember the selective conversion of single to double quotes?).
@@ -209,5 +209,35 @@ sub report_basic
         print "$perm\t$r\n\r" if $perm =~ /\S/;
     }
 }
-1;
 
+# ----------------------------------------------------------------------------
+#       print a report of $user's basic permissions
+# ----------------------------------------------------------------------------
+
+sub expand_wild
+{
+    my($GL_CONF_COMPILED, $repo_base_abs, $repo, $user) = @_;
+
+    # display matching repos (from *all* the repos in the system) that $user
+    # has at least "R" access to
+
+    chdir("$repo_base_abs") or die "chdir $repo_base_abs failed: $!\n";
+    for my $actual_repo (`find . -type d -name "*.git"|sort`) {
+        chomp ($actual_repo);
+        $actual_repo =~ s/^\.\///;
+        $actual_repo =~ s/\.git$//;
+        # it has to match the pattern being expanded
+        next unless $actual_repo =~ /^$repo$/;
+
+        # find the creater and subsitute in repos
+        my ($creater, $read, $write) = &repo_rights($repo_base_abs, $actual_repo, $user);
+        # get access list with this
+        &parse_acl($GL_CONF_COMPILED, "", $creater, $read || "NOBODY", $write || "NOBODY");
+
+        # you need a minimum of "R" access to the regex we're talking about
+        next unless $repos{$repo}{R}{'@all'} or $repos{$repo}{R}{$user};
+        print STDERR "($creater)\t$actual_repo\n";
+    }
+}
+
+1;
diff --git a/src/gl-auth-command b/src/gl-auth-command
index d74b20d..cc4b5f9 100755
--- a/src/gl-auth-command
+++ b/src/gl-auth-command
@@ -80,7 +80,7 @@ if ($cmd =~ $CUSTOM_COMMANDS) {
     }
     elsif ($repo !~ $REPONAME_PATT and $verb eq 'expand') {
         # with a wildcard, you can "expand" it to see what repos actually match
-        die "not implemented yet\n";
+        expand_wild($GL_CONF_COMPILED, $repo_base_abs, $repo, $user);
     } else {
         die "$cmd doesn't make sense to me\n";
     }