ACCESS_CHECK split into ACCESS_1 and ACCESS_2; docs updated

2012-03-27 16:18:25 +05:30 · 2012-03-27 16:18:25 +05:30 · 1cf062fad5
parent fd98b21bf2
commit 1cf062fad5
4 changed files with 68 additions and 43 deletions
--- a/doc/triggers.mkd
+++ b/doc/triggers.mkd
@ -2,7 +2,7 @@
 ## intro and sample rc excerpt
-Gitolite fires off external commands at six different times.  The [rc][] file
+Gitolite fires off external commands at 7 different times.  The [rc][] file
 specifies what commands to run at each trigger point, but for illustration,
 here's an excerpt:
@ -58,43 +58,51 @@ Triggers receive the following arguments:
 ## trigger-specific details
-Here's all you need to know about each specific trigger.
+Here's a brief "when" and "with what arguments" for each trigger.
-  * `ACCESS_CHECK`: this fires once after each access check.  The first is
+  * `ACCESS_1` runs after the first access check.  Arguments:
-    just before invoking git-receive-pack or git-upload-pack.  The second,
+      * repo
-    which only applies to "write" operations, is from git's own 'update' hook.
+      * user
      * 'R' or 'W'
      * 'any'
      * result: this is the result of the access() function.  If it contains
        the uppercase word "DENIED", the access was rejected.  Otherwise
        result contains the refex that caused the access to succeed.
-    Arguments: repo name, user name, [attempted access][perm], the ref being
+  * `ACCESS_2` runs after the second access check, in the update hook.
-    updated, and the result of the access check.
+    Arguments:
      * repo
      * user
      * any of W, +, C, D, WM, +M, CM, DM
      * the ref being updated (e.g., 'refs/heads/master')
      * result (see above)
-    The 'ref' is `any` for the first check, because at that point we don't
+  * `PRE_GIT` runs just before running the git command.  Arguments:
-    know what the actual ref is.  For the second check it could be, say,
+      * repo
-    `refs/heads/master` or some such.
+      * user
      * 'R' or 'W'
      * 'any'
      * the git command ('git-receive-pack', 'git-upload-pack', or
        'git-upload-archive') being invoked.
-    The result is a text field that the `access()` function returned.
+  * `POST_GIT` runs after the git command returns.  Arguments:
-    Programmatically, the only thing you should rely on is that if it contains
+      * repo
-    the upper case word "DENIED" then access was denied, otherwise it was
+      * user
-    allowed.
+      * 'R' or 'W'
      * 'any'
      * the git command ('git-receive-pack', 'git-upload-pack', or
-  * `PRE_GIT`: before running the git command.
+    These are followed by the output of the perl function "times" (i.e., 4 CPU
    times: user, system, cumulative user, cumulative system) so that's 9
    arguments in total
-    Arguments: repo name, user name, [attempted access][perm], the string
+  * `PRE_CREATE` and `POST_CREATE` run just before and after a new "[wild][]"
-    `any`, and the git command ('git-receive-pack', 'git-upload-pack', or
+    repo is created by user action.  Arguments:
-    'git-upload-archive') being invoked.
+      * repo
      * user
-  * `POST_GIT`: after the git command returns.
+  * `POST_COMPILE` runs after an admin push has successfully "compiled" the
    config file.  By default, the next thing is to update the ssh authkeys
    file, then all the 'git-config's, gitweb access, and daemon access.
-    Arguments: same as for `PRE_GIT`, followed by the output of the perl
+    No arguments.
    function "times" (i.e., 4 CPU times: user, system, cumulative user,
    cumulative system)
  * `POST_COMPILE`: after an admin push has successfully "compiled" the config
    file.  By default, the next thing is to update the ssh authkeys file, then
    all the 'git-config's, gitweb access, and daemon access.
    Programs run by this trigger receive no extra arguments.
  * `PRE_CREATE` and `POST_CREATE`: before and after a new "[wild][]" repo is
    created by user action.
    Arguments: repo name, user name.
--- a/src/Gitolite/Hooks/Update.pm
+++ b/src/Gitolite/Hooks/Update.pm
@ -28,7 +28,7 @@ sub update {
    my $ret = access( $ENV{GL_REPO}, $ENV{GL_USER}, $aa, $ref );
    trace( 1, "access($ENV{GL_REPO}, $ENV{GL_USER}, $aa, $ref)", "-> $ret" );
-    trigger( 'ACCESS_CHECK', $ENV{GL_REPO}, $ENV{GL_USER}, $aa, $ref, $ret );
+    trigger( 'ACCESS_2', $ENV{GL_REPO}, $ENV{GL_USER}, $aa, $ref, $ret );
    _die $ret if $ret =~ /DENIED/;
    check_vrefs( $ref, $oldsha, $newsha, $oldtree, $newtree, $aa );
--- a/src/Gitolite/Rc.pm
+++ b/src/Gitolite/Rc.pm
@ -52,7 +52,6 @@ $UNSAFE_PATT          = qr([`~#\$\&()|;<>]);
 # find the rc file and 'do' it
 # ----------------------------------------------------------------------
 my $current_data_version = "3.0";
 my $rc = glrc('filename');
@ -64,11 +63,17 @@ if ( defined($GL_ADMINDIR) ) {
    exit 1;
 }
 # let values specified in rc file override our internal ones
 # ----------------------------------------------------------------------
@rc{ keys %RC } = values %RC;
-# (testing only) testing sometimes requires all of it to be overridden
+# add internal triggers
-# silently; use an env var that is highly unlikely to appear in real life :)
+# ----------------------------------------------------------------------
 # (testing only) override the rc file silently
 # ----------------------------------------------------------------------
 # use an env var that is highly unlikely to appear in real life :)
 do $ENV{G3T_RC} if exists $ENV{G3T_RC} and -r $ENV{G3T_RC};
 # fix some env vars, setup gitolite internal "env" vars (aka rc vars)
@ -277,6 +282,12 @@ __DATA__
            # 'continuation-lines',
        ],
    # comment out or uncomment as needed
    # these will run in sequence just after the first access check is done
    ACCESS_1                    =>
        [
        ],
    # comment out or uncomment as needed
    # these will run in sequence at the start, before a git operation has started
    PRE_GIT                     =>
@ -288,6 +299,12 @@ __DATA__
            # 'partial-copy',
        ],
    # comment out or uncomment as needed
    # these will run in sequence just after the second access check is done
    ACCESS_2                    =>
        [
        ],
    # comment out or uncomment as needed
    # these will run in sequence at the end, after a git operation has ended
    POST_GIT                    =>
@ -297,19 +314,19 @@ __DATA__
        ],
    # comment out or uncomment as needed
-    # these will run in sequence after post-update
+    # these will run in sequence after a new wild repo is created
-    POST_COMPILE                =>
+    POST_CREATE                 =>
        [
            'post-compile/ssh-authkeys',
            'post-compile/update-git-configs',
            'post-compile/update-gitweb-access-list',
            'post-compile/update-git-daemon-access-list',
        ],
    # comment out or uncomment as needed
-    # these will run in sequence after a new wild repo is created
+    # these will run in sequence after post-update
-    POST_CREATE                 =>
+    POST_COMPILE                =>
        [
            'post-compile/ssh-authkeys',
            'post-compile/update-git-configs',
            'post-compile/update-gitweb-access-list',
            'post-compile/update-git-daemon-access-list',
--- a/src/gitolite-shell
+++ b/src/gitolite-shell
@ -91,7 +91,7 @@ sub main {
    my $ret = access( $repo, $user, $aa, 'any' );
    trace( 1, "access($repo, $user, $aa, 'any')", "-> $ret" );
    gl_log( 'check1', $repo, $user, $aa, 'any', '->', $ret );
-    trigger( 'ACCESS_CHECK', $repo, $user, $aa, 'any', $ret );
+    trigger( 'ACCESS_1', $repo, $user, $aa, 'any', $ret );
    _die $ret . "\n(or you mis-spelled the reponame)" if $ret =~ /DENIED/;
    check_repo_write_enabled($repo) if $aa eq 'W';