deac/gitolite
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

new rc var: GL_ALL_READ_ALL

Browse source
This commit is contained in:
Sitaram Chamarty 2011-01-01 19:48:18 +05:30
parent e0f4bbaf16
commit 27081ad1c1
3 changed files with 17 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
conf/example.gitolite.rc
View file

@ -33,8 +33,10 @@ $GL_BIG_CONFIG = 0;
$GL_NO_DAEMON_NO_GITWEB = 0;
# ------------------------------------------------------------------------------
# VARIABLES WITH A SECURITY IMPACT
# VARIABLES WITH A SECURITY IMPACT. READ DOC WELL BEFORE CHANGING THESE.
# http://github.com/sitaramc/gitolite/blob/pu/doc/gitolite.rc.mkd#_variables_with_a_security_impact
# ------------------------------------------------------------------------------
# $GL_ALL_READ_ALL = 0;
$GIT_PATH="";
$GL_GITCONFIG_KEYS = "";
# $GL_GITCONFIG_WILD = 0;

7
doc/gitolite.rc.mkd
View file

@ -96,6 +96,13 @@ test suite, my actual production use, my time, and sometimes (LDAP comes to
mind) even my skill or resources available to me, and that therefore I depend
on feedback from my users to find or fix issues.
* `$GL_ALL_READ_ALL`, boolean, default undef
Eliminates the access control check for read access. Makes things much
(**much**!) faster when you have 10,000 projects and the compiled conf
file is more than 20MB in size! **Double check with your boss or have a
new job lined up before setting this on!**
* `$GIT_PATH`, string, default empty
If git on your server is on a standard path (that is `ssh git@server git

9
src/gl-auth-command
View file

@ -32,7 +32,7 @@ use warnings;
# ----------------------------------------------------------------------------
# these are set by the "rc" file
our ($GL_LOGT, $GL_CONF_COMPILED, $REPO_BASE, $GIT_PATH, $REPO_UMASK, $GL_ADMINDIR, $RSYNC_BASE, $HTPASSWD_FILE, $GL_WILDREPOS, $GL_WILDREPOS_DEFPERMS, $GL_ADC_PATH, $SVNSERVE, $PROJECTS_LIST, $GL_SLAVE_MODE, $GL_PERFLOGT);
our ($GL_LOGT, $GL_CONF_COMPILED, $REPO_BASE, $GIT_PATH, $REPO_UMASK, $GL_ADMINDIR, $RSYNC_BASE, $HTPASSWD_FILE, $GL_WILDREPOS, $GL_WILDREPOS_DEFPERMS, $GL_ADC_PATH, $SVNSERVE, $PROJECTS_LIST, $GL_SLAVE_MODE, $GL_PERFLOGT, $GL_ALL_READ_ALL);
# and these are set by gitolite.pm
our ($R_COMMANDS, $W_COMMANDS, $REPONAME_PATT, $REPOPATT_PATT, $ADC_CMD_ARGS_PATT);
our %repos;
@ -227,7 +227,12 @@ $ENV{GL_REPO}=$repo;
# first level permissions check
# ----------------------------------------------------------------------------
my ($perm, $creator, $wild) = &repo_rights($repo);
my ($perm, $creator, $wild);
if ( $GL_ALL_READ_ALL and $verb =~ $R_COMMANDS and -d "$ENV{GL_REPO_BASE_ABS}/$repo.git") {
$perm = 'R';
} else {
($perm, $creator, $wild) = &repo_rights($repo);
}
if ($perm =~ /C/) {
# it was missing, and you have create perms
wrap_chdir("$ENV{GL_REPO_BASE_ABS}");