Merge branch 'master' into pu-wildrepos

This commit is contained in:
Sitaram Chamarty 2010-02-01 10:48:17 +05:30
commit 29260476fb

View file

@ -218,8 +218,8 @@ Note that at this point no git program has entered the picture, and we have no
way of knowing what **ref** (branch, tag, etc) he is trying to update, even if way of knowing what **ref** (branch, tag, etc) he is trying to update, even if
it is a "write" operation. it is a "write" operation.
For a "read" operation to pass this check, the username (or `@all`) must be For a "read" operation to pass this check, the username (or `@all`) must have
mentioned on some line in the config for this repo. read permission (i.e., R, RW, or RW+) on at least one branch of the repo.
For a "write" operation, there is an additional restriction: lines specifying For a "write" operation, there is an additional restriction: lines specifying
only `R` (read access) don't count. *The user must have write access to only `R` (read access) don't count. *The user must have write access to
@ -363,7 +363,7 @@ already done and we just use it!
$export_auth_hook = sub { $export_auth_hook = sub {
my $reponame = shift; my $reponame = shift;
# gitweb passes us the full repo path; so we strip the beginning... # gitweb passes us the full repo path; so we strip the beginning...
$reponame =~ s/\Q$projectroot//; $reponame =~ s/\Q$projectroot\E\/?//;
# ...and the end, to get the repo name as it is specified in gitolite conf # ...and the end, to get the repo name as it is specified in gitolite conf
$reponame =~ s/\.git$//; $reponame =~ s/\.git$//;
@ -502,7 +502,9 @@ that code path to better use :-)
***IMPORTANT CAVEAT: if you use deny rules, the order of the rules also makes ***IMPORTANT CAVEAT: if you use deny rules, the order of the rules also makes
a difference, where earlier it did not. Please review your ruleset carefully a difference, where earlier it did not. Please review your ruleset carefully
or test it. In particular, do not use `@all` in a deny rule -- it won't work or test it. In particular, do not use `@all` in a deny rule -- it won't work
as you might expect***. as you might expect***. Also, deny rules are only processed in the second
level checks (see "two levels of access rights checking" above), which means
they only apply to write operations.
Take a look at the following snippet, which *seems* to say that "bruce" can Take a look at the following snippet, which *seems* to say that "bruce" can
write versioned tags (anything containing `refs/tags/v[0-9]`), but the other write versioned tags (anything containing `refs/tags/v[0-9]`), but the other