compile, parse_acl: treat foo/CREATER (no regex metas) correctly
Teemu's testing brought up a situtation I had not anticipated: "repo foo/CREATER" looks like a non-regex, and its creation then (a) goes by "W" permissions instead of "C" permissions, and (b) the creater's name does not get recorded (no gl-creater file). SIDE NOTE: one way is to reduce the paranoia, and just put the creater name in anyway. Treat a repo created from gl-auth as a wildcard-matched autovivified repo, because the *other* kind would have actually got created by gl-compile anyway. However, I can think of *one* very far-out situation where this could backfire on an unwary admin, and I'm paranoid :-) So we need to force it to look like a regex. Moving the line-anchoring from `parse_acl` to gl-compile sounded fine, until I realised that the "$" isn't easy. Backslashitis, bigtime, plus the single/double quote tricks we're playing with the dumped hash adds its own complexities. Best of both worlds, promote the "^" to gl-compile, keep the "$" where it is...!
This commit is contained in:
parent
135079c9d7
commit
33fc0a7e9f
2 changed files with 12 additions and 2 deletions
|
@ -177,9 +177,15 @@ sub parse_acl
|
|||
return unless $repo;
|
||||
|
||||
return $ENV{GL_REPOPATT} = "" if $repos{$repo};
|
||||
my @matched = grep { $repo =~ /^$_$/ } sort keys %repos;
|
||||
|
||||
# didn't find $repo in %repos, so it must be a wildcard-match case
|
||||
|
||||
# note that the repo regexes in %repos have a leading ^ but not a trailing
|
||||
# $; we need to add the $ here to complete the "line-anchoring"
|
||||
my @matched = grep { $repo =~ /$_$/ } sort keys %repos;
|
||||
die "$repo has no matches\n" unless @matched;
|
||||
die "$repo has multiple matches\n@matched\n" if @matched > 1;
|
||||
|
||||
# found exactly one pattern that matched, copy its ACL
|
||||
$repos{$repo} = $repos{$matched[0]};
|
||||
# and return the pattern
|
||||
|
|
|
@ -192,7 +192,11 @@ sub parse_conf_file
|
|||
@repos = split ' ', $1;
|
||||
@repos = expand_list ( @repos );
|
||||
|
||||
s/\bCREAT[EO]R\b/\$creater/g for @repos;
|
||||
# CREAT[EO]R must be changed to $creater. Also, prefix a "^" to
|
||||
# force it to look like a regex. Otherwise, foo/CREATER/bar (no
|
||||
# regex metas) looks like an ordinary reponame, and the logic (in
|
||||
# gl-auth) that decides when to allow autovivify gets confused.
|
||||
s/\bCREAT[EO]R\b/\$creater/g && s/^/^/ for @repos;
|
||||
}
|
||||
# actual permission line
|
||||
elsif (/^(-|C|R|RW|RW\+) (.* )?= (.+)/)
|
||||
|
|
Loading…
Add table
Reference in a new issue