compile, parse_acl: treat foo/CREATER (no regex metas) correctly

Teemu's testing brought up a situtation I had not anticipated: "repo foo/CREATER" looks like a non-regex, and its creation then (a) goes by "W" permissions instead of "C" permissions, and (b) the creater's name does not get recorded (no gl-creater file). SIDE NOTE: one way is to reduce the paranoia, and just put the creater name in anyway. Treat a repo created from gl-auth as a wildcard-matched autovivified repo, because the *other* kind would have actually got created by gl-compile anyway. However, I can think of *one* very far-out situation where this could backfire on an unwary admin, and I'm paranoid :-) So we need to force it to look like a regex. Moving the line-anchoring from `parse_acl` to gl-compile sounded fine, until I realised that the "$" isn't easy. Backslashitis, bigtime, plus the single/double quote tricks we're playing with the dumped hash adds its own complexities. Best of both worlds, promote the "^" to gl-compile, keep the "$" where it is...!
2009-12-11 09:52:29 +05:30 · 2009-12-11 09:52:29 +05:30 · 33fc0a7e9f
parent 135079c9d7
commit 33fc0a7e9f
2 changed files with 12 additions and 2 deletions
--- a/src/gitolite.pm
+++ b/src/gitolite.pm
@ -177,9 +177,15 @@ sub parse_acl
    return unless $repo;

    return $ENV{GL_REPOPATT} = "" if $repos{$repo};
-    my @matched = grep { $repo =~ /^$_$/ } sort keys %repos;
+
+    # didn't find $repo in %repos, so it must be a wildcard-match case
+
+    # note that the repo regexes in %repos have a leading ^ but not a trailing
+    # $; we need to add the $ here to complete the "line-anchoring"
+    my @matched = grep { $repo =~ /$_$/ } sort keys %repos;
    die "$repo has no matches\n" unless @matched;
    die "$repo has multiple matches\n@matched\n" if @matched > 1;
+
    # found exactly one pattern that matched, copy its ACL
    $repos{$repo} = $repos{$matched[0]};
    # and return the pattern
--- a/src/gl-compile-conf
+++ b/src/gl-compile-conf
@ -192,7 +192,11 @@ sub parse_conf_file
            @repos = split ' ', $1;
            @repos = expand_list ( @repos );

-            s/\bCREAT[EO]R\b/\$creater/g for @repos;
+            # CREAT[EO]R must be changed to $creater.  Also, prefix a "^" to
+            # force it to look like a regex.  Otherwise, foo/CREATER/bar (no
+            # regex metas) looks like an ordinary reponame, and the logic (in
+            # gl-auth) that decides when to allow autovivify gets confused.
+            s/\bCREAT[EO]R\b/\$creater/g && s/^/^/ for @repos;
        }
        # actual permission line
        elsif (/^(-|C|R|RW|RW\+) (.* )?= (.+)/)