compile, parse_acl: treat foo/CREATER (no regex metas) correctly
Teemu's testing brought up a situtation I had not anticipated:
"repo foo/CREATER" looks like a non-regex, and its creation then (a)
goes by "W" permissions instead of "C" permissions, and (b) the
creater's name does not get recorded (no gl-creater file).
SIDE NOTE: one way is to reduce the paranoia, and just put the
creater name in anyway. Treat a repo created from gl-auth as a
wildcard-matched autovivified repo, because the *other* kind would
have actually got created by gl-compile anyway.
However, I can think of *one* very far-out situation where this
could backfire on an unwary admin, and I'm paranoid :-)
So we need to force it to look like a regex. Moving the line-anchoring
from `parse_acl` to gl-compile sounded fine, until I realised that the
"$" isn't easy. Backslashitis, bigtime, plus the single/double quote
tricks we're playing with the dumped hash adds its own complexities.
Best of both worlds, promote the "^" to gl-compile, keep the "$" where
it is...!
This commit is contained in:
Sitaram Chamarty
parent
135079c9d7
commit
33fc0a7e9f
2 changed files with 12 additions and 2 deletions
|
|
@ -177,9 +177,15 @@ sub parse_acl
|
|||
return unless $repo;
|
||||
|
||||
return $ENV{GL_REPOPATT} = "" if $repos{$repo};
|
||||
my @matched = grep { $repo =~ /^$_$/ } sort keys %repos;
|
||||
|
||||
# didn't find $repo in %repos, so it must be a wildcard-match case
|
||||
|
||||
# note that the repo regexes in %repos have a leading ^ but not a trailing
|
||||
# $; we need to add the $ here to complete the "line-anchoring"
|
||||
my @matched = grep { $repo =~ /$_$/ } sort keys %repos;
|
||||
die "$repo has no matches\n" unless @matched;
|
||||
die "$repo has multiple matches\n@matched\n" if @matched > 1;
|
||||
|
||||
# found exactly one pattern that matched, copy its ACL
|
||||
$repos{$repo} = $repos{$matched[0]};
|
||||
# and return the pattern
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue