From 34cfdb435509be311bc014fcc41088d57407d567 Mon Sep 17 00:00:00 2001
From: Sitaram Chamarty <sitaram@atc.tcs.com>
Date: Tue, 20 Mar 2012 10:18:02 +0530
Subject: [PATCH] add some checks to perms

  - check user auth
  - check role names in legacy mode
---
 src/commands/perms | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/src/commands/perms b/src/commands/perms
index e70ca81..45004dc 100755
--- a/src/commands/perms
+++ b/src/commands/perms
@@ -40,7 +40,7 @@ setperms(@ARGV);
 
 sub getperms {
     my $repo = shift;
-    _die "repo '$repo' missing" if repo_missing($repo);
+    _die "sorry you are not authorised" if repo_missing($repo) or creator($repo) ne $ENV{GL_USER};
     my $pf = "$rc{GL_REPO_BASE}/$repo.git/gl-perms";
 
     print slurp($pf) if -f $pf;
@@ -50,13 +50,18 @@ sub getperms {
 
 sub setperms {
     my $repo = shift;
-    _die "repo '$repo' missing" if repo_missing($repo);
+    _die "sorry you are not authorised" if repo_missing($repo) or creator($repo) ne $ENV{GL_USER};
     my $pf = "$rc{GL_REPO_BASE}/$repo.git/gl-perms";
 
     if ( not @_ ) {
         # legacy mode; pipe data in
         @ARGV = ();
-        _print( $pf, <> );
+        my @a;
+        for (<>) {
+            _die "Invalid role '$1'; check the rc file" if /(\S+)/ and not $rc{ROLES}{$1};
+            push @a, $_;
+        }
+        _print( $pf, @a );
         exit;
     }