compile: remove the sortsub for data dumper
Data dumper was failing (returning an empty string!) on an input config
file of about 350 lines or so (output 2400 lines or so).
Removing the sort sub fixed the problem.
To recap why that sub was put in (see deleted lines in this commit for
details), what we really want is that $creater must appear *last* in the
resulting dump.
So we trick it. "man ascii" tells you that ~ is the highest valued
ASCII character (yes, I know, not utf-8 safe etc... I'll deal with that
if and when needed or punt!). So we just put that in front of $creater
and remove it later...
You *don't* want to do this for $readers and $writers -- then they will
once again sort *after* $creater, which would be a bad thing. Also,
it's probably better this way, because now the order of the hash keys
will be: $readers, $writers, any actual users listed, and then $creater.
This means the effective access rights will be:
1. if you are the creater you get CREATER's rights
2. else if your userid is listed *explicitly* in the config, you get
those rights
3. else if you've been setperm'd as a writer, you get WRITERS rights
4. else if you've been setperm'd as a reader, you get READERS rights
This is different from what used to happen till now; READERS and WRITERS
used to trump explicitly given rights. I'd been meaning to fix that
somehow, but never got around to it, until this DDD (damn Data Dumper!)
forced my hand :)
This commit is contained in:
Sitaram Chamarty
parent
05431233a2
commit
412a691810
|
|
@ -234,11 +234,6 @@ sub parse_acl
|
|||
my ($GL_CONF_COMPILED, $repo, $c, $r, $w) = @_;
|
||||
$c = $r = $w = "NOBODY" unless $GL_WILDREPOS;
|
||||
|
||||
# void $r if same as $w (otherwise "readers" overrides "writers"; this is
|
||||
# the same problem that needed a sort sub for the Dumper in the compile
|
||||
# script, but in this case it's limited to just $readers and $writers)
|
||||
$r = "NOBODY" if $r eq $w;
|
||||
|
||||
# set up the variables for a parse to interpolate stuff from the dumped
|
||||
# hash (remember the selective conversion of single to double quotes?).
|
||||
|
||||
|
|
|
|||
|
|
@ -5,15 +5,6 @@ use warnings;
|
|||
use Data::Dumper;
|
||||
$Data::Dumper::Indent = 1;
|
||||
$Data::Dumper::Sortkeys = 1;
|
||||
$Data::Dumper::Sortkeys = sub { return [ reverse sort keys %{$_[0]} ]; };
|
||||
# this is to make sure that $creater etc go to the end of the dumped hash.
|
||||
# Without this, a setup that has something like
|
||||
# @team = u1 u2 u3
|
||||
# repo priv/CREATER/.+
|
||||
# RW+ = CREATER
|
||||
# RW = @team
|
||||
# has a problem. The RW overrides the RW+ when the dumped hash is read in
|
||||
# (simply going by sequence), so creater's special privs are lost
|
||||
|
||||
# === add-auth-keys ===
|
||||
|
||||
|
|
@ -224,7 +215,7 @@ sub parse_conf_file
|
|||
unless (@users == 1 and $users[0] eq '@all');
|
||||
do { die "$ABRT bad username $_\n" unless $_ =~ $USERNAME_PATT } for @users;
|
||||
|
||||
s/\bCREAT[EO]R\b/\$creater/g for @users;
|
||||
s/\bCREAT[EO]R\b/~\$creater/g for @users;
|
||||
s/\bREADERS\b/\$readers/g for @users;
|
||||
s/\bWRITERS\b/\$writers/g for @users;
|
||||
|
||||
|
|
@ -368,7 +359,7 @@ my $dumped_data = Data::Dumper->Dump([\%repos], [qw(*repos)]);
|
|||
# the dump uses single quotes, but we convert any strings containing $creater,
|
||||
# $readers, $writers, to double quoted strings. A wee bit sneaky, but not too
|
||||
# much...
|
||||
$dumped_data =~ s/'(?=[^']*\$(?:creater|readers|writers|gl_user))(.*?)'/"$1"/g;
|
||||
$dumped_data =~ s/'(?=[^']*\$(?:creater|readers|writers|gl_user))~?(.*?)'/"$1"/g;
|
||||
print $compiled_fh $dumped_data;
|
||||
close $compiled_fh or die "$ABRT close compiled-conf failed: $!\n";
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue