access() learned a new trick :)
This commit is contained in:
parent
876b554fb5
commit
45348a4225
|
@ -10,8 +10,9 @@ use Gitolite::Conf::Load;
|
||||||
=for usage
|
=for usage
|
||||||
Usage: gitolite access [-q] <repo> <user> <perm> <ref>
|
Usage: gitolite access [-q] <repo> <user> <perm> <ref>
|
||||||
|
|
||||||
Check access rights for arguments given. With '-q', returns only an exit code
|
Print access rights for arguments given. The string printed has the word
|
||||||
(shell truth, not perl truth -- 0 is success, any non-0 is failure).
|
DENIED in it if access was denied. With '-q', returns only an exit code
|
||||||
|
(shell truth, not perl truth -- 0 is success).
|
||||||
|
|
||||||
- repo: mandatory
|
- repo: mandatory
|
||||||
- user: mandatory
|
- user: mandatory
|
||||||
|
@ -19,10 +20,26 @@ Check access rights for arguments given. With '-q', returns only an exit code
|
||||||
- ref: defauts to 'any'. See notes below
|
- ref: defauts to 'any'. See notes below
|
||||||
|
|
||||||
Notes:
|
Notes:
|
||||||
|
|
||||||
- ref: Any fully qualified ref ('refs/heads/master', not 'master') is fine.
|
- ref: Any fully qualified ref ('refs/heads/master', not 'master') is fine.
|
||||||
The 'any' ref is special -- it ignores deny rules (see docs for what this
|
The 'any' ref is special -- it ignores deny rules (see docs for what this
|
||||||
means and exceptions).
|
means and exceptions).
|
||||||
|
|
||||||
|
Advanced use (examples only):
|
||||||
|
|
||||||
|
gitolite list-phy-repos | gitolite access % gitweb R | grep -v DENIED | cut -f1 > ~/projects.list
|
||||||
|
# now people can stop thinking gitolite has anything to do with gitweb!
|
||||||
|
|
||||||
|
gitolite list-phy-repos | grep foo |
|
||||||
|
perl -lne 'print "$_ gitweb\n$_ daemon"' |
|
||||||
|
gitolite access % % R | grep -v DENIED | cut -f1 > insecure.repos
|
||||||
|
|
||||||
|
For each case where access is not denied, one line is printed like this:
|
||||||
|
|
||||||
|
reponame<tab>username<tab>access rights
|
||||||
|
|
||||||
|
This is orders of magnitude faster than running the command multiple times;
|
||||||
|
you'll notice if you have more than a hundred or so repos.
|
||||||
|
|
||||||
=cut
|
=cut
|
||||||
|
|
||||||
# TODO: deal with "C", call it ^C
|
# TODO: deal with "C", call it ^C
|
||||||
|
@ -35,13 +52,15 @@ my ( $repo, $user, $aa, $ref ) = @ARGV;
|
||||||
$aa ||= '+';
|
$aa ||= '+';
|
||||||
$ref ||= 'any';
|
$ref ||= 'any';
|
||||||
# XXX the 4th one below might need fine tuning
|
# XXX the 4th one below might need fine tuning
|
||||||
_die "invalid repo name" if not( $repo and $repo =~ $REPONAME_PATT );
|
|
||||||
_die "invalid user name" if not( $user and $user =~ $USERNAME_PATT );
|
|
||||||
_die "invalid perm" if not( $aa and $aa =~ /^(R|W|\+|C|D|M)$/ );
|
_die "invalid perm" if not( $aa and $aa =~ /^(R|W|\+|C|D|M)$/ );
|
||||||
_die "invalid ref name" if not( $ref and $ref =~ $REPONAME_PATT );
|
_die "invalid ref name" if not( $ref and $ref =~ $REPONAME_PATT );
|
||||||
|
|
||||||
my $ret = '';
|
my $ret = '';
|
||||||
|
|
||||||
|
if ( $repo ne '%' and $user ne '%' ) {
|
||||||
|
# single repo, single user; no STDIN
|
||||||
|
_die "invalid repo name" if not( $repo and $repo =~ $REPONAME_PATT );
|
||||||
|
_die "invalid user name" if not( $user and $user =~ $USERNAME_PATT );
|
||||||
$ret = access( $repo, $user, $aa, $ref );
|
$ret = access( $repo, $user, $aa, $ref );
|
||||||
|
|
||||||
if ( $ret =~ /DENIED/ ) {
|
if ( $ret =~ /DENIED/ ) {
|
||||||
|
@ -51,3 +70,17 @@ if ( $ret =~ /DENIED/ ) {
|
||||||
|
|
||||||
print "$ret\n" unless $quiet;
|
print "$ret\n" unless $quiet;
|
||||||
exit 0;
|
exit 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
$repo = '' if $repo eq '%';
|
||||||
|
$user = '' if $user eq '%';
|
||||||
|
|
||||||
|
_die "'-q' doesn't go with using a pipe" if $quiet;
|
||||||
|
@ARGV = ();
|
||||||
|
while (<>) {
|
||||||
|
my @in = split;
|
||||||
|
my $r = $repo || shift @in;
|
||||||
|
my $u = $user || shift @in;
|
||||||
|
$ret = access( $r, $u, $aa, $ref );
|
||||||
|
print "$r\t$u\t$ret\n";
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in a new issue