(adc) admin-defined commands
This commit series allows an admin to designate a set of commands that
users can run. For example, he can allow users to delete a repo that
they have created:
ssh git@server rmrepo foo/me/bar
or fork (to use github's terminology) a repo they have "R" access to,
into a new one they have "C" access to:
ssh git@server fork foo/someone-else/bar foo/me/bar
Please see documentation for details
----
(this commit)
- (rc) new variable $GL_ADC_PATH; without this none of this is enabled
- (pm) new helper routine "cli_repo_rights" to get rights/ownership
from outside
- (auth) call $GL_ADC_PATH/$cmd if it exists
This commit is contained in:
Sitaram Chamarty
parent
6edc7a4d5f
commit
567e70ba40
|
|
@ -170,6 +170,15 @@ $GL_WILDREPOS = 0;
|
|||
# $UPDATE_CHAINS_TO = "hooks/update.secondary";
|
||||
# $ADMIN_POST_UPDATE_CHAINS_TO = "hooks/post-update.secondary";
|
||||
|
||||
# --------------------------------------
|
||||
# ADMIN DEFINED COMMANDS
|
||||
|
||||
# WARNING: Use this feature only if (a) you really really know what you're
|
||||
# doing or (b) you really don't care too much about security. Please read
|
||||
# doc/admin-defined-commands.mkd for details.
|
||||
|
||||
# $GL_ADC_PATH = "";
|
||||
|
||||
# --------------------------------------
|
||||
# per perl rules, this should be the last line in such a file:
|
||||
1;
|
||||
|
|
|
|||
|
|
@ -397,6 +397,14 @@ sub expand_wild
|
|||
}
|
||||
}
|
||||
|
||||
# helper/convenience routine to get rights and ownership from a shell command
|
||||
sub cli_repo_rights {
|
||||
my ($perm, $creater) = &repo_rights($_[0]);
|
||||
$perm =~ s/ /_/g;
|
||||
$creater =~ s/^\(|\)$//g;
|
||||
print "$perm $creater\n";
|
||||
}
|
||||
|
||||
# ----------------------------------------------------------------------------
|
||||
# S P E C I A L C O M M A N D S
|
||||
# ----------------------------------------------------------------------------
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@ use warnings;
|
|||
# ----------------------------------------------------------------------------
|
||||
|
||||
# these are set by the "rc" file
|
||||
our ($GL_LOGT, $GL_CONF_COMPILED, $REPO_BASE, $GIT_PATH, $REPO_UMASK, $GL_ADMINDIR, $RSYNC_BASE, $HTPASSWD_FILE, $GL_WILDREPOS);
|
||||
our ($GL_LOGT, $GL_CONF_COMPILED, $REPO_BASE, $GIT_PATH, $REPO_UMASK, $GL_ADMINDIR, $RSYNC_BASE, $HTPASSWD_FILE, $GL_WILDREPOS, $GL_ADC_PATH);
|
||||
# and these are set by gitolite.pm
|
||||
our ($R_COMMANDS, $W_COMMANDS, $REPONAME_PATT, $REPOPATT_PATT);
|
||||
our %repos;
|
||||
|
|
@ -100,6 +100,20 @@ unless ($ENV{SSH_ORIGINAL_COMMAND}) {
|
|||
$ENV{SSH_ORIGINAL_COMMAND} = 'info';
|
||||
}
|
||||
|
||||
# ----------------------------------------------------------------------------
|
||||
# admin defined commands
|
||||
# ----------------------------------------------------------------------------
|
||||
|
||||
# please see doc/admin-defined-commands.mkd for details
|
||||
if ($GL_ADC_PATH and -d $GL_ADC_PATH) {
|
||||
my ($cmd, @args) = split ' ', $ENV{SSH_ORIGINAL_COMMAND};
|
||||
if (-x "$GL_ADC_PATH/$cmd") {
|
||||
# yes this is rather strict, sorry.
|
||||
do { die "I don't like $_\n" unless $_ =~ $REPOPATT_PATT } for ($cmd, @args);
|
||||
exec("$GL_ADC_PATH/$cmd", @args);
|
||||
}
|
||||
}
|
||||
|
||||
# ----------------------------------------------------------------------------
|
||||
# get and set perms for actual repo created by wildcard-autoviv
|
||||
# ----------------------------------------------------------------------------
|
||||
|
|
|
|||
Loading…
Reference in a new issue