From 648676faec315ca998796f86b18ac81a87169230 Mon Sep 17 00:00:00 2001
From: Sitaram Chamarty <sitaram@atc.tcs.com>
Date: Fri, 20 Aug 2010 20:55:23 +0530
Subject: [PATCH] gitweb and daemon should now work even from within setperms

modifications:

  - call setup_gitweb_access and setup_daemon_access from with
    get_set_perms so when the user sets a perm explicitly it works
  - in setup_gitweb_access, do not delete description file or
    gitweb.owner if the repo is wild
  - make the "fork" adc set gitweb.owner *and* call setperms using
    GL_WILDREPOS_DEFPERMS
  - add tests

bug fixes:

  - gl-auth did not even *look* at GL_WILDREPOS_DEFPERMS when
    auto-"C"reating a wild repo; fixed
  - setup_gitweb_access did not delete the description file as
    consistently as it deleted the owner

what will NOT work:

  - removing gitweb permissions does not clear the name from
    "projects.list".  That's complicated, so just wait till the next
    "compile" to make this happen

(thanks to Jefferai for driving this...)

----

mildly puzzling:

    for some strange reason, after a "git ls-remote ...try3" in t58,
    instead of not creating a "description" file, we started seeing a
    73-byte file containing this message:

    Unnamed repository; edit this file 'description' to name the repository.
---
 contrib/adc/fork                 |   5 +-
 src/gitolite.pm                  |  48 +++++++-----
 src/gl-auth-command              |   2 +
 t/t58-daemon-gitweb-wild         |   2 +-
 t/t60-daemon-gitweb-via-setperms | 128 +++++++++++++++++++++++++++++++
 5 files changed, 163 insertions(+), 22 deletions(-)
 create mode 100644 t/t60-daemon-gitweb-via-setperms

diff --git a/contrib/adc/fork b/contrib/adc/fork
index 3baab01..b3cac93 100755
--- a/contrib/adc/fork
+++ b/contrib/adc/fork
@@ -15,9 +15,12 @@ get_rights_and_owner $to
 git clone --bare -l $GL_REPO_BASE_ABS/$from.git $GL_REPO_BASE_ABS/$to.git
 [ $? -ne 0 ] && exit 1
 
-# fix up creator, and hooks
+# fix up creator, gitweb owner, and hooks
 cd $GL_REPO_BASE_ABS/$to.git
 echo $GL_USER > gl-creater
+git config gitweb.owner "$GL_USER"
+( cd $HOME;perl -e 'do ".gitolite.rc"; print $GL_WILDREPOS_DEFPERMS' ) |
+    SSH_ORIGINAL_COMMAND="setperms $to" $GL_BINDIR/gl-auth-command $GL_USER
 cp -R $GL_REPO_BASE_ABS/$from.git/hooks/* $GL_REPO_BASE_ABS/$to.git/hooks
 
 if [ -n "$GL_WILDREPOS_DEFPERMS" ]; then
diff --git a/src/gitolite.pm b/src/gitolite.pm
index f749264..13a761d 100644
--- a/src/gitolite.pm
+++ b/src/gitolite.pm
@@ -38,7 +38,7 @@ our $USERNAME_PATT=qr(^\@?[0-9a-zA-Z][0-9a-zA-Z._\@+-]*$);  # very simple patter
 our $REPOPATT_PATT=qr(^\@?[0-9a-zA-Z[][\\^.$|()[\]*+?{}0-9a-zA-Z._\@/-]*$);
 
 # these come from the RC file
-our ($REPO_UMASK, $GL_WILDREPOS, $GL_PACKAGE_CONF, $GL_PACKAGE_HOOKS, $REPO_BASE, $GL_CONF_COMPILED, $GL_BIG_CONFIG, $GL_PERFLOGT);
+our ($REPO_UMASK, $GL_WILDREPOS, $GL_PACKAGE_CONF, $GL_PACKAGE_HOOKS, $REPO_BASE, $GL_CONF_COMPILED, $GL_BIG_CONFIG, $GL_PERFLOGT, $PROJECTS_LIST);
 our %repos;
 our %groups;
 our %repo_config;
@@ -59,6 +59,13 @@ sub wrap_open {
     return $fh;
 }
 
+sub wrap_print {
+    my ($file, $text) = @_;
+    my $fh = wrap_open(">", $file);
+    print $fh $text;
+    close($fh);
+}
+
 sub dbg {
     for my $i (@_) {
         print STDERR "DBG: $i\n";
@@ -269,6 +276,10 @@ sub get_set_perms
         system("cat > gl-perms");
         print "New perms are:\n";
         system("cat", "gl-perms");
+
+        # gitweb and daemon
+        setup_daemon_access($repo);
+        system("echo $repo.git >> $PROJECTS_LIST") if &setup_gitweb_access($repo, '', '');
     }
 }
 
@@ -342,26 +353,22 @@ sub setup_gitweb_access
 # this also sets "owner" for gitweb, by the way
 {
     my ($repo, $desc, $owner) = @_;
-    my $ret = 0;
+    my $is_wild = -f "gl-creater";
+        # we may override but we do not remove gitweb.owner and description
+        # for wild repos
 
-    # passing in a descr implies 'R = gitweb'
-    if ($desc or &can_read($repo, 'gitweb')) {
-        $ret = 1;
-        if ($desc) {
-            open(DESC, ">", $desc_file);
-            print DESC $desc . "\n";
-            close DESC;
-        }
-        if ($owner) {
-            # set the repository owner
-            system("git", "config", "gitweb.owner", $owner);
-        } else {
-            # remove the repository owner setting
-            system("git config --unset-all gitweb.owner 2>/dev/null");
-        }
+    if ($desc) {
+        open(DESC, ">", $desc_file);
+        print DESC $desc . "\n";
+        close DESC;
     } else {
-        unlink $desc_file;
-        system("git config --unset-all gitweb.owner 2>/dev/null");
+        unlink $desc_file unless $is_wild;
+    }
+
+    if ($owner) {
+        system("git", "config", "gitweb.owner", $owner);
+    } else {
+        system("git config --unset-all gitweb.owner 2>/dev/null") unless $is_wild;
     }
 
     # if there are no gitweb.* keys set, remove the section to keep the config file clean
@@ -370,7 +377,8 @@ sub setup_gitweb_access
         system("git config --remove-section gitweb 2>/dev/null");
     }
 
-    return $ret;
+    return ($desc or &can_read($repo, 'gitweb'));
+        # this return value is used by the caller to write to projects.list
 }
 
 # ----------------------------------------------------------------------------
diff --git a/src/gl-auth-command b/src/gl-auth-command
index 315482c..9870b2d 100755
--- a/src/gl-auth-command
+++ b/src/gl-auth-command
@@ -195,6 +195,8 @@ if ($perm =~ /C/) {
     # it was missing, and you have create perms
     wrap_chdir("$ENV{GL_REPO_BASE_ABS}");
     new_repo($repo, "$GL_ADMINDIR/hooks/common", $user);
+        # note pwd is not the bare "repo.git"; new_repo does that...
+    wrap_print("gl-perms", "$GL_WILDREPOS_DEFPERMS\n") if $GL_WILDREPOS_DEFPERMS;
     &setup_repo_configs($repo, \%repo_config);
     &setup_daemon_access($repo);
     system("echo $repo.git >> $PROJECTS_LIST") if &setup_gitweb_access($repo, '', '');
diff --git a/t/t58-daemon-gitweb-wild b/t/t58-daemon-gitweb-wild
index cab1695..67e2ba5 100644
--- a/t/t58-daemon-gitweb-wild
+++ b/t/t58-daemon-gitweb-wild
@@ -78,7 +78,7 @@ do
     runremote cat repositories/bar/u1/try1.git/description
     expect "this is bar/u1/try1"
     runremote cat repositories/bar/u1/try3.git/description
-    expect "cat: repositories/bar/u1/try3.git/description: No such file or directory"
+    expect "Unnamed repository; edit this file 'description' to name the repository."
 
     name "now compile and recheck try3 stuff"
     echo "
diff --git a/t/t60-daemon-gitweb-via-setperms b/t/t60-daemon-gitweb-via-setperms
new file mode 100644
index 0000000..47bc5b7
--- /dev/null
+++ b/t/t60-daemon-gitweb-via-setperms
@@ -0,0 +1,128 @@
+# vim: syn=sh:
+for bc in 0 1
+do
+    cd $TESTDIR
+    $TESTDIR/rollback || die "rollback failed"
+    editrc GL_WILDREPOS 1
+    editrc GL_BIG_CONFIG $bc
+
+    name "INTERNAL"
+    echo "
+        @leads = u1 u2
+        @devs = u1 u2 u3 u4
+
+        @gbar = bar/CREATOR/..*
+        repo    @gbar
+            C               =   @leads
+            RW+             =   @leads
+            RW              =   WRITERS @devs
+            R               =   READERS
+    " | ugc
+    name "nothing set yet"
+    expect_push_ok "master -> master"
+
+    runlocal git ls-remote u1:bar/u1/try1
+    runremote ls -al repositories/bar/u1/try1.git/git-daemon-export-ok
+    expect "ls: cannot access repositories/bar/u1/try1.git/git-daemon-export-ok: No such file or directory"
+    runremote ls -al projects.list
+    expect "gitolite-test gitolite-test 12 .* projects.list"
+    runremote cat projects.list
+    notexpect "bar/u1/try1.git"
+
+    runlocal git ls-remote u1:bar/u1/try2
+    runremote ls -al repositories/bar/u1/try2.git/git-daemon-export-ok
+    expect "ls: cannot access repositories/bar/u1/try2.git/git-daemon-export-ok: No such file or directory"
+    runremote ls -al projects.list
+    expect "gitolite-test gitolite-test 12 .* projects.list"
+    runremote cat projects.list
+    notexpect "bar/u1/try2.git"
+
+    name "add daemon access to try1"
+    echo R daemon | runlocal ssh u1 setperms bar/u1/try1
+    expect "R daemon"
+
+    runremote ls -al repositories/bar/u1/try1.git/git-daemon-export-ok
+    expect "gitolite-test gitolite-test .* repositories/bar/u1/try1.git/git-daemon-export-ok"
+    runremote ls -al projects.list
+    expect "gitolite-test gitolite-test 12 .* projects.list"
+    runremote cat projects.list
+    notexpect "bar/u1/try1.git"
+
+    name "add gitweb access to try2"
+    echo R gitweb | runlocal ssh u1 setperms bar/u1/try2
+    expect "R gitweb"
+
+    runremote ls -al repositories/bar/u1/try2.git/git-daemon-export-ok
+    expect "ls: cannot access repositories/bar/u1/try2.git/git-daemon-export-ok: No such file or directory"
+    runremote ls -al projects.list
+    expect "gitolite-test gitolite-test 28 .* projects.list"
+    runremote cat projects.list
+    expect "bar/u1/try2.git"
+
+    echo "\$GL_WILDREPOS_DEFPERMS = 'R daemon';" | addrc
+
+    name "add default daemon access"
+    runlocal git ls-remote u1:bar/u1/try3
+    runremote ls -al repositories/bar/u1/try3.git/git-daemon-export-ok
+    expect "gitolite-test gitolite-test .* repositories/bar/u1/try3.git/git-daemon-export-ok"
+    runremote ls -al projects.list
+    expect "gitolite-test gitolite-test 28 .* projects.list"
+    runremote cat projects.list
+    notexpect "bar/u1/try3.git"
+
+    name "add default gitweb access"
+    echo "\$GL_WILDREPOS_DEFPERMS = 'R gitweb';" | addrc
+
+    runlocal git ls-remote u1:bar/u1/try4
+    runremote ls -al repositories/bar/u1/try4.git/git-daemon-export-ok
+    expect "ls: cannot access repositories/bar/u1/try4.git/git-daemon-export-ok: No such file or directory"
+    runremote ls -al projects.list
+    expect "gitolite-test gitolite-test 44 .* projects.list"
+    runremote cat projects.list
+    expect "bar/u1/try4.git"
+
+    name "add default both access"
+    echo "\$GL_WILDREPOS_DEFPERMS = 'R daemon gitweb';" | addrc
+
+    runlocal git ls-remote u1:bar/u1/try5
+    runremote ls -al repositories/bar/u1/try5.git/git-daemon-export-ok
+    expect "gitolite-test gitolite-test .* repositories/bar/u1/try5.git/git-daemon-export-ok"
+    runremote ls -al projects.list
+    expect "gitolite-test gitolite-test 60 .* projects.list"
+    runremote cat projects.list
+    expect "bar/u1/try5.git"
+
+    name "add default both access with @all also"
+    echo "\$GL_WILDREPOS_DEFPERMS = 'R @all daemon gitweb';" | addrc
+
+    runlocal git ls-remote u1:bar/u1/try6
+    runremote ls -al repositories/bar/u1/try6.git/git-daemon-export-ok
+    expect "gitolite-test gitolite-test .* repositories/bar/u1/try6.git/git-daemon-export-ok"
+    runremote ls -al projects.list
+    expect "gitolite-test gitolite-test 76 .* projects.list"
+    runremote cat projects.list
+    expect "bar/u1/try6.git"
+
+    name "remove all from u6"
+    < /dev/null runlocal ssh u1 setperms bar/u1/try6
+
+    runlocal git ls-remote u1:bar/u1/try6
+    runremote ls -al repositories/bar/u1/try6.git/git-daemon-export-ok
+    expect "ls: cannot access repositories/bar/u1/try6.git/git-daemon-export-ok: No such file or directory"
+    # projects.list currently does not get cleared until a compile, so you
+    # will still see the entry for .../try6
+    runremote ls -al projects.list
+    expect "gitolite-test gitolite-test 76 .* projects.list"
+    runremote cat projects.list
+    expect "bar/u1/try6.git"
+
+    echo | ugc
+    runremote ls -al projects.list
+    expect "gitolite-test gitolite-test 60 .* projects.list"
+    runremote cat projects.list
+    # but *now* it should be gone
+    notexpect "bar/u1/try6.git"
+
+    name "INTERNAL"
+
+done