deac/gitolite
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

the rarely-useful "@all users can access @all repos" thing...

Browse source
This commit is contained in:
Sitaram Chamarty 2011-10-07 09:17:38 +05:30
parent 696bffe605
commit 77f0b2da0e
3 changed files with 68 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
hooks/common/update
View file

@ -58,6 +58,7 @@ my @allowed_refs;
push @allowed_refs, @ { $repos{$ENV{GL_REPO}}{$ENV{GL_USER}} || [] }; push @allowed_refs, @ { $repos{$ENV{GL_REPO}}{$ENV{GL_USER}} || [] };
push @allowed_refs, @ { $repos{'@all'} {$ENV{GL_USER}} || [] }; push @allowed_refs, @ { $repos{'@all'} {$ENV{GL_USER}} || [] };
push @allowed_refs, @ { $repos{$ENV{GL_REPO}}{'@all'} || [] }; push @allowed_refs, @ { $repos{$ENV{GL_REPO}}{'@all'} || [] };
push @allowed_refs, @ { $repos{'@all'} {'@all'} || [] };
# prepare the list of refs to be checked # prepare the list of refs to be checked

11
src/gitolite.pm
View file

@ -605,11 +605,13 @@ sub report_basic
} }
# @all repos; meaning of read/write flags: # @all repos; meaning of read/write flags:
# @R => @all users are allowed access to this repo # @R => @all users are allowed access to this repo
# (Note: this now includes the rarely useful "@all users allowed
# access to @all repos" case)
# #R => you're a super user and can see @all repos # #R => you're a super user and can see @all repos
# R => normal access # R => normal access
my $perm .= ( $repos{$r}{C}{'@all'} ? ' @C' : ( $repos{$r}{C}{$user} ? ' C' : ' ' ) ); my $perm .= ( $repos{$r}{C}{'@all'} ? ' @C' : ( $repos{$r}{C}{$user} ? ' C' : ' ' ) );
$perm .= perm_code( $repos{$r}{R}{'@all'}, $repos{'@all'}{R}{$user}, $repos{$r}{R}{$user}, 'R'); $perm .= perm_code( $repos{$r}{R}{'@all'} || $repos{'@all'}{R}{'@all'}, $repos{'@all'}{R}{$user}, $repos{$r}{R}{$user}, 'R');
$perm .= perm_code( $repos{$r}{W}{'@all'}, $repos{'@all'}{W}{$user}, $repos{$r}{W}{$user}, 'W'); $perm .= perm_code( $repos{$r}{W}{'@all'} || $repos{'@all'}{W}{'@all'}, $repos{'@all'}{W}{$user}, $repos{$r}{W}{$user}, 'W');
print "$perm\t$r\r\n" if $perm =~ /\S/; print "$perm\t$r\r\n" if $perm =~ /\S/;
} }
print "only $BIG_INFO_CAP out of $count candidate repos examined\r\nplease use a partial reponame or regex pattern to limit output\r\n" if $GL_BIG_CONFIG and $count > $BIG_INFO_CAP; print "only $BIG_INFO_CAP out of $count candidate repos examined\r\nplease use a partial reponame or regex pattern to limit output\r\n" if $GL_BIG_CONFIG and $count > $BIG_INFO_CAP;
@ -810,8 +812,8 @@ sub add_repo_conf
delete $repos{$repo} if $perm !~ /C/ and $wild; delete $repos{$repo} if $perm !~ /C/ and $wild;
$creator = "<notfound>"; $creator = "<notfound>";
} }
$perm .= perm_code( $repos{$repo}{R}{'@all'}, $repos{'@all'}{R}{$ENV{GL_USER}}, $repos{$repo}{R}{$ENV{GL_USER}}, 'R' ); $perm .= perm_code( $repos{$repo}{R}{'@all'} || $repos{'@all'}{R}{'@all'}, $repos{'@all'}{R}{$ENV{GL_USER}}, $repos{$repo}{R}{$ENV{GL_USER}}, 'R' );
$perm .= perm_code( $repos{$repo}{W}{'@all'}, $repos{'@all'}{W}{$ENV{GL_USER}}, $repos{$repo}{W}{$ENV{GL_USER}}, 'W' ); $perm .= perm_code( $repos{$repo}{W}{'@all'} || $repos{'@all'}{W}{'@all'}, $repos{'@all'}{W}{$ENV{GL_USER}}, $repos{$repo}{W}{$ENV{GL_USER}}, 'W' );
# set up for caching %repos # set up for caching %repos
$last_repo = $repo; $last_repo = $repo;
@ -955,6 +957,7 @@ sub check_access
push @allowed_refs, @ { $repos{$repo}{$ENV{GL_USER}} || [] }; push @allowed_refs, @ { $repos{$repo}{$ENV{GL_USER}} || [] };
push @allowed_refs, @ { $repos{'@all'}{$ENV{GL_USER}} || [] }; push @allowed_refs, @ { $repos{'@all'}{$ENV{GL_USER}} || [] };
push @allowed_refs, @ { $repos{$repo}{'@all'} || [] }; push @allowed_refs, @ { $repos{$repo}{'@all'} || [] };
push @allowed_refs, @ { $repos{'@all'}{'@all'} || [] };
if ($dry_run) { if ($dry_run) {
return check_ref(\@allowed_refs, $repo, $ref, $aa, $dry_run); return check_ref(\@allowed_refs, $repo, $ref, $aa, $dry_run);

60
t/t10-all-yall Normal file
View file

@ -0,0 +1,60 @@
# vim: syn=sh:
for bc in 0 1
do
for ais in 0 1
do
cd $TESTDIR
$TESTDIR/rollback || die "rollback failed"
editrc GL_WILDREPOS 1
editrc GL_BIG_CONFIG $bc
echo "\$GL_ALL_INCLUDES_SPECIAL = $ais;" | addrc
name "INTERNAL"
echo "
repo @all
R = @all
repo foo
RW+ = u1
repo bar
RW+ = u2
repo dev/..*
C = u3 u4
RW+ = CREATOR
" | ugc
name "setup"
expect_push_ok "master -> master"
cd ~/td
runlocal git ls-remote u1:dev/wild1
expect "fatal: '$TEST_BASE_FULL/dev/wild1.git' does not appear to be a git repository"
expect "fatal: The remote end hung up unexpectedly"
runlocal git clone u3:dev/wild1
expect "Cloning into wild1..."
expect "Initialized empty Git repository in $TEST_BASE_FULL/dev/wild1.git/"
expect "warning: You appear to have cloned an empty repository."
cd wild1
mdc; mdc
runlocal git push origin master:wild1
expect "To u3:dev/wild1"
expect "* \[new branch\] master -> wild1"
runlocal git push u1:foo master:br-foo
expect "To u1:foo"
expect "* \[new branch\] master -> br-foo"
runlocal git push u2:bar master:br-bar
expect "To u2:bar"
expect "* \[new branch\] master -> br-bar"
runlocal git ls-remote u6:foo
expect refs/heads/br-foo
runlocal git ls-remote u6:bar
expect refs/heads/br-bar
runlocal git ls-remote u6:dev/wild1
expect refs/heads/wild1
done
done