Revert "now you can disallow creation of new refs if you like"

This reverts commit 6d32e4e920.

see subsequent commits for why
This commit is contained in:
Sitaram Chamarty 2010-06-18 19:31:06 +05:30
parent bf1a9720af
commit 78c8caa24c
4 changed files with 5 additions and 38 deletions

View file

@ -92,6 +92,10 @@ review stuff :)
* gitolite doesnt do anything special to signed or annotated tags
* gitolite always allows creating a branch. The only way to prevent that is
to list out allowed branches explicitly (make sure you end the refex with
a `$`!).
* Force push is the same as delete: historically (and by default, even now)
gitolite does the same . However, I've only recently (and somewhat
reluctantly) changed gitolite to allow treating these two separately.

View file

@ -18,7 +18,6 @@ In this document:
* <a href="#better_logging">better logging</a>
* <a href="#exclude_or_deny_rules">"exclude" (or "deny") rules</a>
* <a href="#separating_delete_and_rewind_rights">separating delete and rewind rights</a>
* <a href="#separating_create_and_push_rights">separating create and push rights</a>
* <a href="#file_dir_NAME_based_restrictions">file/dir NAME based restrictions</a>
* <a href="#delegating_parts_of_the_config_file">delegating parts of the config file</a>
* <a href="#convenience_features">convenience features</a>
@ -384,40 +383,6 @@ message when you push, a non-existant user.
[sdrr]: http://groups.google.com/group/gitolite/browse_thread/thread/9f2b4358ce406d4c#
<a name="separating_create_and_push_rights"></a>
##### separating create and push rights
[note: the documentation took longer to write than the code ;-)]
Now you can disallow creation of new refs if you like.
Normally, when you try to update a ref (push a branch or a tag), it's checked
against all the refexes, and if none of them match for the operation you're
trying (W or +), or it matches a "-", the operation is denied.
That is, most refs are default "deny".
`CREATE_REF` is a "fake" refex that controls the ability to *create* a branch,
even if you are allowed to *push* changes to it.
The right to create a ref (i.e., push a brand new one), however, defaults to
"accept" unless a deny rule is found. This is mainly for backward compat
reasons, but also because this feature is rarely needed, so there's no point
burdening everyone with having to create the opposite rule.
So if you want to prevent someone from *creating* any branches that they
otherwise *can* push, make sure that the first rule that applies to them is a
`- CREATE_REF` rule, like line #3 below:
repo foo
RW+ = @leads
- CREATE_REF = @devs
RW+ = @devs
One side effect is that you now can no longer have an *actual* branch called
`CREATE_REF`. Oh well, into each life some rain must fall!
<a name="file_dir_NAME_based_restrictions"></a>
##### file/dir NAME based restrictions

View file

@ -82,8 +82,6 @@ push @allowed_refs, @ { $repos{$ENV{GL_REPO}}{'@all'} || [] };
# been specified
my @refs = ($ref); # the first ref to check is the real one
# if a new ref is being created, add a special ref to record that
push @refs, 'refs/heads/CREATE_REF' if $oldsha eq '0' x 40;
# because making it work screws up efficiency like no tomorrow...
if (exists $repos{$ENV{GL_REPO}}{NAME_LIMITS}) {
# this is special to git -- the hash of an empty tree

View file

@ -95,7 +95,7 @@ sub check_ref {
# as far as *this* ref is concerned we're ok
return $refex if ($ar->[2] =~ /\Q$perm/);
}
die "$perm $ref $repo $ENV{GL_USER} DENIED by fallthru\n" unless $ref eq 'refs/heads/CREATE_REF';
die "$perm $ref $repo $ENV{GL_USER} DENIED by fallthru\n";
}
# ln -sf :-)