@all for repos is now much cleaner; a true @all...
- no need to put it at the end of the config file now, yeaaay! - @all for @all is meaningless and not supported. People asking will be told to get a life or use git-daemon. - NAME/ limits for @all repos is ignored for efficiency reasons.
This commit is contained in:
parent
a3f1258a0a
commit
7bfb3676b7
7 changed files with 28 additions and 26 deletions
|
@ -107,11 +107,8 @@ repo gitolite
|
|||
repo @oss_repos
|
||||
R = @all
|
||||
|
||||
# set permissions to all already defined repos
|
||||
# (a repository is defined if it has permission rules
|
||||
# associated, empty "repo" stanza or "@group=..." line is
|
||||
# not enough). *Please* do see doc/3-faq-tips-etc.mkd for
|
||||
# some important notes on this feature
|
||||
# set permissions to all repos. *Please* do see
|
||||
# doc/3-faq-tips-etc.mkd for notes on this feature
|
||||
repo @all
|
||||
RW+ = @admins
|
||||
|
||||
|
|
|
@ -126,16 +126,12 @@ seem to hurt anything. [Update 2009-09-14; this has been fixed in git
|
|||
### `@all` syntax for repos
|
||||
|
||||
There *is* a way to use the `@all` syntax for repos also, as described in
|
||||
`conf/example.conf`. However, there is an important difference between this
|
||||
and the old `@all` (for users):
|
||||
`conf/example.conf`. However, there are a couple of minor cautions:
|
||||
|
||||
* `@all` for repos is immediately expanded, when found, into the currently
|
||||
known list of repos. "Currently" means upto this point in the config
|
||||
file, and "known" means having some user with some permissions associated
|
||||
with the repo!
|
||||
|
||||
* This means that if you really want *all* repos, you'd better put this para
|
||||
at the **end** of the config file!
|
||||
* don't use `NAME/` or such restrictions on the special `@all` repo. Due to
|
||||
the potential for defeating a crucial optimisation and slowing down *all*
|
||||
access, we do not support this.
|
||||
* don't try giving `@all` users some permission for `@all` repos
|
||||
|
||||
### umask setting
|
||||
|
||||
|
|
|
@ -185,8 +185,8 @@ allowed to *create* repos matching that pattern.
|
|||
In addition, there is also the "expand" command, which takes any regex pattern
|
||||
and returns you a list of all wildcard-created repos that you have access to
|
||||
which fit that pattern. And if, as an administrator, you wish to list out
|
||||
*every single* repo that your users have created, add this to the *end* of the
|
||||
config file:
|
||||
*every single* repo that your users have created, add this to your config
|
||||
file:
|
||||
|
||||
repo @all
|
||||
R = sitaram # or whoever you are
|
||||
|
|
|
@ -76,8 +76,9 @@ $perm = '+' if $ref =~ m(refs/tags/) and $oldsha ne ('0' x 40);
|
|||
$perm = '+' if $oldsha ne $merge_base;
|
||||
|
||||
my @allowed_refs;
|
||||
# we want specific perms to override @all, so they come first
|
||||
# @all repos: see comments in similar code in check_access
|
||||
push @allowed_refs, @ { $repos{$ENV{GL_REPO}}{$ENV{GL_USER}} || [] };
|
||||
push @allowed_refs, @ { $repos{'@all'} {$ENV{GL_USER}} || [] };
|
||||
push @allowed_refs, @ { $repos{$ENV{GL_REPO}}{'@all'} || [] };
|
||||
|
||||
# prepare the list of refs to be checked
|
||||
|
@ -88,6 +89,7 @@ push @allowed_refs, @ { $repos{$ENV{GL_REPO}}{'@all'} || [] };
|
|||
# been specified
|
||||
|
||||
my @refs = ($ref); # the first ref to check is the real one
|
||||
# because making it work screws up efficiency like no tomorrow...
|
||||
if (exists $repos{$ENV{GL_REPO}}{NAME_LIMITS}) {
|
||||
# this is special to git -- the hash of an empty tree
|
||||
my $empty='4b825dc642cb6eb9a060e54bf8d69288fbee4904';
|
||||
|
|
|
@ -284,9 +284,13 @@ sub report_basic
|
|||
system("cat", ($GL_PACKAGE_CONF || "$GL_ADMINDIR/conf") . "/VERSION");
|
||||
print "\ryou have the following permissions:\r\n";
|
||||
for my $r (sort keys %repos) {
|
||||
my $perm .= ( $repos{$r}{C}{'@all'} ? ' @' : ( $repos{$r}{C}{$user} ? ' C' : ' ' ) );
|
||||
$perm .= ( $repos{$r}{R}{'@all'} ? ' @' : ( $repos{$r}{R}{$user} ? ' R' : ' ' ) );
|
||||
$perm .= ( $repos{$r}{W}{'@all'} ? ' @' : ( $repos{$r}{W}{$user} ? ' W' : ' ' ) );
|
||||
# @all repos; meaning of read/write flags:
|
||||
# @ => @all users are allowed access to this repo
|
||||
# r/w => you are allowed access to @all repos
|
||||
# R/W => you are allowed access to this repo
|
||||
my $perm .= ( $repos{$r}{C}{'@all'} ? ' @' : ( $repos{$r}{C}{$user} ? ' C' : ' ' ) );
|
||||
$perm .= ( $repos{$r}{R}{'@all'} ? ' @' : ( $repos{'@all'}{R}{$user} ? ' r' : ( $repos{$r}{R}{$user} ? ' R' : ' ' )));
|
||||
$perm .= ( $repos{$r}{W}{'@all'} ? ' @' : ( $repos{'@all'}{W}{$user} ? ' w' : ( $repos{$r}{W}{$user} ? ' W' : ' ' )));
|
||||
print "$perm\t$r\r\n" if $perm =~ /\S/;
|
||||
}
|
||||
}
|
||||
|
@ -333,8 +337,9 @@ sub expand_wild
|
|||
$creater = "($creater)";
|
||||
}
|
||||
my $perm = ' ';
|
||||
$perm .= ( $repos{$actual_repo}{R}{'@all'} ? ' @' : ( $repos{$actual_repo}{R}{$user} ? ' R' : ' ' ) );
|
||||
$perm .= ( $repos{$actual_repo}{W}{'@all'} ? ' @' : ( $repos{$actual_repo}{W}{$user} ? ' W' : ' ' ) );
|
||||
# @all repos; see notes above
|
||||
$perm .= ( $repos{$actual_repo}{R}{'@all'} ? ' @' : ( $repos{'@all'}{R}{$user} ? ' r' : ( $repos{$actual_repo}{R}{$user} ? ' R' : ' ' )));
|
||||
$perm .= ( $repos{$actual_repo}{W}{'@all'} ? ' @' : ( $repos{'@all'}{W}{$user} ? ' w' : ( $repos{$actual_repo}{W}{$user} ? ' W' : ' ' )));
|
||||
next if $perm eq ' ';
|
||||
print "$perm\t$creater\t$actual_repo\n";
|
||||
}
|
||||
|
@ -390,8 +395,11 @@ sub check_access
|
|||
# bit, sadly), this code duplicates stuff in the current update hook.
|
||||
|
||||
my @allowed_refs;
|
||||
# we want specific perms to override @all, so they come first
|
||||
# user+repo specific perms override everything else, so they come first.
|
||||
# Then perms given to specific user for @all repos, and finally perms
|
||||
# given to @all users for specific repo
|
||||
push @allowed_refs, @ { $repos{$repo}{$ENV{GL_USER}} || [] };
|
||||
push @allowed_refs, @ { $repos{'@all'}{$ENV{GL_USER}} || [] };
|
||||
push @allowed_refs, @ { $repos{$repo}{'@all'} || [] };
|
||||
|
||||
&check_ref(\@allowed_refs, $repo, $ref, $perm);
|
||||
|
|
|
@ -188,6 +188,7 @@ my $perm = ($verb =~ $R_COMMANDS ? 'R' : 'W');
|
|||
|
||||
die "$perm access for $repo DENIED to $user\n"
|
||||
unless $repos{$repo}{$perm}{$user}
|
||||
or $repos{'@all'}{$perm}{$user} # new: access to @all repos
|
||||
or $repos{$repo}{$perm}{'@all'};
|
||||
|
||||
# ----------------------------------------------------------------------------
|
||||
|
|
|
@ -184,9 +184,7 @@ sub parse_conf_file
|
|||
{
|
||||
# grab the list and expand any @stuff in it
|
||||
@repos = split ' ', $1;
|
||||
if (@repos == 1 and $repos[0] eq '@all') {
|
||||
@repos = keys %repos;
|
||||
} else {
|
||||
unless (@repos == 1 and $repos[0] eq '@all') {
|
||||
@repos = expand_list ( @repos );
|
||||
do { die "$ABRT bad reponame $_\n" unless ($GL_WILDREPOS ? $_ =~ $REPOPATT_PATT : $_ =~ $REPONAME_PATT) } for @repos;
|
||||
}
|
||||
|
|
Loading…
Add table
Reference in a new issue