@all for repos is now much cleaner; a true @all...
- no need to put it at the end of the config file now, yeaaay! - @all for @all is meaningless and not supported. People asking will be told to get a life or use git-daemon. - NAME/ limits for @all repos is ignored for efficiency reasons.
This commit is contained in:
parent
a3f1258a0a
commit
7bfb3676b7
|
@ -107,11 +107,8 @@ repo gitolite
|
||||||
repo @oss_repos
|
repo @oss_repos
|
||||||
R = @all
|
R = @all
|
||||||
|
|
||||||
# set permissions to all already defined repos
|
# set permissions to all repos. *Please* do see
|
||||||
# (a repository is defined if it has permission rules
|
# doc/3-faq-tips-etc.mkd for notes on this feature
|
||||||
# associated, empty "repo" stanza or "@group=..." line is
|
|
||||||
# not enough). *Please* do see doc/3-faq-tips-etc.mkd for
|
|
||||||
# some important notes on this feature
|
|
||||||
repo @all
|
repo @all
|
||||||
RW+ = @admins
|
RW+ = @admins
|
||||||
|
|
||||||
|
|
|
@ -126,16 +126,12 @@ seem to hurt anything. [Update 2009-09-14; this has been fixed in git
|
||||||
### `@all` syntax for repos
|
### `@all` syntax for repos
|
||||||
|
|
||||||
There *is* a way to use the `@all` syntax for repos also, as described in
|
There *is* a way to use the `@all` syntax for repos also, as described in
|
||||||
`conf/example.conf`. However, there is an important difference between this
|
`conf/example.conf`. However, there are a couple of minor cautions:
|
||||||
and the old `@all` (for users):
|
|
||||||
|
|
||||||
* `@all` for repos is immediately expanded, when found, into the currently
|
* don't use `NAME/` or such restrictions on the special `@all` repo. Due to
|
||||||
known list of repos. "Currently" means upto this point in the config
|
the potential for defeating a crucial optimisation and slowing down *all*
|
||||||
file, and "known" means having some user with some permissions associated
|
access, we do not support this.
|
||||||
with the repo!
|
* don't try giving `@all` users some permission for `@all` repos
|
||||||
|
|
||||||
* This means that if you really want *all* repos, you'd better put this para
|
|
||||||
at the **end** of the config file!
|
|
||||||
|
|
||||||
### umask setting
|
### umask setting
|
||||||
|
|
||||||
|
|
|
@ -185,8 +185,8 @@ allowed to *create* repos matching that pattern.
|
||||||
In addition, there is also the "expand" command, which takes any regex pattern
|
In addition, there is also the "expand" command, which takes any regex pattern
|
||||||
and returns you a list of all wildcard-created repos that you have access to
|
and returns you a list of all wildcard-created repos that you have access to
|
||||||
which fit that pattern. And if, as an administrator, you wish to list out
|
which fit that pattern. And if, as an administrator, you wish to list out
|
||||||
*every single* repo that your users have created, add this to the *end* of the
|
*every single* repo that your users have created, add this to your config
|
||||||
config file:
|
file:
|
||||||
|
|
||||||
repo @all
|
repo @all
|
||||||
R = sitaram # or whoever you are
|
R = sitaram # or whoever you are
|
||||||
|
|
|
@ -76,8 +76,9 @@ $perm = '+' if $ref =~ m(refs/tags/) and $oldsha ne ('0' x 40);
|
||||||
$perm = '+' if $oldsha ne $merge_base;
|
$perm = '+' if $oldsha ne $merge_base;
|
||||||
|
|
||||||
my @allowed_refs;
|
my @allowed_refs;
|
||||||
# we want specific perms to override @all, so they come first
|
# @all repos: see comments in similar code in check_access
|
||||||
push @allowed_refs, @ { $repos{$ENV{GL_REPO}}{$ENV{GL_USER}} || [] };
|
push @allowed_refs, @ { $repos{$ENV{GL_REPO}}{$ENV{GL_USER}} || [] };
|
||||||
|
push @allowed_refs, @ { $repos{'@all'} {$ENV{GL_USER}} || [] };
|
||||||
push @allowed_refs, @ { $repos{$ENV{GL_REPO}}{'@all'} || [] };
|
push @allowed_refs, @ { $repos{$ENV{GL_REPO}}{'@all'} || [] };
|
||||||
|
|
||||||
# prepare the list of refs to be checked
|
# prepare the list of refs to be checked
|
||||||
|
@ -88,6 +89,7 @@ push @allowed_refs, @ { $repos{$ENV{GL_REPO}}{'@all'} || [] };
|
||||||
# been specified
|
# been specified
|
||||||
|
|
||||||
my @refs = ($ref); # the first ref to check is the real one
|
my @refs = ($ref); # the first ref to check is the real one
|
||||||
|
# because making it work screws up efficiency like no tomorrow...
|
||||||
if (exists $repos{$ENV{GL_REPO}}{NAME_LIMITS}) {
|
if (exists $repos{$ENV{GL_REPO}}{NAME_LIMITS}) {
|
||||||
# this is special to git -- the hash of an empty tree
|
# this is special to git -- the hash of an empty tree
|
||||||
my $empty='4b825dc642cb6eb9a060e54bf8d69288fbee4904';
|
my $empty='4b825dc642cb6eb9a060e54bf8d69288fbee4904';
|
||||||
|
|
|
@ -284,9 +284,13 @@ sub report_basic
|
||||||
system("cat", ($GL_PACKAGE_CONF || "$GL_ADMINDIR/conf") . "/VERSION");
|
system("cat", ($GL_PACKAGE_CONF || "$GL_ADMINDIR/conf") . "/VERSION");
|
||||||
print "\ryou have the following permissions:\r\n";
|
print "\ryou have the following permissions:\r\n";
|
||||||
for my $r (sort keys %repos) {
|
for my $r (sort keys %repos) {
|
||||||
|
# @all repos; meaning of read/write flags:
|
||||||
|
# @ => @all users are allowed access to this repo
|
||||||
|
# r/w => you are allowed access to @all repos
|
||||||
|
# R/W => you are allowed access to this repo
|
||||||
my $perm .= ( $repos{$r}{C}{'@all'} ? ' @' : ( $repos{$r}{C}{$user} ? ' C' : ' ' ) );
|
my $perm .= ( $repos{$r}{C}{'@all'} ? ' @' : ( $repos{$r}{C}{$user} ? ' C' : ' ' ) );
|
||||||
$perm .= ( $repos{$r}{R}{'@all'} ? ' @' : ( $repos{$r}{R}{$user} ? ' R' : ' ' ) );
|
$perm .= ( $repos{$r}{R}{'@all'} ? ' @' : ( $repos{'@all'}{R}{$user} ? ' r' : ( $repos{$r}{R}{$user} ? ' R' : ' ' )));
|
||||||
$perm .= ( $repos{$r}{W}{'@all'} ? ' @' : ( $repos{$r}{W}{$user} ? ' W' : ' ' ) );
|
$perm .= ( $repos{$r}{W}{'@all'} ? ' @' : ( $repos{'@all'}{W}{$user} ? ' w' : ( $repos{$r}{W}{$user} ? ' W' : ' ' )));
|
||||||
print "$perm\t$r\r\n" if $perm =~ /\S/;
|
print "$perm\t$r\r\n" if $perm =~ /\S/;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -333,8 +337,9 @@ sub expand_wild
|
||||||
$creater = "($creater)";
|
$creater = "($creater)";
|
||||||
}
|
}
|
||||||
my $perm = ' ';
|
my $perm = ' ';
|
||||||
$perm .= ( $repos{$actual_repo}{R}{'@all'} ? ' @' : ( $repos{$actual_repo}{R}{$user} ? ' R' : ' ' ) );
|
# @all repos; see notes above
|
||||||
$perm .= ( $repos{$actual_repo}{W}{'@all'} ? ' @' : ( $repos{$actual_repo}{W}{$user} ? ' W' : ' ' ) );
|
$perm .= ( $repos{$actual_repo}{R}{'@all'} ? ' @' : ( $repos{'@all'}{R}{$user} ? ' r' : ( $repos{$actual_repo}{R}{$user} ? ' R' : ' ' )));
|
||||||
|
$perm .= ( $repos{$actual_repo}{W}{'@all'} ? ' @' : ( $repos{'@all'}{W}{$user} ? ' w' : ( $repos{$actual_repo}{W}{$user} ? ' W' : ' ' )));
|
||||||
next if $perm eq ' ';
|
next if $perm eq ' ';
|
||||||
print "$perm\t$creater\t$actual_repo\n";
|
print "$perm\t$creater\t$actual_repo\n";
|
||||||
}
|
}
|
||||||
|
@ -390,8 +395,11 @@ sub check_access
|
||||||
# bit, sadly), this code duplicates stuff in the current update hook.
|
# bit, sadly), this code duplicates stuff in the current update hook.
|
||||||
|
|
||||||
my @allowed_refs;
|
my @allowed_refs;
|
||||||
# we want specific perms to override @all, so they come first
|
# user+repo specific perms override everything else, so they come first.
|
||||||
|
# Then perms given to specific user for @all repos, and finally perms
|
||||||
|
# given to @all users for specific repo
|
||||||
push @allowed_refs, @ { $repos{$repo}{$ENV{GL_USER}} || [] };
|
push @allowed_refs, @ { $repos{$repo}{$ENV{GL_USER}} || [] };
|
||||||
|
push @allowed_refs, @ { $repos{'@all'}{$ENV{GL_USER}} || [] };
|
||||||
push @allowed_refs, @ { $repos{$repo}{'@all'} || [] };
|
push @allowed_refs, @ { $repos{$repo}{'@all'} || [] };
|
||||||
|
|
||||||
&check_ref(\@allowed_refs, $repo, $ref, $perm);
|
&check_ref(\@allowed_refs, $repo, $ref, $perm);
|
||||||
|
|
|
@ -188,6 +188,7 @@ my $perm = ($verb =~ $R_COMMANDS ? 'R' : 'W');
|
||||||
|
|
||||||
die "$perm access for $repo DENIED to $user\n"
|
die "$perm access for $repo DENIED to $user\n"
|
||||||
unless $repos{$repo}{$perm}{$user}
|
unless $repos{$repo}{$perm}{$user}
|
||||||
|
or $repos{'@all'}{$perm}{$user} # new: access to @all repos
|
||||||
or $repos{$repo}{$perm}{'@all'};
|
or $repos{$repo}{$perm}{'@all'};
|
||||||
|
|
||||||
# ----------------------------------------------------------------------------
|
# ----------------------------------------------------------------------------
|
||||||
|
|
|
@ -184,9 +184,7 @@ sub parse_conf_file
|
||||||
{
|
{
|
||||||
# grab the list and expand any @stuff in it
|
# grab the list and expand any @stuff in it
|
||||||
@repos = split ' ', $1;
|
@repos = split ' ', $1;
|
||||||
if (@repos == 1 and $repos[0] eq '@all') {
|
unless (@repos == 1 and $repos[0] eq '@all') {
|
||||||
@repos = keys %repos;
|
|
||||||
} else {
|
|
||||||
@repos = expand_list ( @repos );
|
@repos = expand_list ( @repos );
|
||||||
do { die "$ABRT bad reponame $_\n" unless ($GL_WILDREPOS ? $_ =~ $REPOPATT_PATT : $_ =~ $REPONAME_PATT) } for @repos;
|
do { die "$ABRT bad reponame $_\n" unless ($GL_WILDREPOS ? $_ =~ $REPOPATT_PATT : $_ =~ $REPONAME_PATT) } for @repos;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue