From 8dcc051e645614ccd88f17aca1a269395759ef4e Mon Sep 17 00:00:00 2001 From: Sitaram Chamarty Date: Sun, 18 Mar 2012 14:57:13 +0530 Subject: [PATCH] access() with a missing repo when a real repo (i.e., not a groupname or such) doesn't exist, checking any permission other than ^C will give invalid results unless ^C is ok for the user in question. Take a look at this: repo foo/CREATOR/a[0-9][0-9] C = u2 u3 RW+ = CREATOR R = READERS u1 u1 looking for R access on foo/u1/a11 will otherwise result in success. --- src/Gitolite/Conf/Load.pm | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/src/Gitolite/Conf/Load.pm b/src/Gitolite/Conf/Load.pm index 45c44b1..b8d3c96 100644 --- a/src/Gitolite/Conf/Load.pm +++ b/src/Gitolite/Conf/Load.pm @@ -65,6 +65,14 @@ sub access { my ( $repo, $user, $aa, $ref ) = @_; load($repo); + # when a real repo doesn't exist, ^C is a pre-requisite for any other + # check to give valid results. + if ( $aa ne '^C' and $repo !~ /^\@/ and $repo =~ $REPONAME_PATT and repo_missing($repo) ) { + my $iret = access( $repo, $user, '^C', $ref ); + $iret =~ s/\^C/$aa/; + return $iret if $iret =~ /DENIED/; + } + my @rules = rules( $repo, $user ); trace( 2, scalar(@rules) . " rules found" ); for my $r (@rules) { @@ -310,12 +318,12 @@ sub user_roles { # eg == existing groups (that user is already known to be a member of) my %eg = map { $_ => 1 } @eg; - my %ret = (); - my $f = "$rc{GL_REPO_BASE}/$repo.git/gl-perms"; + my %ret = (); + my $f = "$rc{GL_REPO_BASE}/$repo.git/gl-perms"; my @roles = (); if ( -f $f ) { my $fh = _open( "<", $f ); - chomp(@roles = <$fh>); + chomp( @roles = <$fh> ); } push @roles, "CREATOR = " . creator($repo); for (@roles) {