deac/gitolite
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

access() with a missing repo

Browse source 
when a real repo (i.e., not a groupname or such) doesn't exist, checking
any permission other than ^C will give invalid results unless ^C is ok
for the user in question.

Take a look at this:

    repo    foo/CREATOR/a[0-9][0-9]
        C   =   u2 u3
        RW+ =   CREATOR
        R   =   READERS u1

u1 looking for R access on foo/u1/a11 will otherwise result in
success.
This commit is contained in:
Sitaram Chamarty 2012-03-18 14:57:13 +05:30
parent c79f9d2381
commit 8dcc051e64
1 changed files with 11 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
src/Gitolite/Conf/Load.pm
View file

@ -65,6 +65,14 @@ sub access {
my ( $repo, $user, $aa, $ref ) = @_; my ( $repo, $user, $aa, $ref ) = @_;
load($repo); load($repo);
# when a real repo doesn't exist, ^C is a pre-requisite for any other
# check to give valid results.
if ( $aa ne '^C' and $repo !~ /^\@/ and $repo =~ $REPONAME_PATT and repo_missing($repo) ) {
my $iret = access( $repo, $user, '^C', $ref );
$iret =~ s/\^C/$aa/;
return $iret if $iret =~ /DENIED/;
}
my @rules = rules( $repo, $user ); my @rules = rules( $repo, $user );
trace( 2, scalar(@rules) . " rules found" ); trace( 2, scalar(@rules) . " rules found" );
for my $r (@rules) { for my $r (@rules) {
@ -315,7 +323,7 @@ sub user_roles {
my @roles = (); my @roles = ();
if ( -f $f ) { if ( -f $f ) {
my $fh = _open( "<", $f ); my $fh = _open( "<", $f );
chomp(@roles = <$fh>); chomp( @roles = <$fh> );
} }
push @roles, "CREATOR = " . creator($repo); push @roles, "CREATOR = " . creator($repo);
for (@roles) { for (@roles) {