From 9612e3a4cc226ba78ca22ae733f1bd94a098ca28 Mon Sep 17 00:00:00 2001 From: Sitaram Chamarty Date: Fri, 14 May 2010 10:52:58 +0530 Subject: [PATCH] allow setperms to override config file permissions --- conf/example.gitolite.rc | 19 +++++++++++++++++++ src/gl-compile-conf | 6 ++++-- 2 files changed, 23 insertions(+), 2 deletions(-) diff --git a/conf/example.gitolite.rc b/conf/example.gitolite.rc index 550d6f3..ae4d077 100644 --- a/conf/example.gitolite.rc +++ b/conf/example.gitolite.rc @@ -110,7 +110,9 @@ $GIT_PATH=""; # You have 3 choices. By default $GL_GITCONFIG_KEYS is left empty, which # completely disables this feature (meaning you cannot set git configs from # the repo config). + $GL_GITCONFIG_KEYS = ""; + # # The second choice is to give it a space separated list of settings you # consider safe. (These are actually treated as a set of regular expression @@ -146,7 +148,9 @@ $HTPASSWD_FILE = ""; # base path of all the files that are accessible via rsync. Must be an # absolute path. Leave it undefined or set to the empty string to disable the # rsync helper. + $RSYNC_BASE = ""; + # $RSYNC_BASE = "/home/git/up-down"; # $RSYNC_BASE = "/tmp/up-down"; @@ -177,8 +181,23 @@ $SVNSERVE = ""; # This has now been rolled into master, with all the functionality gated by # this variable. Set this to 1 if you want to enable the wildrepos features. # Please see doc/4-wildcard-repositories.mkd for details. + $GL_WILDREPOS = 0; +# -------------------------------------- +# ALLOW SETPERMS TO OVERRIDE gitolite.conf + +# A user can be given permissions to use a "wildcard created" repo using the +# "setperms" command run by the creator. However, if that same user is also +# explicitly listed in the config file as having a specific permission, and if +# that permission is different from what was specified using `setperms`, there +# is a conflict. + +# Default behaviour is to let the config file permissions override the +# "setperms" permissions, but if you want it the other way, set this to 1. + +$GL_SETPERMS_OVERRIDES_CONFIG = 0; + # -------------------------------------- # HOOK CHAINING diff --git a/src/gl-compile-conf b/src/gl-compile-conf index f12a451..a6df657 100755 --- a/src/gl-compile-conf +++ b/src/gl-compile-conf @@ -52,7 +52,7 @@ $Data::Dumper::Sortkeys = 1; open STDOUT, ">", "/dev/null" if (@ARGV and shift eq '-q'); # these are set by the "rc" file -our ($GL_ADMINDIR, $GL_CONF, $GL_KEYDIR, $GL_CONF_COMPILED, $REPO_BASE, $REPO_UMASK, $PROJECTS_LIST, $GIT_PATH, $GL_WILDREPOS, $GL_GITCONFIG_KEYS, $GL_PACKAGE_HOOKS); +our ($GL_ADMINDIR, $GL_CONF, $GL_KEYDIR, $GL_CONF_COMPILED, $REPO_BASE, $REPO_UMASK, $PROJECTS_LIST, $GIT_PATH, $GL_WILDREPOS, $GL_GITCONFIG_KEYS, $GL_PACKAGE_HOOKS, $GL_SETPERMS_OVERRIDES_CONFIG); # and these are set by gitolite.pm our ($REPONAME_PATT, $REPOPATT_PATT, $USERNAME_PATT, $AUTH_COMMAND, $AUTH_OPTIONS, $ABRT, $WARN); @@ -220,6 +220,8 @@ sub parse_conf_file s/\bCREAT[EO]R\b/~\$creator/g for @users; s/\bREADERS\b/\$readers/g for @users; s/\bWRITERS\b/\$writers/g for @users; + # and double it up if $GL_SETPERMS_OVERRIDES_CONFIG + do { s/\$(creator|readers|writers)\b/~\$$1/g for @users } if $GL_SETPERMS_OVERRIDES_CONFIG; # ok, we can finally populate the %repos hash for my $repo (@repos) # each repo in the current stanza @@ -366,7 +368,7 @@ my $dumped_data = Data::Dumper->Dump([\%repos], [qw(*repos)]); # the dump uses single quotes, but we convert any strings containing $creator, # $readers, $writers, to double quoted strings. A wee bit sneaky, but not too # much... -$dumped_data =~ s/'(?=[^']*\$(?:creator|readers|writers|gl_user))~?(.*?)'/"$1"/g; +$dumped_data =~ s/'(?=[^']*\$(?:creator|readers|writers|gl_user))~*(.*?)'/"$1"/g; print $compiled_fh $dumped_data; close $compiled_fh or die "$ABRT close compiled-conf failed: $!\n";