allow setperms to override config file permissions
This commit is contained in:
Sitaram Chamarty
parent
fbe785adea
commit
9612e3a4cc
|
|
@ -110,7 +110,9 @@ $GIT_PATH="";
|
||||||
# You have 3 choices. By default $GL_GITCONFIG_KEYS is left empty, which
|
# You have 3 choices. By default $GL_GITCONFIG_KEYS is left empty, which
|
||||||
# completely disables this feature (meaning you cannot set git configs from
|
# completely disables this feature (meaning you cannot set git configs from
|
||||||
# the repo config).
|
# the repo config).
|
||||||
|
|
||||||
$GL_GITCONFIG_KEYS = "";
|
$GL_GITCONFIG_KEYS = "";
|
||||||
|
|
||||||
#
|
#
|
||||||
# The second choice is to give it a space separated list of settings you
|
# The second choice is to give it a space separated list of settings you
|
||||||
# consider safe. (These are actually treated as a set of regular expression
|
# consider safe. (These are actually treated as a set of regular expression
|
||||||
|
|
@ -146,7 +148,9 @@ $HTPASSWD_FILE = "";
|
||||||
# base path of all the files that are accessible via rsync. Must be an
|
# base path of all the files that are accessible via rsync. Must be an
|
||||||
# absolute path. Leave it undefined or set to the empty string to disable the
|
# absolute path. Leave it undefined or set to the empty string to disable the
|
||||||
# rsync helper.
|
# rsync helper.
|
||||||
|
|
||||||
$RSYNC_BASE = "";
|
$RSYNC_BASE = "";
|
||||||
|
|
||||||
# $RSYNC_BASE = "/home/git/up-down";
|
# $RSYNC_BASE = "/home/git/up-down";
|
||||||
# $RSYNC_BASE = "/tmp/up-down";
|
# $RSYNC_BASE = "/tmp/up-down";
|
||||||
|
|
||||||
|
|
@ -177,8 +181,23 @@ $SVNSERVE = "";
|
||||||
# This has now been rolled into master, with all the functionality gated by
|
# This has now been rolled into master, with all the functionality gated by
|
||||||
# this variable. Set this to 1 if you want to enable the wildrepos features.
|
# this variable. Set this to 1 if you want to enable the wildrepos features.
|
||||||
# Please see doc/4-wildcard-repositories.mkd for details.
|
# Please see doc/4-wildcard-repositories.mkd for details.
|
||||||
|
|
||||||
$GL_WILDREPOS = 0;
|
$GL_WILDREPOS = 0;
|
||||||
|
|
||||||
|
# --------------------------------------
|
||||||
|
# ALLOW SETPERMS TO OVERRIDE gitolite.conf
|
||||||
|
|
||||||
|
# A user can be given permissions to use a "wildcard created" repo using the
|
||||||
|
# "setperms" command run by the creator. However, if that same user is also
|
||||||
|
# explicitly listed in the config file as having a specific permission, and if
|
||||||
|
# that permission is different from what was specified using `setperms`, there
|
||||||
|
# is a conflict.
|
||||||
|
|
||||||
|
# Default behaviour is to let the config file permissions override the
|
||||||
|
# "setperms" permissions, but if you want it the other way, set this to 1.
|
||||||
|
|
||||||
|
$GL_SETPERMS_OVERRIDES_CONFIG = 0;
|
||||||
|
|
||||||
# --------------------------------------
|
# --------------------------------------
|
||||||
# HOOK CHAINING
|
# HOOK CHAINING
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -52,7 +52,7 @@ $Data::Dumper::Sortkeys = 1;
|
||||||
open STDOUT, ">", "/dev/null" if (@ARGV and shift eq '-q');
|
open STDOUT, ">", "/dev/null" if (@ARGV and shift eq '-q');
|
||||||
|
|
||||||
# these are set by the "rc" file
|
# these are set by the "rc" file
|
||||||
our ($GL_ADMINDIR, $GL_CONF, $GL_KEYDIR, $GL_CONF_COMPILED, $REPO_BASE, $REPO_UMASK, $PROJECTS_LIST, $GIT_PATH, $GL_WILDREPOS, $GL_GITCONFIG_KEYS, $GL_PACKAGE_HOOKS);
|
our ($GL_ADMINDIR, $GL_CONF, $GL_KEYDIR, $GL_CONF_COMPILED, $REPO_BASE, $REPO_UMASK, $PROJECTS_LIST, $GIT_PATH, $GL_WILDREPOS, $GL_GITCONFIG_KEYS, $GL_PACKAGE_HOOKS, $GL_SETPERMS_OVERRIDES_CONFIG);
|
||||||
# and these are set by gitolite.pm
|
# and these are set by gitolite.pm
|
||||||
our ($REPONAME_PATT, $REPOPATT_PATT, $USERNAME_PATT, $AUTH_COMMAND, $AUTH_OPTIONS, $ABRT, $WARN);
|
our ($REPONAME_PATT, $REPOPATT_PATT, $USERNAME_PATT, $AUTH_COMMAND, $AUTH_OPTIONS, $ABRT, $WARN);
|
||||||
|
|
||||||
|
|
@ -220,6 +220,8 @@ sub parse_conf_file
|
||||||
s/\bCREAT[EO]R\b/~\$creator/g for @users;
|
s/\bCREAT[EO]R\b/~\$creator/g for @users;
|
||||||
s/\bREADERS\b/\$readers/g for @users;
|
s/\bREADERS\b/\$readers/g for @users;
|
||||||
s/\bWRITERS\b/\$writers/g for @users;
|
s/\bWRITERS\b/\$writers/g for @users;
|
||||||
|
# and double it up if $GL_SETPERMS_OVERRIDES_CONFIG
|
||||||
|
do { s/\$(creator|readers|writers)\b/~\$$1/g for @users } if $GL_SETPERMS_OVERRIDES_CONFIG;
|
||||||
|
|
||||||
# ok, we can finally populate the %repos hash
|
# ok, we can finally populate the %repos hash
|
||||||
for my $repo (@repos) # each repo in the current stanza
|
for my $repo (@repos) # each repo in the current stanza
|
||||||
|
|
@ -366,7 +368,7 @@ my $dumped_data = Data::Dumper->Dump([\%repos], [qw(*repos)]);
|
||||||
# the dump uses single quotes, but we convert any strings containing $creator,
|
# the dump uses single quotes, but we convert any strings containing $creator,
|
||||||
# $readers, $writers, to double quoted strings. A wee bit sneaky, but not too
|
# $readers, $writers, to double quoted strings. A wee bit sneaky, but not too
|
||||||
# much...
|
# much...
|
||||||
$dumped_data =~ s/'(?=[^']*\$(?:creator|readers|writers|gl_user))~?(.*?)'/"$1"/g;
|
$dumped_data =~ s/'(?=[^']*\$(?:creator|readers|writers|gl_user))~*(.*?)'/"$1"/g;
|
||||||
print $compiled_fh $dumped_data;
|
print $compiled_fh $dumped_data;
|
||||||
close $compiled_fh or die "$ABRT close compiled-conf failed: $!\n";
|
close $compiled_fh or die "$ABRT close compiled-conf failed: $!\n";
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue