allow setperms to override config file permissions

This commit is contained in:
Sitaram Chamarty 2010-05-14 10:52:58 +05:30
parent fbe785adea
commit 9612e3a4cc
2 changed files with 23 additions and 2 deletions

View file

@ -110,7 +110,9 @@ $GIT_PATH="";
# You have 3 choices. By default $GL_GITCONFIG_KEYS is left empty, which # You have 3 choices. By default $GL_GITCONFIG_KEYS is left empty, which
# completely disables this feature (meaning you cannot set git configs from # completely disables this feature (meaning you cannot set git configs from
# the repo config). # the repo config).
$GL_GITCONFIG_KEYS = ""; $GL_GITCONFIG_KEYS = "";
# #
# The second choice is to give it a space separated list of settings you # The second choice is to give it a space separated list of settings you
# consider safe. (These are actually treated as a set of regular expression # consider safe. (These are actually treated as a set of regular expression
@ -146,7 +148,9 @@ $HTPASSWD_FILE = "";
# base path of all the files that are accessible via rsync. Must be an # base path of all the files that are accessible via rsync. Must be an
# absolute path. Leave it undefined or set to the empty string to disable the # absolute path. Leave it undefined or set to the empty string to disable the
# rsync helper. # rsync helper.
$RSYNC_BASE = ""; $RSYNC_BASE = "";
# $RSYNC_BASE = "/home/git/up-down"; # $RSYNC_BASE = "/home/git/up-down";
# $RSYNC_BASE = "/tmp/up-down"; # $RSYNC_BASE = "/tmp/up-down";
@ -177,8 +181,23 @@ $SVNSERVE = "";
# This has now been rolled into master, with all the functionality gated by # This has now been rolled into master, with all the functionality gated by
# this variable. Set this to 1 if you want to enable the wildrepos features. # this variable. Set this to 1 if you want to enable the wildrepos features.
# Please see doc/4-wildcard-repositories.mkd for details. # Please see doc/4-wildcard-repositories.mkd for details.
$GL_WILDREPOS = 0; $GL_WILDREPOS = 0;
# --------------------------------------
# ALLOW SETPERMS TO OVERRIDE gitolite.conf
# A user can be given permissions to use a "wildcard created" repo using the
# "setperms" command run by the creator. However, if that same user is also
# explicitly listed in the config file as having a specific permission, and if
# that permission is different from what was specified using `setperms`, there
# is a conflict.
# Default behaviour is to let the config file permissions override the
# "setperms" permissions, but if you want it the other way, set this to 1.
$GL_SETPERMS_OVERRIDES_CONFIG = 0;
# -------------------------------------- # --------------------------------------
# HOOK CHAINING # HOOK CHAINING

View file

@ -52,7 +52,7 @@ $Data::Dumper::Sortkeys = 1;
open STDOUT, ">", "/dev/null" if (@ARGV and shift eq '-q'); open STDOUT, ">", "/dev/null" if (@ARGV and shift eq '-q');
# these are set by the "rc" file # these are set by the "rc" file
our ($GL_ADMINDIR, $GL_CONF, $GL_KEYDIR, $GL_CONF_COMPILED, $REPO_BASE, $REPO_UMASK, $PROJECTS_LIST, $GIT_PATH, $GL_WILDREPOS, $GL_GITCONFIG_KEYS, $GL_PACKAGE_HOOKS); our ($GL_ADMINDIR, $GL_CONF, $GL_KEYDIR, $GL_CONF_COMPILED, $REPO_BASE, $REPO_UMASK, $PROJECTS_LIST, $GIT_PATH, $GL_WILDREPOS, $GL_GITCONFIG_KEYS, $GL_PACKAGE_HOOKS, $GL_SETPERMS_OVERRIDES_CONFIG);
# and these are set by gitolite.pm # and these are set by gitolite.pm
our ($REPONAME_PATT, $REPOPATT_PATT, $USERNAME_PATT, $AUTH_COMMAND, $AUTH_OPTIONS, $ABRT, $WARN); our ($REPONAME_PATT, $REPOPATT_PATT, $USERNAME_PATT, $AUTH_COMMAND, $AUTH_OPTIONS, $ABRT, $WARN);
@ -220,6 +220,8 @@ sub parse_conf_file
s/\bCREAT[EO]R\b/~\$creator/g for @users; s/\bCREAT[EO]R\b/~\$creator/g for @users;
s/\bREADERS\b/\$readers/g for @users; s/\bREADERS\b/\$readers/g for @users;
s/\bWRITERS\b/\$writers/g for @users; s/\bWRITERS\b/\$writers/g for @users;
# and double it up if $GL_SETPERMS_OVERRIDES_CONFIG
do { s/\$(creator|readers|writers)\b/~\$$1/g for @users } if $GL_SETPERMS_OVERRIDES_CONFIG;
# ok, we can finally populate the %repos hash # ok, we can finally populate the %repos hash
for my $repo (@repos) # each repo in the current stanza for my $repo (@repos) # each repo in the current stanza
@ -366,7 +368,7 @@ my $dumped_data = Data::Dumper->Dump([\%repos], [qw(*repos)]);
# the dump uses single quotes, but we convert any strings containing $creator, # the dump uses single quotes, but we convert any strings containing $creator,
# $readers, $writers, to double quoted strings. A wee bit sneaky, but not too # $readers, $writers, to double quoted strings. A wee bit sneaky, but not too
# much... # much...
$dumped_data =~ s/'(?=[^']*\$(?:creator|readers|writers|gl_user))~?(.*?)'/"$1"/g; $dumped_data =~ s/'(?=[^']*\$(?:creator|readers|writers|gl_user))~*(.*?)'/"$1"/g;
print $compiled_fh $dumped_data; print $compiled_fh $dumped_data;
close $compiled_fh or die "$ABRT close compiled-conf failed: $!\n"; close $compiled_fh or die "$ABRT close compiled-conf failed: $!\n";