new features relating to creating wild repos:
- new 'create' command for explicit creation - new 'AutoCreate' trigger to prevent auto-creation on read operations or both read and write operations - a few related fixups to the perms command
This commit is contained in:
parent
96be9503ef
commit
96cc2eaf41
4 changed files with 51 additions and 10 deletions
15
src/commands/create
Executable file
15
src/commands/create
Executable file
|
@ -0,0 +1,15 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# Usage: ssh git@host create <repo>
|
||||||
|
#
|
||||||
|
# Create wild repo.
|
||||||
|
|
||||||
|
die() { echo "$@" >&2; exit 1; }
|
||||||
|
usage() { perl -lne 'print substr($_, 2) if /^# Usage/../^$/' < $0; exit 1; }
|
||||||
|
[ -z "$1" ] && usage
|
||||||
|
[ -z "$2" ] || usage
|
||||||
|
[ "$1" = "-h" ] && usage
|
||||||
|
[ -z "$GL_USER" ] && die GL_USER not set
|
||||||
|
|
||||||
|
# ----------------------------------------------------------------------
|
||||||
|
exec $GL_BINDIR/commands/perms -c "$@" < /dev/null
|
|
@ -46,18 +46,20 @@ if ( $ARGV[0] eq '-l' ) {
|
||||||
# auto-create the repo if -c passed and repo doesn't exist
|
# auto-create the repo if -c passed and repo doesn't exist
|
||||||
if ( $ARGV[0] eq '-c' ) {
|
if ( $ARGV[0] eq '-c' ) {
|
||||||
shift;
|
shift;
|
||||||
my $repo = $ARGV[0];
|
my $repo = $ARGV[0] or usage();
|
||||||
_die "invalid repo '$repo'" unless $repo =~ $REPONAME_PATT;
|
_die "invalid repo '$repo'" unless $repo =~ $REPONAME_PATT;
|
||||||
|
|
||||||
if (not -d "$rc{GL_REPO_BASE}/$repo.git") {
|
my $d = "$rc{GL_REPO_BASE}/$repo.git";
|
||||||
my $ret = access( $repo, $ENV{GL_USER}, '^C', 'any' );
|
my $errmsg = "repo already exists or you are not authorised to create it";
|
||||||
_die $ret if $ret =~ /DENIED/;
|
# use the same message in both places to prevent leaking repo existence info
|
||||||
|
_die $errmsg if -d $d;
|
||||||
|
my $ret = access( $repo, $ENV{GL_USER}, '^C', 'any' );
|
||||||
|
_die $errmsg if $ret =~ /DENIED/;
|
||||||
|
|
||||||
require Gitolite::Conf::Store;
|
require Gitolite::Conf::Store;
|
||||||
Gitolite::Conf::Store->import;
|
Gitolite::Conf::Store->import;
|
||||||
new_wild_repo( $repo, $ENV{GL_USER}, 'perms-c' );
|
new_wild_repo( $repo, $ENV{GL_USER}, 'perms-c' );
|
||||||
gl_log( 'create', $repo, $ENV{GL_USER}, 'perms-c' );
|
gl_log( 'create', $repo, $ENV{GL_USER}, 'perms-c' );
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
my $repo = shift;
|
my $repo = shift;
|
||||||
|
|
24
src/lib/Gitolite/Triggers/AutoCreate.pm
Normal file
24
src/lib/Gitolite/Triggers/AutoCreate.pm
Normal file
|
@ -0,0 +1,24 @@
|
||||||
|
package Gitolite::Triggers::AutoCreate;
|
||||||
|
|
||||||
|
use strict;
|
||||||
|
use warnings;
|
||||||
|
|
||||||
|
# perl trigger set for stuff to do with auto-creating repos
|
||||||
|
# ----------------------------------------------------------------------
|
||||||
|
|
||||||
|
# to deny auto-create on read access, add 'AutoCreate::deny_R' to the
|
||||||
|
# PRE_CREATE trigger list
|
||||||
|
sub deny_R {
|
||||||
|
die "autocreate denied\n" if $_[3] and $_[3] eq 'R';
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
# to deny auto-create on read *and* write access, add 'AutoCreate::deny_RW' to
|
||||||
|
# the PRE_CREATE trigger list. This means you can only create repos using the
|
||||||
|
# 'create' command, (which needs to be enabled in the COMMANDS list).
|
||||||
|
sub deny_RW {
|
||||||
|
die "autocreate denied\n" if $_[3] and ( $_[3] eq 'R' or $_[3] eq 'W' );
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
1;
|
|
@ -100,7 +100,7 @@ try "
|
||||||
# auto-create using perms fail
|
# auto-create using perms fail
|
||||||
echo READERS u5 | glt perms u4 -c foo/u4/baz
|
echo READERS u5 | glt perms u4 -c foo/u4/baz
|
||||||
!/Initialized empty Git repository in .*/foo/u4/baz.git/
|
!/Initialized empty Git repository in .*/foo/u4/baz.git/
|
||||||
/FATAL: .C any foo/u4/baz u4 DENIED by fallthru/
|
/FATAL: repo already exists or you are not authorised to create it/
|
||||||
|
|
||||||
# auto-create using perms
|
# auto-create using perms
|
||||||
echo READERS u2 | glt perms u1 -c foo/u1/baz
|
echo READERS u2 | glt perms u1 -c foo/u1/baz
|
||||||
|
|
Loading…
Reference in a new issue