new features relating to creating wild repos:

- new 'create' command for explicit creation - new 'AutoCreate' trigger to prevent auto-creation on read operations or both read and write operations - a few related fixups to the perms command
2012-11-22 19:53:15 +05:30 · 2012-11-22 19:53:15 +05:30 · 96cc2eaf41
parent 96be9503ef
commit 96cc2eaf41
4 changed files with 51 additions and 10 deletions
--- a/src/commands/create
+++ b/src/commands/create
@ -0,0 +1,15 @@
+#!/bin/bash
+
+# Usage:    ssh git@host create <repo>
+#
+# Create wild repo.
+
+die() { echo "$@" >&2; exit 1; }
+usage() { perl -lne 'print substr($_, 2) if /^# Usage/../^$/' < $0; exit 1; }
+[ -z "$1" ] && usage
+[ -z "$2" ] || usage
+[ "$1" = "-h" ] && usage
+[ -z "$GL_USER" ] && die GL_USER not set
+
+# ----------------------------------------------------------------------
+exec $GL_BINDIR/commands/perms -c "$@" < /dev/null
--- a/src/commands/perms
+++ b/src/commands/perms
@ -46,18 +46,20 @@ if ( $ARGV[0] eq '-l' ) {
 # auto-create the repo if -c passed and repo doesn't exist
 if ( $ARGV[0] eq '-c' ) {
    shift;
-    my $repo = $ARGV[0];
+    my $repo = $ARGV[0] or usage();
    _die "invalid repo '$repo'" unless $repo =~ $REPONAME_PATT;

-    if (not -d "$rc{GL_REPO_BASE}/$repo.git") {
-        my $ret = access( $repo, $ENV{GL_USER}, '^C', 'any' );
-        _die $ret if $ret =~ /DENIED/;
+    my $d = "$rc{GL_REPO_BASE}/$repo.git";
+    my $errmsg = "repo already exists or you are not authorised to create it";
+    # use the same message in both places to prevent leaking repo existence info
+    _die $errmsg if -d $d;
+    my $ret = access( $repo, $ENV{GL_USER}, '^C', 'any' );
+    _die $errmsg if $ret =~ /DENIED/;

-        require Gitolite::Conf::Store;
-        Gitolite::Conf::Store->import;
-        new_wild_repo( $repo, $ENV{GL_USER}, 'perms-c' );
-        gl_log( 'create', $repo, $ENV{GL_USER}, 'perms-c' );
-    }
+    require Gitolite::Conf::Store;
+    Gitolite::Conf::Store->import;
+    new_wild_repo( $repo, $ENV{GL_USER}, 'perms-c' );
+    gl_log( 'create', $repo, $ENV{GL_USER}, 'perms-c' );
 }

 my $repo = shift;
--- a/src/lib/Gitolite/Triggers/AutoCreate.pm
+++ b/src/lib/Gitolite/Triggers/AutoCreate.pm
@ -0,0 +1,24 @@
+package Gitolite::Triggers::AutoCreate;
+
+use strict;
+use warnings;
+
+# perl trigger set for stuff to do with auto-creating repos
+# ----------------------------------------------------------------------
+
+# to deny auto-create on read access, add 'AutoCreate::deny_R' to the
+# PRE_CREATE trigger list
+sub deny_R {
+    die "autocreate denied\n" if $_[3] and $_[3] eq 'R';
+    return;
+}
+
+# to deny auto-create on read *and* write access, add 'AutoCreate::deny_RW' to
+# the PRE_CREATE trigger list.  This means you can only create repos using the
+# 'create' command, (which needs to be enabled in the COMMANDS list).
+sub deny_RW {
+    die "autocreate denied\n" if $_[3] and ( $_[3] eq 'R' or $_[3] eq 'W' );
+    return;
+}
+
+1;
--- a/t/sequence.t
+++ b/t/sequence.t
@ -100,7 +100,7 @@ try "
    # auto-create using perms fail
    echo READERS u5 | glt perms u4 -c foo/u4/baz
        !/Initialized empty Git repository in .*/foo/u4/baz.git/
-        /FATAL: .C any foo/u4/baz u4 DENIED by fallthru/
+        /FATAL: repo already exists or you are not authorised to create it/

    # auto-create using perms
    echo READERS u2 | glt perms u1 -c foo/u1/baz