new features relating to creating wild repos:

- new 'create' command for explicit creation
  - new 'AutoCreate' trigger to prevent auto-creation on read operations
    or both read and write operations
  - a few related fixups to the perms command
This commit is contained in:
Sitaram Chamarty 2012-11-22 19:53:15 +05:30
parent 96be9503ef
commit 96cc2eaf41
4 changed files with 51 additions and 10 deletions

15
src/commands/create Executable file
View file

@ -0,0 +1,15 @@
#!/bin/bash
# Usage: ssh git@host create <repo>
#
# Create wild repo.
die() { echo "$@" >&2; exit 1; }
usage() { perl -lne 'print substr($_, 2) if /^# Usage/../^$/' < $0; exit 1; }
[ -z "$1" ] && usage
[ -z "$2" ] || usage
[ "$1" = "-h" ] && usage
[ -z "$GL_USER" ] && die GL_USER not set
# ----------------------------------------------------------------------
exec $GL_BINDIR/commands/perms -c "$@" < /dev/null

View file

@ -46,18 +46,20 @@ if ( $ARGV[0] eq '-l' ) {
# auto-create the repo if -c passed and repo doesn't exist
if ( $ARGV[0] eq '-c' ) {
shift;
my $repo = $ARGV[0];
my $repo = $ARGV[0] or usage();
_die "invalid repo '$repo'" unless $repo =~ $REPONAME_PATT;
if (not -d "$rc{GL_REPO_BASE}/$repo.git") {
my $ret = access( $repo, $ENV{GL_USER}, '^C', 'any' );
_die $ret if $ret =~ /DENIED/;
my $d = "$rc{GL_REPO_BASE}/$repo.git";
my $errmsg = "repo already exists or you are not authorised to create it";
# use the same message in both places to prevent leaking repo existence info
_die $errmsg if -d $d;
my $ret = access( $repo, $ENV{GL_USER}, '^C', 'any' );
_die $errmsg if $ret =~ /DENIED/;
require Gitolite::Conf::Store;
Gitolite::Conf::Store->import;
new_wild_repo( $repo, $ENV{GL_USER}, 'perms-c' );
gl_log( 'create', $repo, $ENV{GL_USER}, 'perms-c' );
}
require Gitolite::Conf::Store;
Gitolite::Conf::Store->import;
new_wild_repo( $repo, $ENV{GL_USER}, 'perms-c' );
gl_log( 'create', $repo, $ENV{GL_USER}, 'perms-c' );
}
my $repo = shift;

View file

@ -0,0 +1,24 @@
package Gitolite::Triggers::AutoCreate;
use strict;
use warnings;
# perl trigger set for stuff to do with auto-creating repos
# ----------------------------------------------------------------------
# to deny auto-create on read access, add 'AutoCreate::deny_R' to the
# PRE_CREATE trigger list
sub deny_R {
die "autocreate denied\n" if $_[3] and $_[3] eq 'R';
return;
}
# to deny auto-create on read *and* write access, add 'AutoCreate::deny_RW' to
# the PRE_CREATE trigger list. This means you can only create repos using the
# 'create' command, (which needs to be enabled in the COMMANDS list).
sub deny_RW {
die "autocreate denied\n" if $_[3] and ( $_[3] eq 'R' or $_[3] eq 'W' );
return;
}
1;

View file

@ -100,7 +100,7 @@ try "
# auto-create using perms fail
echo READERS u5 | glt perms u4 -c foo/u4/baz
!/Initialized empty Git repository in .*/foo/u4/baz.git/
/FATAL: .C any foo/u4/baz u4 DENIED by fallthru/
/FATAL: repo already exists or you are not authorised to create it/
# auto-create using perms
echo READERS u2 | glt perms u1 -c foo/u1/baz