asking for other users' perms had a bug in BIG_CONFIG mode

fixes:
  - allow "grouped" admins to get basic info for other users by checking
    more than just the *user*'s right to the admin repo
  - report_basic is called with a $user argument, but it's not easy
    (right now) to propagate this to parse_acl.  Use a simple kludge,
    (for now at least).

thanks to bcooksley for catching this
This commit is contained in:
Sitaram Chamarty 2010-06-19 12:09:04 +05:30
parent bc5fc5793d
commit 98a42be614

View file

@ -327,6 +327,12 @@ sub report_basic
{ {
my($GL_ADMINDIR, $GL_CONF_COMPILED, $user) = @_; my($GL_ADMINDIR, $GL_CONF_COMPILED, $user) = @_;
# XXX The correct way is actually to give parse_acl another argument
# (defaulting to $ENV{GL_USER}, the value being used now). But for now
# this will do, even though it's a bit of a kludge to get the basic access
# rights for some other user this way
local $ENV{GL_USER} = $user;
&parse_acl($GL_CONF_COMPILED, "", "CREATOR", "READERS", "WRITERS"); &parse_acl($GL_CONF_COMPILED, "", "CREATOR", "READERS", "WRITERS");
# send back some useful info if no command was given # send back some useful info if no command was given
@ -469,8 +475,11 @@ sub special_cmd
print "you also have shell access\r\n" if $shell_allowed; print "you also have shell access\r\n" if $shell_allowed;
} elsif ($cmd =~ /^info\s+(.+)$/) { } elsif ($cmd =~ /^info\s+(.+)$/) {
my @otherusers = split ' ', $1; my @otherusers = split ' ', $1;
my($perm, $creator, $wild) = &repo_rights('gitolite-admin');
die "you can't ask for others' permissions\n" unless $perm =~ /W/;
&parse_acl($GL_CONF_COMPILED); &parse_acl($GL_CONF_COMPILED);
die "you can't ask for others' permissions\n" unless $repos{'gitolite-admin'}{'R'}{$user};
for my $otheruser (@otherusers) { for my $otheruser (@otherusers) {
warn("ignoring illegal username $otheruser\n"), next unless $otheruser =~ $USERNAME_PATT; warn("ignoring illegal username $otheruser\n"), next unless $otheruser =~ $USERNAME_PATT;
&report_basic($GL_ADMINDIR, $GL_CONF_COMPILED, $otheruser); &report_basic($GL_ADMINDIR, $GL_CONF_COMPILED, $otheruser);