gl-reflog adc: tighten permissions checks
- dont do anything if he doesn't even have read access - move the GL_USER check to the right place! (to when you actually will be doing something) That spurious check for GL_USER that we (re)moved would not only have shown an incomplete set of log lines, it would have made the wrong log line look like the "last" one. (No real harm would result, of course, since the update-ref would blow up due to the actual SHA being something other than what it was expecting, but it would be confusing to the user)
This commit is contained in:
parent
8a980a60bb
commit
c40622b302
|
@ -9,13 +9,9 @@ use warnings;
|
||||||
|
|
||||||
# --------------------
|
# --------------------
|
||||||
|
|
||||||
# - PROOF OF CONCEPT ONLY
|
|
||||||
# - NO ARGUMENT OR ERROR CHECKING DONE; DO NOT USE IN PRODUCTION UNTIL THAT IS FIXED
|
|
||||||
|
|
||||||
# --------------------
|
|
||||||
|
|
||||||
# WARNING
|
# WARNING
|
||||||
# - heavily dependent on the gitolite log file format (duh!)
|
# - heavily dependent on the gitolite log file format (duh!)
|
||||||
|
# - cannot recover if some other commits were made after the force push
|
||||||
|
|
||||||
# USAGE
|
# USAGE
|
||||||
# ssh git@server gl-reflog show r1 refs/heads/b1
|
# ssh git@server gl-reflog show r1 refs/heads/b1
|
||||||
|
@ -37,6 +33,10 @@ use warnings;
|
||||||
my($cmd, $repo, $ref, $limit) = @ARGV;
|
my($cmd, $repo, $ref, $limit) = @ARGV;
|
||||||
$limit ||= 10;
|
$limit ||= 10;
|
||||||
|
|
||||||
|
require "$ENV{GL_BINDIR}/gitolite.pm" or die "parse gitolite.pm failed\n";
|
||||||
|
my ($perm, $creator, $wild) = &repo_rights($repo);
|
||||||
|
die "you don't have read access to $repo\n" unless $perm =~ /R/;
|
||||||
|
|
||||||
my @logfiles = sort glob("$ENV{GL_ADMINDIR}/logs/*");
|
my @logfiles = sort glob("$ENV{GL_ADMINDIR}/logs/*");
|
||||||
|
|
||||||
# TODO figure out how to avoid reading *all* the log files when you really
|
# TODO figure out how to avoid reading *all* the log files when you really
|
||||||
|
@ -51,7 +51,6 @@ our @loglines;
|
||||||
@f = split /\t/;
|
@f = split /\t/;
|
||||||
# field 2 is the userid, 5 is W or +, 6/7 are old/new SHAs
|
# field 2 is the userid, 5 is W or +, 6/7 are old/new SHAs
|
||||||
# 8 is reponame, 9 is refname (but all those are 1-based)
|
# 8 is reponame, 9 is refname (but all those are 1-based)
|
||||||
next unless $f[1] eq $ENV{GL_USER};
|
|
||||||
next unless $f[3] =~ /^(git-receive-pack|gl-reflog recover) /;
|
next unless $f[3] =~ /^(git-receive-pack|gl-reflog recover) /;
|
||||||
next unless $f[8];
|
next unless $f[8];
|
||||||
next unless $f[7] eq $repo;
|
next unless $f[7] eq $repo;
|
||||||
|
@ -70,8 +69,8 @@ if ( $cmd eq 'show' ) {
|
||||||
|
|
||||||
if ( $cmd eq 'recover' ) {
|
if ( $cmd eq 'recover' ) {
|
||||||
my @f = split /\t/, $loglines[$#loglines];
|
my @f = split /\t/, $loglines[$#loglines];
|
||||||
die "sorry, the last commit was not a rewind or delete\n"
|
die "the last push was not yours\n" unless $f[1] eq $ENV{GL_USER};
|
||||||
unless $f[4] eq '+';
|
die "the last push was not a rewind or delete\n" unless $f[4] eq '+';
|
||||||
|
|
||||||
my($oldsha, $newsha) = @f[5,6];
|
my($oldsha, $newsha) = @f[5,6];
|
||||||
if ($newsha =~ /^0+$/) {
|
if ($newsha =~ /^0+$/) {
|
||||||
|
@ -80,7 +79,6 @@ if ( $cmd eq 'recover' ) {
|
||||||
print "recovering $repo $ref at $oldsha (was forced to $newsha)\n";
|
print "recovering $repo $ref at $oldsha (was forced to $newsha)\n";
|
||||||
}
|
}
|
||||||
chdir("$ENV{GL_REPO_BASE_ABS}/$repo.git");
|
chdir("$ENV{GL_REPO_BASE_ABS}/$repo.git");
|
||||||
require "$ENV{GL_BINDIR}/gitolite.pm" or die "parse gitolite.pm failed\n";
|
|
||||||
|
|
||||||
my $newsha2 = $newsha;
|
my $newsha2 = $newsha;
|
||||||
$newsha2 = '' if $newsha =~ /^0+$/;
|
$newsha2 = '' if $newsha =~ /^0+$/;
|
||||||
|
|
Loading…
Reference in a new issue