deac/gitolite
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

spelling cluestick...

Browse source 
Ouch!  How mortifying :)  I'd always thought this was one of the Brit/US
differences, but to find out that it really *isn't* a word... hmph!

Anyway, in the interest of not breaking existing wild repos, the
ownership file is still called "gl-creater".  Everything else has been
changed.

(...thanks to Sverre)
This commit is contained in:
Sitaram Chamarty 2010-04-25 22:39:27 +05:30
parent ff2be4c1ed
commit c4cbfabd4c
8 changed files with 57 additions and 57 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
doc/3-faq-tips-etc.mkd
View file

@ -417,9 +417,9 @@ Easy! Just use ssh to give the "info" command to the gitolite server:
@R W gitolite
#R W gitolite-admin
#R W indic_web_input
@C #R private/CREATER/[\w.-]+
@C #R private/CREATOR/[\w.-]+
#R W proxy
@C @R W public/CREATER/[\w.-]+
@C @R W public/CREATOR/[\w.-]+
@R @W testing
#R W vkc

32
doc/4-wildcard-repositories.mkd
View file

@ -20,8 +20,8 @@ workarounds I may not have the time to code it right away.
In this document:
* wildcard repos
* wildcard repos with creater name in them
* wildcard repos without creater name in them
* wildcard repos with creator name in them
* wildcard repos without creator name in them
* side-note: line-anchored regexes
* contrast with refexes
* handing out rights to wildcard-matched repos
@ -40,7 +40,7 @@ Which of these alternatives you choose depends on your needs, and the social
aspects of your environment. The first one is a little more rigid, making it
harder to make mistakes, and the second is more flexible and trusting.
#### Wildcard repos with creater name in them
#### Wildcard repos with creator name in them
Here's an example snippet:
@ -48,9 +48,9 @@ Here's an example snippet:
@TAs = u2 u3
@students = u4 u5 u6
repo assignments/CREATER/a[0-9][0-9]
repo assignments/CREATOR/a[0-9][0-9]
C = @students
RW+ = CREATER
RW+ = CREATOR
RW = WRITERS @TAs
R = READERS @prof
@ -64,14 +64,14 @@ new repo, as user "u4" (a student):
Notice the *two* empty repo inits, and the order in which they occur ;-)
#### Wildcard repos without creater name in them
#### Wildcard repos without creator name in them
Here's how the same example would look if you did not want the CREATER's name
Here's how the same example would look if you did not want the CREATOR's name
to be part of the actual repo name.
repo assignments/a[0-9][0-9]
C = @students
RW+ = CREATER
RW+ = CREATOR
RW = WRITERS @TAs
R = READERS @prof
@ -122,7 +122,7 @@ part of this list*** is controlled by the person who created the repository.
The use case is that, although our toy example has only 3 students, in reality
there will be a few dozen, but each assignment will be worked on only by a
handful from among those. This allows the creater to take ad hoc sets of
handful from among those. This allows the creator to take ad hoc sets of
users from among the actual users in the system, and place them into one of
two categories (whose permissions are, in this example, R and RW
respectively). In theory you could do the same thing by creating lots of
@ -214,20 +214,20 @@ This section tells you what is happening inside gitolite so you can understand
this feature better. Let's use the config example at the beginning of this
document:
repo assignments/CREATER/a[0-9][0-9]
repo assignments/CREATOR/a[0-9][0-9]
C = @students
RW+ = CREATER
RW+ = CREATOR
RW = WRITERS @TAs
R = READERS @prof
First we find the set of rules to apply. This involves replacing the special
words CREATER, WRITERS, and READERS with appropriate usernames to derive an
words CREATOR, WRITERS, and READERS with appropriate usernames to derive an
"effective" ruleset for the repo in question.
For a **new** repo, replace the word CREATER in all repo patterns and rules
For a **new** repo, replace the word CREATOR in all repo patterns and rules
with the name of the invoking user.
> (Note: this is why you should never use `C = CREATER`; it becomes `C =
> (Note: this is why you should never use `C = CREATOR`; it becomes `C =
> invoking_user`! Unless you really want to allow *all* users to create
> repos, you should restrict "C" perms to an actual user or set of users,
> like in the examples in this document).
@ -251,8 +251,8 @@ At this point we have an effective ruleset, and the normal access rules (R,
RW, etc) apply, with the addition that the invoking user needs "C" access to
be able to create a repo.
> (Note: "C" rights do not automatically give the CREATER any other rights;
> they must be specifically given. `RW+ = CREATER` is recommended in most
> (Note: "C" rights do not automatically give the CREATOR any other rights;
> they must be specifically given. `RW+ = CREATOR` is recommended in most
> situations, as you can see in our example).
Assuming user "u4" trying to push-create a new repo called

2
doc/admin-defined-commands.mkd
View file

@ -50,7 +50,7 @@ you continue here though, because this feature builds on top of that.
[wild]: http://github.com/sitaramc/gitolite/blob/pu/doc/4-wildcard-repositories.mkd
The wildcard repo feature is a way to create repositories matching a pattern
(even if it as simple as `personal/CREATER/.+`), and a way to specify two
(even if it as simple as `personal/CREATOR/.+`), and a way to specify two
categories of permissions for each such user-created repo.
What we want now is more than that, as you'll see in the examples below. And

2
doc/report-output.mkd
View file

@ -41,6 +41,6 @@ For each repo found, it searches for it in the config -- either the actual
repo entry (when the repo is not a wildcard repo), or an entry for the
wildcard that matches it -- and reports permissions. It also takes into
account extra permissions enabled by the `setperms` command (see
doc/4-wildcard-repositories.mkd). It shows you the "creater" of the repo as
doc/4-wildcard-repositories.mkd). It shows you the "creator" of the repo as
an additional column, defaulting to `<gitolite>` if it was not a wildcard
repo.

4
hooks/common/update
View file

@ -35,12 +35,12 @@ exit 0 if exists $ENV{GL_BYPASS_UPDATE_HOOK};
# we should already have the GL_RC env var set when we enter this hook
die "parse $ENV{GL_RC} failed: " . ($! or $@) unless do $ENV{GL_RC};
# then "do" the compiled config file, whose name we now know. Before doing
# that we setup the creater etc from environment variables so that the parse
# that we setup the creator etc from environment variables so that the parse
# interpolates them. We've minimised the duplication but this *does*
# duplicate a bit of parse_acl from gitolite.pm; we don't want to include that
# file here just for that little bit
{
our $creater = $ENV{GL_CREATER};
our $creator = $ENV{GL_CREATOR};
our $readers = $ENV{GL_READERS};
our $writers = $ENV{GL_WRITERS};
our $gl_user = $ENV{GL_USER};

58
src/gitolite.pm
View file

@ -27,7 +27,7 @@ our $W_COMMANDS=qr/^git[ -]receive-pack$/;
# note that REPONAME_PATT allows "/", while USERNAME_PATT does not
# also, the reason REPONAME_PATT is a superset of USERNAME_PATT is (duh!)
# because in this version, a repo can have "CREATER" in the name (see docs)
# because in this version, a repo can have "CREATOR" in the name (see docs)
our $REPONAME_PATT=qr(^\@?[0-9a-zA-Z][0-9a-zA-Z._\@/+-]*$); # very simple pattern
our $USERNAME_PATT=qr(^\@?[0-9a-zA-Z][0-9a-zA-Z._\@+-]*$); # very simple pattern
# same as REPONAME, plus some common regex metas
@ -132,19 +132,19 @@ sub where_is_rc
# NOTE: this sub will change your cwd; caller beware!
sub new_repo
{
my ($repo, $hooks_dir, $creater) = @_;
my ($repo, $hooks_dir, $creator) = @_;
umask($REPO_UMASK);
die "wildrepos disabled, can't set creater $creater on new repo $repo\n"
if $creater and not $GL_WILDREPOS;
die "wildrepos disabled, can't set creator $creator on new repo $repo\n"
if $creator and not $GL_WILDREPOS;
system("mkdir", "-p", "$repo.git") and die "$ABRT mkdir $repo.git failed: $!\n";
# erm, note that's "and die" not "or die" as is normal in perl
wrap_chdir("$repo.git");
system("git --bare init >&2");
if ($creater) {
system("echo $creater > gl-creater");
system("git", "config", "gitweb.owner", $creater);
if ($creator) {
system("echo $creator > gl-creater");
system("git", "config", "gitweb.owner", $creator);
}
# propagate our own, plus any local admin-defined, hooks
ln_sf($hooks_dir, "*", "hooks");
@ -162,7 +162,7 @@ sub new_repo
sub wild_repo_rights
{
my ($repo_base_abs, $repo, $user) = @_;
# creater
# creator
my $c = '';
if ( -f "$repo_base_abs/$repo.git/gl-creater") {
my $fh = wrap_open("<", "$repo_base_abs/$repo.git/gl-creater");
@ -189,8 +189,8 @@ sub wild_repo_rights
sub get_set_perms
{
my($repo_base_abs, $repo, $verb, $user) = @_;
my ($creater, $dummy, $dummy2) = &wild_repo_rights($repo_base_abs, $repo, "");
die "$repo doesnt exist or is not yours\n" unless $user eq $creater;
my ($creator, $dummy, $dummy2) = &wild_repo_rights($repo_base_abs, $repo, "");
die "$repo doesnt exist or is not yours\n" unless $user eq $creator;
wrap_chdir("$repo_base_abs");
wrap_chdir("$repo.git");
if ($verb eq 'getperms') {
@ -209,8 +209,8 @@ sub get_set_perms
sub get_set_desc
{
my($repo_base_abs, $repo, $verb, $user) = @_;
my ($creater, $dummy, $dummy2) = &wild_repo_rights($repo_base_abs, $repo, "");
die "$repo doesnt exist or is not yours\n" unless $user eq $creater;
my ($creator, $dummy, $dummy2) = &wild_repo_rights($repo_base_abs, $repo, "");
die "$repo doesnt exist or is not yours\n" unless $user eq $creator;
wrap_chdir("$repo_base_abs");
wrap_chdir("$repo.git");
if ($verb eq 'getdesc') {
@ -242,7 +242,7 @@ sub parse_acl
# And in any case, we set those env vars so level 2 can redo the last
# parse without any special code
our $creater = $ENV{GL_CREATER} = $c || $ENV{GL_CREATER} || "NOBODY";
our $creator = $ENV{GL_CREATOR} = $c || $ENV{GL_CREATOR} || "NOBODY";
our $readers = $ENV{GL_READERS} = $r || $ENV{GL_READERS} || "NOBODY";
our $writers = $ENV{GL_WRITERS} = $w || $ENV{GL_WRITERS} || "NOBODY";
our $gl_user = $ENV{GL_USER};
@ -289,7 +289,7 @@ sub report_basic
{
my($GL_ADMINDIR, $GL_CONF_COMPILED, $user) = @_;
&parse_acl($GL_CONF_COMPILED, "", "CREATER", "READERS", "WRITERS");
&parse_acl($GL_CONF_COMPILED, "", "CREATOR", "READERS", "WRITERS");
# send back some useful info if no command was given
&report_version($GL_ADMINDIR, $user);
@ -317,7 +317,7 @@ sub expand_wild
&report_version($GL_ADMINDIR, $user);
print "\ryou have access to the following repos on the server:\r\n";
# this is for convenience; he can copy-paste the output of the basic
# access report instead of having to manually change CREATER to his name
# access report instead of having to manually change CREATOR to his name
$repo =~ s/\bCREAT[EO]R\b/$user/g;
# display matching repos (from *all* the repos in the system) that $user
@ -331,9 +331,9 @@ sub expand_wild
# actual_repo has to match the pattern being expanded
next unless $actual_repo =~ /$repo/;
my($perm, $creater) = &repo_rights($actual_repo);
my($perm, $creator) = &repo_rights($actual_repo);
next unless $perm =~ /\S/;
print "$perm\t$creater\t$actual_repo\n";
print "$perm\t$creator\t$actual_repo\n";
}
}
@ -365,44 +365,44 @@ sub expand_wild
%normal_repos = %repos;
}
my $creater;
my $creator;
my $perm = ' ';
# if repo is present "as is" in the config, those permissions will
# override anything inherited from a wildcard that may have matched
if ($normal_repos{$repo}) {
%repos = %normal_repos;
$creater = '<gitolite>';
$creator = '<gitolite>';
} elsif ( -d "$ENV{GL_REPO_BASE_ABS}/$repo.git" ) {
# must be a wildrepo, and it has already been created; find the
# creater and subsitute in repos
# creator and subsitute in repos
my ($read, $write);
($creater, $read, $write) = &wild_repo_rights($ENV{GL_REPO_BASE_ABS}, $repo, $ENV{GL_USER});
($creator, $read, $write) = &wild_repo_rights($ENV{GL_REPO_BASE_ABS}, $repo, $ENV{GL_USER});
# get access list with these substitutions
&parse_acl($GL_CONF_COMPILED, $repo, $creater || "NOBODY", $read || "NOBODY", $write || "NOBODY");
$creater = "($creater)";
&parse_acl($GL_CONF_COMPILED, $repo, $creator || "NOBODY", $read || "NOBODY", $write || "NOBODY");
$creator = "($creator)";
} else {
# repo didn't exist; C perms also need to be filled in after
# getting access list with only creater filled in
# getting access list with only creator filled in
&parse_acl($GL_CONF_COMPILED, $repo, $ENV{GL_USER}, "NOBODY", "NOBODY");
$perm = ( $repos{$repo}{C}{'@all'} ? ' @C' : ( $repos{$repo}{C}{$ENV{GL_USER}} ? ' =C' : ' ' )) if $GL_WILDREPOS;
# if you didn't have perms to create it, delete the "convenience"
# copy of the ACL that parse_acl makes
delete $repos{$repo} unless $perm =~ /C/;
$creater = "<repo_not_found>";
$creator = "<repo_not_found>";
}
$perm .= ( $repos{$repo}{R}{'@all'} ? ' @R' : ( $repos{'@all'}{R}{$ENV{GL_USER}} ? ' #R' : ( $repos{$repo}{R}{$ENV{GL_USER}} ? ' R' : ' ' )));
$perm .= ( $repos{$repo}{W}{'@all'} ? ' @W' : ( $repos{'@all'}{W}{$ENV{GL_USER}} ? ' #W' : ( $repos{$repo}{W}{$ENV{GL_USER}} ? ' W' : ' ' )));
return($perm, $creater);
return($perm, $creator);
}
}
# helper/convenience routine to get rights and ownership from a shell command
sub cli_repo_rights {
my ($perm, $creater) = &repo_rights($_[0]);
my ($perm, $creator) = &repo_rights($_[0]);
$perm =~ s/ /_/g;
$creater =~ s/^\(|\)$//g;
print "$perm $creater\n";
$creator =~ s/^\(|\)$//g;
print "$perm $creator\n";
}
# ----------------------------------------------------------------------------

2
src/gl-auth-command
View file

@ -184,7 +184,7 @@ $ENV{GL_REPO}=$repo;
# first level permissions check
# ----------------------------------------------------------------------------
my ($perm, $creater) = &repo_rights($repo);
my ($perm, $creator) = &repo_rights($repo);
if ($perm =~ /C/) {
# it was missing, and you have create perms
wrap_chdir("$repo_base_abs");

10
src/gl-compile-conf
View file

@ -187,7 +187,7 @@ sub parse_conf_file
@repos = expand_list ( @repos );
do { die "$ABRT bad reponame $_\n" unless ($GL_WILDREPOS ? $_ =~ $REPOPATT_PATT : $_ =~ $REPONAME_PATT) } for @repos;
}
s/\bCREAT[EO]R\b/\$creater/g for @repos;
s/\bCREAT[EO]R\b/\$creator/g for @repos;
}
# actual permission line
elsif (/^(-|C|R|RW\+?D?) (.* )?= (.+)/)
@ -212,7 +212,7 @@ sub parse_conf_file
unless (@users == 1 and $users[0] eq '@all');
do { die "$ABRT bad username $_\n" unless $_ =~ $USERNAME_PATT } for @users;
s/\bCREAT[EO]R\b/~\$creater/g for @users;
s/\bCREAT[EO]R\b/~\$creator/g for @users;
s/\bREADERS\b/\$readers/g for @users;
s/\bWRITERS\b/\$writers/g for @users;
@ -358,10 +358,10 @@ for my $fragment_file (glob("conf/fragments/*.conf"))
my $compiled_fh = wrap_open( ">", $GL_CONF_COMPILED );
my $dumped_data = Data::Dumper->Dump([\%repos], [qw(*repos)]);
# the dump uses single quotes, but we convert any strings containing $creater,
# the dump uses single quotes, but we convert any strings containing $creator,
# $readers, $writers, to double quoted strings. A wee bit sneaky, but not too
# much...
$dumped_data =~ s/'(?=[^']*\$(?:creater|readers|writers|gl_user))~?(.*?)'/"$1"/g;
$dumped_data =~ s/'(?=[^']*\$(?:creator|readers|writers|gl_user))~?(.*?)'/"$1"/g;
print $compiled_fh $dumped_data;
close $compiled_fh or die "$ABRT close compiled-conf failed: $!\n";
@ -555,7 +555,7 @@ for my $pubkey (`find . -type f`)
# lint check 3; a little more severe than the first two I guess...
for my $user (sort keys %user_list)
{
next if $user =~ /^(gitweb|daemon|\@all|~\$creater|\$readers|\$writers)$/ or $user_list{$user} eq 'has pubkey';
next if $user =~ /^(gitweb|daemon|\@all|~\$creator|\$readers|\$writers)$/ or $user_list{$user} eq 'has pubkey';
print STDERR "$WARN user $user in config, but has no pubkey!\n";
}