spelling cluestick...

Ouch!  How mortifying :)  I'd always thought this was one of the Brit/US
differences, but to find out that it really *isn't* a word... hmph!

Anyway, in the interest of not breaking existing wild repos, the
ownership file is still called "gl-creater".  Everything else has been
changed.

(...thanks to Sverre)
This commit is contained in:
Sitaram Chamarty 2010-04-25 22:39:27 +05:30
parent ff2be4c1ed
commit c4cbfabd4c
8 changed files with 57 additions and 57 deletions

View file

@ -417,9 +417,9 @@ Easy! Just use ssh to give the "info" command to the gitolite server:
@R W gitolite @R W gitolite
#R W gitolite-admin #R W gitolite-admin
#R W indic_web_input #R W indic_web_input
@C #R private/CREATER/[\w.-]+ @C #R private/CREATOR/[\w.-]+
#R W proxy #R W proxy
@C @R W public/CREATER/[\w.-]+ @C @R W public/CREATOR/[\w.-]+
@R @W testing @R @W testing
#R W vkc #R W vkc

View file

@ -20,8 +20,8 @@ workarounds I may not have the time to code it right away.
In this document: In this document:
* wildcard repos * wildcard repos
* wildcard repos with creater name in them * wildcard repos with creator name in them
* wildcard repos without creater name in them * wildcard repos without creator name in them
* side-note: line-anchored regexes * side-note: line-anchored regexes
* contrast with refexes * contrast with refexes
* handing out rights to wildcard-matched repos * handing out rights to wildcard-matched repos
@ -40,7 +40,7 @@ Which of these alternatives you choose depends on your needs, and the social
aspects of your environment. The first one is a little more rigid, making it aspects of your environment. The first one is a little more rigid, making it
harder to make mistakes, and the second is more flexible and trusting. harder to make mistakes, and the second is more flexible and trusting.
#### Wildcard repos with creater name in them #### Wildcard repos with creator name in them
Here's an example snippet: Here's an example snippet:
@ -48,9 +48,9 @@ Here's an example snippet:
@TAs = u2 u3 @TAs = u2 u3
@students = u4 u5 u6 @students = u4 u5 u6
repo assignments/CREATER/a[0-9][0-9] repo assignments/CREATOR/a[0-9][0-9]
C = @students C = @students
RW+ = CREATER RW+ = CREATOR
RW = WRITERS @TAs RW = WRITERS @TAs
R = READERS @prof R = READERS @prof
@ -64,14 +64,14 @@ new repo, as user "u4" (a student):
Notice the *two* empty repo inits, and the order in which they occur ;-) Notice the *two* empty repo inits, and the order in which they occur ;-)
#### Wildcard repos without creater name in them #### Wildcard repos without creator name in them
Here's how the same example would look if you did not want the CREATER's name Here's how the same example would look if you did not want the CREATOR's name
to be part of the actual repo name. to be part of the actual repo name.
repo assignments/a[0-9][0-9] repo assignments/a[0-9][0-9]
C = @students C = @students
RW+ = CREATER RW+ = CREATOR
RW = WRITERS @TAs RW = WRITERS @TAs
R = READERS @prof R = READERS @prof
@ -122,7 +122,7 @@ part of this list*** is controlled by the person who created the repository.
The use case is that, although our toy example has only 3 students, in reality The use case is that, although our toy example has only 3 students, in reality
there will be a few dozen, but each assignment will be worked on only by a there will be a few dozen, but each assignment will be worked on only by a
handful from among those. This allows the creater to take ad hoc sets of handful from among those. This allows the creator to take ad hoc sets of
users from among the actual users in the system, and place them into one of users from among the actual users in the system, and place them into one of
two categories (whose permissions are, in this example, R and RW two categories (whose permissions are, in this example, R and RW
respectively). In theory you could do the same thing by creating lots of respectively). In theory you could do the same thing by creating lots of
@ -214,20 +214,20 @@ This section tells you what is happening inside gitolite so you can understand
this feature better. Let's use the config example at the beginning of this this feature better. Let's use the config example at the beginning of this
document: document:
repo assignments/CREATER/a[0-9][0-9] repo assignments/CREATOR/a[0-9][0-9]
C = @students C = @students
RW+ = CREATER RW+ = CREATOR
RW = WRITERS @TAs RW = WRITERS @TAs
R = READERS @prof R = READERS @prof
First we find the set of rules to apply. This involves replacing the special First we find the set of rules to apply. This involves replacing the special
words CREATER, WRITERS, and READERS with appropriate usernames to derive an words CREATOR, WRITERS, and READERS with appropriate usernames to derive an
"effective" ruleset for the repo in question. "effective" ruleset for the repo in question.
For a **new** repo, replace the word CREATER in all repo patterns and rules For a **new** repo, replace the word CREATOR in all repo patterns and rules
with the name of the invoking user. with the name of the invoking user.
> (Note: this is why you should never use `C = CREATER`; it becomes `C = > (Note: this is why you should never use `C = CREATOR`; it becomes `C =
> invoking_user`! Unless you really want to allow *all* users to create > invoking_user`! Unless you really want to allow *all* users to create
> repos, you should restrict "C" perms to an actual user or set of users, > repos, you should restrict "C" perms to an actual user or set of users,
> like in the examples in this document). > like in the examples in this document).
@ -251,8 +251,8 @@ At this point we have an effective ruleset, and the normal access rules (R,
RW, etc) apply, with the addition that the invoking user needs "C" access to RW, etc) apply, with the addition that the invoking user needs "C" access to
be able to create a repo. be able to create a repo.
> (Note: "C" rights do not automatically give the CREATER any other rights; > (Note: "C" rights do not automatically give the CREATOR any other rights;
> they must be specifically given. `RW+ = CREATER` is recommended in most > they must be specifically given. `RW+ = CREATOR` is recommended in most
> situations, as you can see in our example). > situations, as you can see in our example).
Assuming user "u4" trying to push-create a new repo called Assuming user "u4" trying to push-create a new repo called

View file

@ -50,7 +50,7 @@ you continue here though, because this feature builds on top of that.
[wild]: http://github.com/sitaramc/gitolite/blob/pu/doc/4-wildcard-repositories.mkd [wild]: http://github.com/sitaramc/gitolite/blob/pu/doc/4-wildcard-repositories.mkd
The wildcard repo feature is a way to create repositories matching a pattern The wildcard repo feature is a way to create repositories matching a pattern
(even if it as simple as `personal/CREATER/.+`), and a way to specify two (even if it as simple as `personal/CREATOR/.+`), and a way to specify two
categories of permissions for each such user-created repo. categories of permissions for each such user-created repo.
What we want now is more than that, as you'll see in the examples below. And What we want now is more than that, as you'll see in the examples below. And

View file

@ -41,6 +41,6 @@ For each repo found, it searches for it in the config -- either the actual
repo entry (when the repo is not a wildcard repo), or an entry for the repo entry (when the repo is not a wildcard repo), or an entry for the
wildcard that matches it -- and reports permissions. It also takes into wildcard that matches it -- and reports permissions. It also takes into
account extra permissions enabled by the `setperms` command (see account extra permissions enabled by the `setperms` command (see
doc/4-wildcard-repositories.mkd). It shows you the "creater" of the repo as doc/4-wildcard-repositories.mkd). It shows you the "creator" of the repo as
an additional column, defaulting to `<gitolite>` if it was not a wildcard an additional column, defaulting to `<gitolite>` if it was not a wildcard
repo. repo.

View file

@ -35,12 +35,12 @@ exit 0 if exists $ENV{GL_BYPASS_UPDATE_HOOK};
# we should already have the GL_RC env var set when we enter this hook # we should already have the GL_RC env var set when we enter this hook
die "parse $ENV{GL_RC} failed: " . ($! or $@) unless do $ENV{GL_RC}; die "parse $ENV{GL_RC} failed: " . ($! or $@) unless do $ENV{GL_RC};
# then "do" the compiled config file, whose name we now know. Before doing # then "do" the compiled config file, whose name we now know. Before doing
# that we setup the creater etc from environment variables so that the parse # that we setup the creator etc from environment variables so that the parse
# interpolates them. We've minimised the duplication but this *does* # interpolates them. We've minimised the duplication but this *does*
# duplicate a bit of parse_acl from gitolite.pm; we don't want to include that # duplicate a bit of parse_acl from gitolite.pm; we don't want to include that
# file here just for that little bit # file here just for that little bit
{ {
our $creater = $ENV{GL_CREATER}; our $creator = $ENV{GL_CREATOR};
our $readers = $ENV{GL_READERS}; our $readers = $ENV{GL_READERS};
our $writers = $ENV{GL_WRITERS}; our $writers = $ENV{GL_WRITERS};
our $gl_user = $ENV{GL_USER}; our $gl_user = $ENV{GL_USER};

View file

@ -27,7 +27,7 @@ our $W_COMMANDS=qr/^git[ -]receive-pack$/;
# note that REPONAME_PATT allows "/", while USERNAME_PATT does not # note that REPONAME_PATT allows "/", while USERNAME_PATT does not
# also, the reason REPONAME_PATT is a superset of USERNAME_PATT is (duh!) # also, the reason REPONAME_PATT is a superset of USERNAME_PATT is (duh!)
# because in this version, a repo can have "CREATER" in the name (see docs) # because in this version, a repo can have "CREATOR" in the name (see docs)
our $REPONAME_PATT=qr(^\@?[0-9a-zA-Z][0-9a-zA-Z._\@/+-]*$); # very simple pattern our $REPONAME_PATT=qr(^\@?[0-9a-zA-Z][0-9a-zA-Z._\@/+-]*$); # very simple pattern
our $USERNAME_PATT=qr(^\@?[0-9a-zA-Z][0-9a-zA-Z._\@+-]*$); # very simple pattern our $USERNAME_PATT=qr(^\@?[0-9a-zA-Z][0-9a-zA-Z._\@+-]*$); # very simple pattern
# same as REPONAME, plus some common regex metas # same as REPONAME, plus some common regex metas
@ -132,19 +132,19 @@ sub where_is_rc
# NOTE: this sub will change your cwd; caller beware! # NOTE: this sub will change your cwd; caller beware!
sub new_repo sub new_repo
{ {
my ($repo, $hooks_dir, $creater) = @_; my ($repo, $hooks_dir, $creator) = @_;
umask($REPO_UMASK); umask($REPO_UMASK);
die "wildrepos disabled, can't set creater $creater on new repo $repo\n" die "wildrepos disabled, can't set creator $creator on new repo $repo\n"
if $creater and not $GL_WILDREPOS; if $creator and not $GL_WILDREPOS;
system("mkdir", "-p", "$repo.git") and die "$ABRT mkdir $repo.git failed: $!\n"; system("mkdir", "-p", "$repo.git") and die "$ABRT mkdir $repo.git failed: $!\n";
# erm, note that's "and die" not "or die" as is normal in perl # erm, note that's "and die" not "or die" as is normal in perl
wrap_chdir("$repo.git"); wrap_chdir("$repo.git");
system("git --bare init >&2"); system("git --bare init >&2");
if ($creater) { if ($creator) {
system("echo $creater > gl-creater"); system("echo $creator > gl-creater");
system("git", "config", "gitweb.owner", $creater); system("git", "config", "gitweb.owner", $creator);
} }
# propagate our own, plus any local admin-defined, hooks # propagate our own, plus any local admin-defined, hooks
ln_sf($hooks_dir, "*", "hooks"); ln_sf($hooks_dir, "*", "hooks");
@ -162,7 +162,7 @@ sub new_repo
sub wild_repo_rights sub wild_repo_rights
{ {
my ($repo_base_abs, $repo, $user) = @_; my ($repo_base_abs, $repo, $user) = @_;
# creater # creator
my $c = ''; my $c = '';
if ( -f "$repo_base_abs/$repo.git/gl-creater") { if ( -f "$repo_base_abs/$repo.git/gl-creater") {
my $fh = wrap_open("<", "$repo_base_abs/$repo.git/gl-creater"); my $fh = wrap_open("<", "$repo_base_abs/$repo.git/gl-creater");
@ -189,8 +189,8 @@ sub wild_repo_rights
sub get_set_perms sub get_set_perms
{ {
my($repo_base_abs, $repo, $verb, $user) = @_; my($repo_base_abs, $repo, $verb, $user) = @_;
my ($creater, $dummy, $dummy2) = &wild_repo_rights($repo_base_abs, $repo, ""); my ($creator, $dummy, $dummy2) = &wild_repo_rights($repo_base_abs, $repo, "");
die "$repo doesnt exist or is not yours\n" unless $user eq $creater; die "$repo doesnt exist or is not yours\n" unless $user eq $creator;
wrap_chdir("$repo_base_abs"); wrap_chdir("$repo_base_abs");
wrap_chdir("$repo.git"); wrap_chdir("$repo.git");
if ($verb eq 'getperms') { if ($verb eq 'getperms') {
@ -209,8 +209,8 @@ sub get_set_perms
sub get_set_desc sub get_set_desc
{ {
my($repo_base_abs, $repo, $verb, $user) = @_; my($repo_base_abs, $repo, $verb, $user) = @_;
my ($creater, $dummy, $dummy2) = &wild_repo_rights($repo_base_abs, $repo, ""); my ($creator, $dummy, $dummy2) = &wild_repo_rights($repo_base_abs, $repo, "");
die "$repo doesnt exist or is not yours\n" unless $user eq $creater; die "$repo doesnt exist or is not yours\n" unless $user eq $creator;
wrap_chdir("$repo_base_abs"); wrap_chdir("$repo_base_abs");
wrap_chdir("$repo.git"); wrap_chdir("$repo.git");
if ($verb eq 'getdesc') { if ($verb eq 'getdesc') {
@ -242,7 +242,7 @@ sub parse_acl
# And in any case, we set those env vars so level 2 can redo the last # And in any case, we set those env vars so level 2 can redo the last
# parse without any special code # parse without any special code
our $creater = $ENV{GL_CREATER} = $c || $ENV{GL_CREATER} || "NOBODY"; our $creator = $ENV{GL_CREATOR} = $c || $ENV{GL_CREATOR} || "NOBODY";
our $readers = $ENV{GL_READERS} = $r || $ENV{GL_READERS} || "NOBODY"; our $readers = $ENV{GL_READERS} = $r || $ENV{GL_READERS} || "NOBODY";
our $writers = $ENV{GL_WRITERS} = $w || $ENV{GL_WRITERS} || "NOBODY"; our $writers = $ENV{GL_WRITERS} = $w || $ENV{GL_WRITERS} || "NOBODY";
our $gl_user = $ENV{GL_USER}; our $gl_user = $ENV{GL_USER};
@ -289,7 +289,7 @@ sub report_basic
{ {
my($GL_ADMINDIR, $GL_CONF_COMPILED, $user) = @_; my($GL_ADMINDIR, $GL_CONF_COMPILED, $user) = @_;
&parse_acl($GL_CONF_COMPILED, "", "CREATER", "READERS", "WRITERS"); &parse_acl($GL_CONF_COMPILED, "", "CREATOR", "READERS", "WRITERS");
# send back some useful info if no command was given # send back some useful info if no command was given
&report_version($GL_ADMINDIR, $user); &report_version($GL_ADMINDIR, $user);
@ -317,7 +317,7 @@ sub expand_wild
&report_version($GL_ADMINDIR, $user); &report_version($GL_ADMINDIR, $user);
print "\ryou have access to the following repos on the server:\r\n"; print "\ryou have access to the following repos on the server:\r\n";
# this is for convenience; he can copy-paste the output of the basic # this is for convenience; he can copy-paste the output of the basic
# access report instead of having to manually change CREATER to his name # access report instead of having to manually change CREATOR to his name
$repo =~ s/\bCREAT[EO]R\b/$user/g; $repo =~ s/\bCREAT[EO]R\b/$user/g;
# display matching repos (from *all* the repos in the system) that $user # display matching repos (from *all* the repos in the system) that $user
@ -331,9 +331,9 @@ sub expand_wild
# actual_repo has to match the pattern being expanded # actual_repo has to match the pattern being expanded
next unless $actual_repo =~ /$repo/; next unless $actual_repo =~ /$repo/;
my($perm, $creater) = &repo_rights($actual_repo); my($perm, $creator) = &repo_rights($actual_repo);
next unless $perm =~ /\S/; next unless $perm =~ /\S/;
print "$perm\t$creater\t$actual_repo\n"; print "$perm\t$creator\t$actual_repo\n";
} }
} }
@ -365,44 +365,44 @@ sub expand_wild
%normal_repos = %repos; %normal_repos = %repos;
} }
my $creater; my $creator;
my $perm = ' '; my $perm = ' ';
# if repo is present "as is" in the config, those permissions will # if repo is present "as is" in the config, those permissions will
# override anything inherited from a wildcard that may have matched # override anything inherited from a wildcard that may have matched
if ($normal_repos{$repo}) { if ($normal_repos{$repo}) {
%repos = %normal_repos; %repos = %normal_repos;
$creater = '<gitolite>'; $creator = '<gitolite>';
} elsif ( -d "$ENV{GL_REPO_BASE_ABS}/$repo.git" ) { } elsif ( -d "$ENV{GL_REPO_BASE_ABS}/$repo.git" ) {
# must be a wildrepo, and it has already been created; find the # must be a wildrepo, and it has already been created; find the
# creater and subsitute in repos # creator and subsitute in repos
my ($read, $write); my ($read, $write);
($creater, $read, $write) = &wild_repo_rights($ENV{GL_REPO_BASE_ABS}, $repo, $ENV{GL_USER}); ($creator, $read, $write) = &wild_repo_rights($ENV{GL_REPO_BASE_ABS}, $repo, $ENV{GL_USER});
# get access list with these substitutions # get access list with these substitutions
&parse_acl($GL_CONF_COMPILED, $repo, $creater || "NOBODY", $read || "NOBODY", $write || "NOBODY"); &parse_acl($GL_CONF_COMPILED, $repo, $creator || "NOBODY", $read || "NOBODY", $write || "NOBODY");
$creater = "($creater)"; $creator = "($creator)";
} else { } else {
# repo didn't exist; C perms also need to be filled in after # repo didn't exist; C perms also need to be filled in after
# getting access list with only creater filled in # getting access list with only creator filled in
&parse_acl($GL_CONF_COMPILED, $repo, $ENV{GL_USER}, "NOBODY", "NOBODY"); &parse_acl($GL_CONF_COMPILED, $repo, $ENV{GL_USER}, "NOBODY", "NOBODY");
$perm = ( $repos{$repo}{C}{'@all'} ? ' @C' : ( $repos{$repo}{C}{$ENV{GL_USER}} ? ' =C' : ' ' )) if $GL_WILDREPOS; $perm = ( $repos{$repo}{C}{'@all'} ? ' @C' : ( $repos{$repo}{C}{$ENV{GL_USER}} ? ' =C' : ' ' )) if $GL_WILDREPOS;
# if you didn't have perms to create it, delete the "convenience" # if you didn't have perms to create it, delete the "convenience"
# copy of the ACL that parse_acl makes # copy of the ACL that parse_acl makes
delete $repos{$repo} unless $perm =~ /C/; delete $repos{$repo} unless $perm =~ /C/;
$creater = "<repo_not_found>"; $creator = "<repo_not_found>";
} }
$perm .= ( $repos{$repo}{R}{'@all'} ? ' @R' : ( $repos{'@all'}{R}{$ENV{GL_USER}} ? ' #R' : ( $repos{$repo}{R}{$ENV{GL_USER}} ? ' R' : ' ' ))); $perm .= ( $repos{$repo}{R}{'@all'} ? ' @R' : ( $repos{'@all'}{R}{$ENV{GL_USER}} ? ' #R' : ( $repos{$repo}{R}{$ENV{GL_USER}} ? ' R' : ' ' )));
$perm .= ( $repos{$repo}{W}{'@all'} ? ' @W' : ( $repos{'@all'}{W}{$ENV{GL_USER}} ? ' #W' : ( $repos{$repo}{W}{$ENV{GL_USER}} ? ' W' : ' ' ))); $perm .= ( $repos{$repo}{W}{'@all'} ? ' @W' : ( $repos{'@all'}{W}{$ENV{GL_USER}} ? ' #W' : ( $repos{$repo}{W}{$ENV{GL_USER}} ? ' W' : ' ' )));
return($perm, $creater); return($perm, $creator);
} }
} }
# helper/convenience routine to get rights and ownership from a shell command # helper/convenience routine to get rights and ownership from a shell command
sub cli_repo_rights { sub cli_repo_rights {
my ($perm, $creater) = &repo_rights($_[0]); my ($perm, $creator) = &repo_rights($_[0]);
$perm =~ s/ /_/g; $perm =~ s/ /_/g;
$creater =~ s/^\(|\)$//g; $creator =~ s/^\(|\)$//g;
print "$perm $creater\n"; print "$perm $creator\n";
} }
# ---------------------------------------------------------------------------- # ----------------------------------------------------------------------------

View file

@ -184,7 +184,7 @@ $ENV{GL_REPO}=$repo;
# first level permissions check # first level permissions check
# ---------------------------------------------------------------------------- # ----------------------------------------------------------------------------
my ($perm, $creater) = &repo_rights($repo); my ($perm, $creator) = &repo_rights($repo);
if ($perm =~ /C/) { if ($perm =~ /C/) {
# it was missing, and you have create perms # it was missing, and you have create perms
wrap_chdir("$repo_base_abs"); wrap_chdir("$repo_base_abs");

View file

@ -187,7 +187,7 @@ sub parse_conf_file
@repos = expand_list ( @repos ); @repos = expand_list ( @repos );
do { die "$ABRT bad reponame $_\n" unless ($GL_WILDREPOS ? $_ =~ $REPOPATT_PATT : $_ =~ $REPONAME_PATT) } for @repos; do { die "$ABRT bad reponame $_\n" unless ($GL_WILDREPOS ? $_ =~ $REPOPATT_PATT : $_ =~ $REPONAME_PATT) } for @repos;
} }
s/\bCREAT[EO]R\b/\$creater/g for @repos; s/\bCREAT[EO]R\b/\$creator/g for @repos;
} }
# actual permission line # actual permission line
elsif (/^(-|C|R|RW\+?D?) (.* )?= (.+)/) elsif (/^(-|C|R|RW\+?D?) (.* )?= (.+)/)
@ -212,7 +212,7 @@ sub parse_conf_file
unless (@users == 1 and $users[0] eq '@all'); unless (@users == 1 and $users[0] eq '@all');
do { die "$ABRT bad username $_\n" unless $_ =~ $USERNAME_PATT } for @users; do { die "$ABRT bad username $_\n" unless $_ =~ $USERNAME_PATT } for @users;
s/\bCREAT[EO]R\b/~\$creater/g for @users; s/\bCREAT[EO]R\b/~\$creator/g for @users;
s/\bREADERS\b/\$readers/g for @users; s/\bREADERS\b/\$readers/g for @users;
s/\bWRITERS\b/\$writers/g for @users; s/\bWRITERS\b/\$writers/g for @users;
@ -358,10 +358,10 @@ for my $fragment_file (glob("conf/fragments/*.conf"))
my $compiled_fh = wrap_open( ">", $GL_CONF_COMPILED ); my $compiled_fh = wrap_open( ">", $GL_CONF_COMPILED );
my $dumped_data = Data::Dumper->Dump([\%repos], [qw(*repos)]); my $dumped_data = Data::Dumper->Dump([\%repos], [qw(*repos)]);
# the dump uses single quotes, but we convert any strings containing $creater, # the dump uses single quotes, but we convert any strings containing $creator,
# $readers, $writers, to double quoted strings. A wee bit sneaky, but not too # $readers, $writers, to double quoted strings. A wee bit sneaky, but not too
# much... # much...
$dumped_data =~ s/'(?=[^']*\$(?:creater|readers|writers|gl_user))~?(.*?)'/"$1"/g; $dumped_data =~ s/'(?=[^']*\$(?:creator|readers|writers|gl_user))~?(.*?)'/"$1"/g;
print $compiled_fh $dumped_data; print $compiled_fh $dumped_data;
close $compiled_fh or die "$ABRT close compiled-conf failed: $!\n"; close $compiled_fh or die "$ABRT close compiled-conf failed: $!\n";
@ -555,7 +555,7 @@ for my $pubkey (`find . -type f`)
# lint check 3; a little more severe than the first two I guess... # lint check 3; a little more severe than the first two I guess...
for my $user (sort keys %user_list) for my $user (sort keys %user_list)
{ {
next if $user =~ /^(gitweb|daemon|\@all|~\$creater|\$readers|\$writers)$/ or $user_list{$user} eq 'has pubkey'; next if $user =~ /^(gitweb|daemon|\@all|~\$creator|\$readers|\$writers)$/ or $user_list{$user} eq 'has pubkey';
print STDERR "$WARN user $user in config, but has no pubkey!\n"; print STDERR "$WARN user $user in config, but has no pubkey!\n";
} }