#!/usr/bin/perl use strict; use warnings; use lib $ENV{GL_LIBDIR}; use Gitolite::Rc; use Gitolite::Common; use Gitolite::Conf::Load; =for usage Usage: ssh git@host perms -l ssh git@host perms - ssh git@host perms + List or set permissions for user-created ("wild") repo. The first usage shown will list the current contents of the permissions file. The other two will change permissions, adding or removing a user from a role. Examples: ssh git@host perms foo + READERS user1 ssh git@host perms foo + READERS user2 ssh git@host perms foo + READERS user3 (Note: a legacy mode of piping in the entire permissions text directly is also supported. If you want to use it, don't mix it with the new "+/-" modes). =cut usage() if not @ARGV or $ARGV[0] eq '-h'; my $list = 0; if ( $ARGV[0] eq '-l' ) { $list++; shift; getperms(@ARGV); # doesn't return } setperms(@ARGV); _system( "gitolite", "trigger", "POST_CREATE" ); # ---------------------------------------------------------------------- sub getperms { my $repo = shift; _die "sorry you are not authorised" if repo_missing($repo) or creator($repo) ne $ENV{GL_USER}; my $pf = "$rc{GL_REPO_BASE}/$repo.git/gl-perms"; print slurp($pf) if -f $pf; exit 0; } sub setperms { my $repo = shift; _die "sorry you are not authorised" if repo_missing($repo) or creator($repo) ne $ENV{GL_USER}; my $pf = "$rc{GL_REPO_BASE}/$repo.git/gl-perms"; if ( not @_ ) { # legacy mode; pipe data in @ARGV = (); my @a; for (<>) { _die "Invalid role '$1'; check the rc file" if /(\S+)/ and not $rc{ROLES}{$1}; push @a, $_; } _print( $pf, @a ); return; } _die "Invalid syntax. Please re-run with '-h' for detailed usage" if @_ != 3; my ( $op, $role, $user ) = @_; _die "Invalid syntax. Please re-run with '-h' for detailed usage" if $op ne '+' and $op ne '-'; _die "Invalid role '$role'; check the rc file" if not $rc{ROLES}{$role}; _die "Invalid user '$user'" if not $user =~ $USERNAME_PATT; my $text = ''; my @text = slurp($pf) if -f $pf; my $present = grep { $_ eq "$role $user\n" } @text; if ( $op eq '-' ) { if ( not $present ) { _warn "'$role $user' was not present in file"; } else { @text = grep { $_ ne "$role $user\n" } @text; _print( $pf, @text ); } } else { if ($present) { _warn "'$role $user' already present in file"; } else { push @text, "$role $user\n"; @text = sort @text; _print( $pf, @text ); } } }