# --------------------------------------------
# Per-repo authorization based on gitolite ACL
# Include this in gitweb.conf
# See doc/3-faq-tips-etc.mkd for more info

# HOME of the gitolite user
my $gl_home = "/home/git";

# environment variables needed by gitolite.pm
$ENV{GL_RC} = "$gl_home/.gitolite.rc";
$ENV{GL_USER} = $cgi->remote_user || "gitweb";

# variables from the RC file
our ($REPO_BASE, $GL_ADMINDIR);

# set HOME temporarily for RC parsing
my $orig_home = $ENV{HOME};
$ENV{HOME} = $gl_home;
do $ENV{GL_RC}
    or die_error(500, "Failed to parse $ENV{GL_RC}: "  . ($! or $@));
$ENV{HOME} = $orig_home;

# set project root etc. absolute paths
$ENV{GL_REPO_BASE_ABS} = ( $REPO_BASE =~ m(^/) ? $REPO_BASE : "$gl_home/$REPO_BASE" );
$projects_list = $projectroot = $ENV{GL_REPO_BASE_ABS};

# load gitolite helper routines
require "$GL_ADMINDIR/src/gitolite.pm"
    or die_error(500, "Failed to parse gitolite.pm: " . ($! or $@));

$export_auth_hook = sub {
    my $repo = shift;
    # gitweb passes us the full repo path; so we strip the beginning
    # and the end, to get the repo name as it is specified in gitolite conf
    return unless $repo =~ s/^\Q$projectroot\E\/?(.+)\.git$/$1/;

    # check for (at least) "R" permission
    my ($perm, $creator) = &repo_rights($repo);
    return ($perm =~ /R/);
};