...otherwise 'gitolite help' was getting too confusing, mixing up stuff that users should not be running directly (even on the server) ---- implementation notes: those who are worried about the '../triggers/' in various parts of the code here, remember you can only do that from a command line on the server. Remote users can only use commands that have been explicitly listed in the COMMANDS hash in the rc file. This means they can't even access other commands in the same directory as, say, the 'info' command, so a '../' is definitely not going to work.
77 lines
2.1 KiB
Perl
Executable file
77 lines
2.1 KiB
Perl
Executable file
#!/usr/bin/perl
|
|
use strict;
|
|
use warnings;
|
|
|
|
use lib $ENV{GL_BINDIR};
|
|
use Gitolite::Rc;
|
|
use Gitolite::Common;
|
|
use Gitolite::Conf::Load;
|
|
|
|
=for usage
|
|
Usage: gitolite access [-q] <repo> <user> <perm> <ref>
|
|
|
|
Print access rights for arguments given. The string printed has the word
|
|
DENIED in it if access was denied. With '-q', returns only an exit code
|
|
(shell truth, not perl truth -- 0 is success).
|
|
|
|
- repo: mandatory
|
|
- user: mandatory
|
|
- perm: defauts to '+'. Valid values: R, W, +, C, D, M
|
|
- ref: defauts to 'any'. See notes below
|
|
|
|
Notes:
|
|
- ref: Any fully qualified ref ('refs/heads/master', not 'master') is fine.
|
|
The 'any' ref is special -- it ignores deny rules (see docs for what this
|
|
means and exceptions).
|
|
|
|
For each case where access is not denied, one line is printed like this:
|
|
|
|
reponame<tab>username<tab>access rights
|
|
|
|
This is orders of magnitude faster than running the command multiple times;
|
|
you'll notice if you have more than a hundred or so repos.
|
|
|
|
Advanced uses: see src/triggers/post-compile/update-git-daemon-access-list for
|
|
a good example.
|
|
=cut
|
|
|
|
usage() if not @ARGV or $ARGV[0] eq '-h';
|
|
my $quiet = 0;
|
|
if ( $ARGV[0] eq '-q' ) { $quiet = 1; shift @ARGV; }
|
|
|
|
my ( $repo, $user, $aa, $ref ) = @ARGV;
|
|
$aa ||= '+';
|
|
$ref ||= 'any';
|
|
_die "invalid perm" if not( $aa and $aa =~ /^(R|W|\+|C|D|M)$/ );
|
|
_die "invalid ref name" if not( $ref and $ref =~ $REPONAME_PATT );
|
|
|
|
my $ret = '';
|
|
|
|
if ( $repo ne '%' and $user ne '%' ) {
|
|
# single repo, single user; no STDIN
|
|
_die "invalid repo name" if not( $repo and $repo =~ $REPONAME_PATT );
|
|
_die "invalid user name" if not( $user and $user =~ $USERNAME_PATT );
|
|
$ret = access( $repo, $user, $aa, $ref );
|
|
|
|
if ( $ret =~ /DENIED/ ) {
|
|
print "$ret\n" unless $quiet;
|
|
exit 1;
|
|
}
|
|
|
|
print "$ret\n" unless $quiet;
|
|
exit 0;
|
|
}
|
|
|
|
$repo = '' if $repo eq '%';
|
|
$user = '' if $user eq '%';
|
|
|
|
_die "'-q' doesn't go with using a pipe" if $quiet;
|
|
@ARGV = ();
|
|
while (<>) {
|
|
my @in = split;
|
|
my $r = $repo || shift @in;
|
|
my $u = $user || shift @in;
|
|
$ret = access( $r, $u, $aa, $ref );
|
|
print "$r\t$u\t$ret\n";
|
|
}
|