gitolite/contrib/adc/adc.common-functions
Sitaram Chamarty af6820a94b new functions (can_*, is_admin, in_group) for ADCs
(can_* == can_read, can_write, and can_create)

See top of contrib/adc/adc.common-functions for more on this.

Note: the old style (calling get_rights_and_owner with $repo, then
checking $perm_read, $perm_write, etc.), will still work fine.
2011-11-22 19:31:41 +05:30

133 lines
3.8 KiB
Bash

#!/bin/sh
# please make sure this file is NOT chmod +x
# this file contains settings for all ADCs at the top, then functions that you
# can call from shell scripts. Other files in this directory have examples.
# all uses require you to "source" this file, like so:
# # at the top of your ADC
# . $(dirname $0)/adc.common-functions
# then you use one of the following functions, like so:
# can_create reponame || die "you can't create reponame"
# can_write reponame || die "you can't write reponame"
# can_read reponame || die "you can't read reponame"
# is_admin || die "you're not an admin"
# IMPORTANT NOTE: all the can_* functions set $repo to the normalised reponame
# (i.e., with '.git' extension removed if it was supplied).
# ------------------------------------------------------------------------------
# settings for various ADCs, collected in one place for ease of keeping local
# settings intact during upgrades (you only have to worry about this file
# now). Documentation for the variables, however, is in the respective ADC
# settings for 'rm' ADC
ARE_YOU_SURE=1
USE_LOCK_UNLOCK=1
# settings for 'trash' ADC
TRASH_CAN=$GL_REPO_BASE_ABS/deleted
TRASH_SUFFIX=`date +%Y-%m-%d_%H:%M:%S`
# settings for 'hub' ADC
BASE_FETCH_URL="git://gl.example.com"
GL_FORKED_FROM="gl-forked-from"
# KDE may set this to kde-cloned-from for historical reasons
# Change to 1 to make -list the default action for the 'help' command
HELP_LIST_DEFAULT=0
# name of "admin" group (see is_admin() below before uncommenting)
# ADMIN_GROUPNAME=admins
# ------------------------------------------------------------------------------
die() { echo "$@"; exit 1; }
# test an option value more concisely
opt() {
[ "$1" = "1" ] && return 0
return 1
}
valid_owned_repo() {
# check that an arg passed is a valid repo and the current user owns it
[ -z "$1" ] && die need a repo name
get_rights_and_owner $1
[ "$owner" = "$GL_USER" ] || die "$repo does not exist or is not yours!"
# and we sneak this in too, quietly :)
cd $GL_REPO_BASE_ABS
}
# NOTE: this also sets $repo to the normalised (without .git suffix) reponame
get_rights_and_owner() {
local ans
repo=${1%.git}
ans=$(perl -I$GL_BINDIR -Mgitolite -e "cli_repo_rights('"$repo"')")
# set shell variables as needed
owner=${ans#* }
rights=${ans% *}
echo $rights | grep C >/dev/null 2>&1 && perm_create=yes || perm_create=
echo $rights | grep R >/dev/null 2>&1 && perm_read=yes || perm_read=
echo $rights | grep W >/dev/null 2>&1 && perm_write=yes || perm_write=
}
can_create() {
get_rights_and_owner ${1%.git}
[ -z "$perm_create" ] && return 1
return 0
}
can_write() {
get_rights_and_owner ${1%.git}
[ -z "$perm_write" ] && return 1
return 0
}
can_read() {
get_rights_and_owner ${1%.git}
[ -z "$perm_read" ] && return 1
return 0
}
# ------------------------------------------------------------------------------
# check if current user is an admin
is_admin() {
# there are two ways to check if someone is an admin. The default (if
# ADMIN_GROUPNAME is not defined) is to check if they have write access to
# the admin repo
if [ -z "$ADMIN_GROUPNAME" ]
then
can_write gitolite-admin || return 1
return 0
fi
# the alternative way is to check membership in $ADMIN_GROUPNAME; please
# remember this method requires GL_BIG_CONFIG to be set
# TODO, pending the code to allow an external query of a user's "group"
# affiliations
in_group $ADMIN_GROUPNAME
}
# ------------------------------------------------------------------------------
grouplist() {
perl -I$GL_BINDIR -Mgitolite -e "cli_grouplist()"
}
in_group() {
local g=$1
grouplist | egrep "(^| )$g( |$)" >/dev/null && return 0
return 1
}