af6820a94b
(can_* == can_read, can_write, and can_create) See top of contrib/adc/adc.common-functions for more on this. Note: the old style (calling get_rights_and_owner with $repo, then checking $perm_read, $perm_write, etc.), will still work fine.
133 lines
3.8 KiB
Bash
133 lines
3.8 KiB
Bash
#!/bin/sh
|
|
|
|
# please make sure this file is NOT chmod +x
|
|
|
|
# this file contains settings for all ADCs at the top, then functions that you
|
|
# can call from shell scripts. Other files in this directory have examples.
|
|
|
|
# all uses require you to "source" this file, like so:
|
|
|
|
# # at the top of your ADC
|
|
# . $(dirname $0)/adc.common-functions
|
|
|
|
# then you use one of the following functions, like so:
|
|
|
|
# can_create reponame || die "you can't create reponame"
|
|
# can_write reponame || die "you can't write reponame"
|
|
# can_read reponame || die "you can't read reponame"
|
|
# is_admin || die "you're not an admin"
|
|
|
|
# IMPORTANT NOTE: all the can_* functions set $repo to the normalised reponame
|
|
# (i.e., with '.git' extension removed if it was supplied).
|
|
|
|
# ------------------------------------------------------------------------------
|
|
|
|
# settings for various ADCs, collected in one place for ease of keeping local
|
|
# settings intact during upgrades (you only have to worry about this file
|
|
# now). Documentation for the variables, however, is in the respective ADC
|
|
|
|
# settings for 'rm' ADC
|
|
ARE_YOU_SURE=1
|
|
USE_LOCK_UNLOCK=1
|
|
|
|
# settings for 'trash' ADC
|
|
TRASH_CAN=$GL_REPO_BASE_ABS/deleted
|
|
TRASH_SUFFIX=`date +%Y-%m-%d_%H:%M:%S`
|
|
|
|
# settings for 'hub' ADC
|
|
BASE_FETCH_URL="git://gl.example.com"
|
|
GL_FORKED_FROM="gl-forked-from"
|
|
# KDE may set this to kde-cloned-from for historical reasons
|
|
|
|
# Change to 1 to make -list the default action for the 'help' command
|
|
HELP_LIST_DEFAULT=0
|
|
|
|
# name of "admin" group (see is_admin() below before uncommenting)
|
|
# ADMIN_GROUPNAME=admins
|
|
|
|
# ------------------------------------------------------------------------------
|
|
|
|
die() { echo "$@"; exit 1; }
|
|
|
|
# test an option value more concisely
|
|
opt() {
|
|
[ "$1" = "1" ] && return 0
|
|
return 1
|
|
}
|
|
|
|
valid_owned_repo() {
|
|
# check that an arg passed is a valid repo and the current user owns it
|
|
[ -z "$1" ] && die need a repo name
|
|
get_rights_and_owner $1
|
|
[ "$owner" = "$GL_USER" ] || die "$repo does not exist or is not yours!"
|
|
|
|
# and we sneak this in too, quietly :)
|
|
cd $GL_REPO_BASE_ABS
|
|
}
|
|
|
|
# NOTE: this also sets $repo to the normalised (without .git suffix) reponame
|
|
get_rights_and_owner() {
|
|
local ans
|
|
repo=${1%.git}
|
|
ans=$(perl -I$GL_BINDIR -Mgitolite -e "cli_repo_rights('"$repo"')")
|
|
|
|
# set shell variables as needed
|
|
owner=${ans#* }
|
|
rights=${ans% *}
|
|
echo $rights | grep C >/dev/null 2>&1 && perm_create=yes || perm_create=
|
|
echo $rights | grep R >/dev/null 2>&1 && perm_read=yes || perm_read=
|
|
echo $rights | grep W >/dev/null 2>&1 && perm_write=yes || perm_write=
|
|
}
|
|
|
|
can_create() {
|
|
get_rights_and_owner ${1%.git}
|
|
[ -z "$perm_create" ] && return 1
|
|
return 0
|
|
}
|
|
|
|
can_write() {
|
|
get_rights_and_owner ${1%.git}
|
|
[ -z "$perm_write" ] && return 1
|
|
return 0
|
|
}
|
|
|
|
can_read() {
|
|
get_rights_and_owner ${1%.git}
|
|
[ -z "$perm_read" ] && return 1
|
|
return 0
|
|
}
|
|
|
|
# ------------------------------------------------------------------------------
|
|
|
|
# check if current user is an admin
|
|
is_admin() {
|
|
# there are two ways to check if someone is an admin. The default (if
|
|
# ADMIN_GROUPNAME is not defined) is to check if they have write access to
|
|
# the admin repo
|
|
|
|
if [ -z "$ADMIN_GROUPNAME" ]
|
|
then
|
|
can_write gitolite-admin || return 1
|
|
return 0
|
|
fi
|
|
|
|
# the alternative way is to check membership in $ADMIN_GROUPNAME; please
|
|
# remember this method requires GL_BIG_CONFIG to be set
|
|
|
|
# TODO, pending the code to allow an external query of a user's "group"
|
|
# affiliations
|
|
in_group $ADMIN_GROUPNAME
|
|
}
|
|
|
|
# ------------------------------------------------------------------------------
|
|
|
|
grouplist() {
|
|
perl -I$GL_BINDIR -Mgitolite -e "cli_grouplist()"
|
|
}
|
|
|
|
in_group() {
|
|
local g=$1
|
|
grouplist | egrep "(^| )$g( |$)" >/dev/null && return 0
|
|
return 1
|
|
}
|