798762a0c3
If CGI.pm does not have a user, this patch causes the gitweb authentication code to assume "gitweb". This allows one to specify ACLs specifically for gitweb, separately from the @all catch-all. To: Sitaram Chamarty <sitaramc@gmail.com> Cc: Teemu Matilainen <teemu.matilainen@iki.fi> Signed-off-by: martin f. krafft <madduck@madduck.net>
41 lines
1.3 KiB
Plaintext
41 lines
1.3 KiB
Plaintext
# --------------------------------------------
|
|
# Per-repo authorization based on gitolite ACL
|
|
# Include this in gitweb.conf
|
|
# See doc/3-faq-tips-etc.mkd for more info
|
|
|
|
# HOME of the gitolite user
|
|
my $gl_home = "/home/git";
|
|
|
|
# environment variables needed by gitolite.pm
|
|
$ENV{GL_RC} = "$gl_home/.gitolite.rc";
|
|
$ENV{GL_USER} = $cgi->remote_user || "gitweb";
|
|
|
|
# variables from the RC file
|
|
our ($REPO_BASE, $GL_ADMINDIR);
|
|
|
|
# set HOME temporarily for RC parsing
|
|
my $orig_home = $ENV{HOME};
|
|
$ENV{HOME} = $gl_home;
|
|
do $ENV{GL_RC}
|
|
or die_error(500, "Failed to parse $ENV{GL_RC}: " . ($! or $@));
|
|
$ENV{HOME} = $orig_home;
|
|
|
|
# set project root etc. absolute paths
|
|
$ENV{GL_REPO_BASE_ABS} = ( $REPO_BASE =~ m(^/) ? $REPO_BASE : "$gl_home/$REPO_BASE" );
|
|
$projects_list = $projectroot = $ENV{GL_REPO_BASE_ABS};
|
|
|
|
# load gitolite helper routines
|
|
require "$GL_ADMINDIR/src/gitolite.pm"
|
|
or die_error(500, "Failed to parse gitolite.pm: " . ($! or $@));
|
|
|
|
$export_auth_hook = sub {
|
|
my $repo = shift;
|
|
# gitweb passes us the full repo path; so we strip the beginning
|
|
# and the end, to get the repo name as it is specified in gitolite conf
|
|
return unless $repo =~ s/^\Q$projectroot\E\/?(.+)\.git$/$1/;
|
|
|
|
# check for (at least) "R" permission
|
|
my ($perm, $creator) = &repo_rights($repo);
|
|
return ($perm =~ /R/);
|
|
};
|