Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add more complicated access restrictions (repository, branches, tags) #332

Open
gitblit opened this issue Aug 12, 2015 · 18 comments
Open

Add more complicated access restrictions (repository, branches, tags) #332

gitblit opened this issue Aug 12, 2015 · 18 comments

Comments

@gitblit
Copy link
Collaborator

gitblit commented Aug 12, 2015

Originally reported on Google Code with ID 36

There is an server side system for git - gitolite, but it uses ssh protocol in it's
work. The great feature of gitolite is flexible access control configuration - it allows
enable/disable access to branches and so on.

It will be useful to prevent delete operation on branches to make them protected as
master-branch. Or only owner of the branch can delete it and so on.

Such policies make sense when a group of developers works on the same project and each
developer has it's own branch for some feature of the target application - they prevents
write access of others to my branches.

Of cause, I can use repository clone and prevent cloning of my repository until I finish
my work, but branches are especially for this purpose and allow to see and use my work
for others by merging it to their branches.

Just think about it!

Reported by 2sh2ka on 2012-01-06 18:30:33

@gitblit
Copy link
Collaborator Author

gitblit commented Aug 12, 2015

Agreed.  A proof-of-concept blockpush mechanism exists in my master branch.  After the
next release I am going to play with implementing gitosis/gitolite-like functionality
possibly re-using gitosis/gitolite configuration files.

Reported by James.Moger on 2012-01-06 18:42:18

@gitblit
Copy link
Collaborator Author

gitblit commented Aug 12, 2015

That would be big news !!!! 

Best regards

Reported by eguervos on 2012-01-30 20:35:31

@gitblit
Copy link
Collaborator Author

gitblit commented Aug 12, 2015

James,

Do you have any updates on this?

Thanks,

Drew

Reported by Drew.Kutcharian on 2012-04-28 20:33:40

@gitblit
Copy link
Collaborator Author

gitblit commented Aug 12, 2015

Not currently.  I keep meaning to find the time to implement something, but so far no
luck.  What needs do you have?  That could help me pin down a spec rather than "remake
gitolite".

Reported by James.Moger on 2012-04-28 23:32:01

@gitblit
Copy link
Collaborator Author

gitblit commented Aug 12, 2015

Restricting pushes to a branch. For example only a certain user/group can push commits
to a certain branch.

Use case: Everyone can push to master but only the team lead can push to production
after peer review.

Reported by Drew.Kutcharian on 2012-04-29 00:10:54

@gitblit
Copy link
Collaborator Author

gitblit commented Aug 12, 2015

You could do this today with the protect-refs.groovy hook script.
https://github.com/gitblit/gitblit/blob/master/groovy/protect-refs.groovy

Reported by James.Moger on 2012-04-29 20:10:54

@gitblit
Copy link
Collaborator Author

gitblit commented Aug 12, 2015

Thanks James. protect-refs.groovy should be good for now, but I think it'd be nicer
to eventually have this functionality in the UI too.

Reported by Drew.Kutcharian on 2012-04-30 16:51:15

@gitblit
Copy link
Collaborator Author

gitblit commented Aug 12, 2015

We have a requirement to allow authenticated read-only access for some users. Specifically,
having some users that are able to log in to the UI (or use a git client) to view the
contents, logs, etc of a specific repo, but not be able to push any changes there.

Reported by peterloron on 2012-09-10 23:58:11

@gitblit
Copy link
Collaborator Author

gitblit commented Aug 12, 2015

For the time-being you can use a pre-receive hook to block any pushes.

Reported by James.Moger on 2012-09-11 11:59:08

@gitblit
Copy link
Collaborator Author

gitblit commented Aug 12, 2015

Hi James,

You wrote:
After the next release I am going to play with implementing gitosis/gitolite-like functionality
possibly re-using gitosis/gitolite configuration files.

It's great! But gitosis' configuration is too poor - use gitolite.
The great example of restrictions configuration is svnserve configuration file. Gitolite's
configuration file format is just as SVN's one - they have required flexibility.

With best regards, Mikhail

Reported by 2sh2ka on 2012-09-17 19:18:28

@gitblit
Copy link
Collaborator Author

gitblit commented Aug 12, 2015

access rules
http://sitaramc.github.com/gitolite/rules.html

R, for read only
RW, for push existing ref or create new ref
RW+, for "push -f" or ref deletion allowed (i.e., destroy information)
- (the minus sign), to deny access.

access rules for branches 
http://sitaramc.github.com/gitolite/refex.html

Reported by marcomsousa on 2012-09-20 21:59:49

@gitblit
Copy link
Collaborator Author

gitblit commented Aug 12, 2015

I think that this should be supported right now.

Authenticated Clone & Push non-force (without push -f)

Reported by marcomsousa on 2012-09-20 22:02:20

@gitblit
Copy link
Collaborator Author

gitblit commented Aug 12, 2015

Issue 437 has been merged into this issue.

Reported by James.Moger on 2012-10-03 19:36:16

@gitblit
Copy link
Collaborator Author

gitblit commented Aug 12, 2015

I see this commit:
"Finer-grained repository access permissions (issue 332)"

It's really nice.
Thank you very much

Reported by marcomsousa on 2012-10-10 06:33:23

@gitblit
Copy link
Collaborator Author

gitblit commented Aug 12, 2015

Thanks.  I'm not quite finished with changes to permissions, but this is definitely
an improvement.

Reported by James.Moger on 2012-10-10 11:43:53

@gitblit
Copy link
Collaborator Author

gitblit commented Aug 12, 2015

At the moment I have two repos, to mantain the master branch safe.
It would be lot more easier if the gitblit implements some more advanced permisions.

Branch, like in gitolite:
http://gitolite.com/gitolite/rules.html#what-do-rules-look-like
http://gitolite.com/gitolite/refex.html
http://gitolite.com/gitolite/vref.html

This is in yours plans?

Reported by marcomsousa on 2014-06-17 07:45:31

@gitblit
Copy link
Collaborator Author

gitblit commented Aug 12, 2015

I may add something very simple, but I haven't thought about it too much.

More complex ACLs...
1. can be contributed to the core by the community
2. can be written as a Groovy receive hook script
3. can be written as a receive hook plugin

My preference is for someone to attempt #3 - a gitolite-ish receive hook plugin.

Reported by James.Moger on 2014-06-17 12:17:26

@monkiki
Copy link

monkiki commented May 13, 2016

Hi there!

Any news about this enhancement?

GitBlit is really great! Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

3 participants