Add more complicated access restrictions (repository, branches, tags)

[gitblit]

Originally reported on Google Code with ID 36

There is an server side system for git - gitolite, but it uses ssh protocol in it's
work. The great feature of gitolite is flexible access control configuration - it allows
enable/disable access to branches and so on.

It will be useful to prevent delete operation on branches to make them protected as
master-branch. Or only owner of the branch can delete it and so on.

Such policies make sense when a group of developers works on the same project and each
developer has it's own branch for some feature of the target application - they prevents
write access of others to my branches.

Of cause, I can use repository clone and prevent cloning of my repository until I finish
my work, but branches are especially for this purpose and allow to see and use my work
for others by merging it to their branches.

Just think about it!

Reported by 2sh2ka on 2012-01-06 18:30:33

[gitblit]

Agreed.  A proof-of-concept blockpush mechanism exists in my master branch.  After the
next release I am going to play with implementing gitosis/gitolite-like functionality
possibly re-using gitosis/gitolite configuration files.

Reported by James.Moger on 2012-01-06 18:42:18

[gitblit]

That would be big news !!!! 

Best regards

Reported by eguervos on 2012-01-30 20:35:31

[gitblit]

James,

Do you have any updates on this?

Thanks,

Drew

Reported by Drew.Kutcharian on 2012-04-28 20:33:40

[gitblit]

Not currently.  I keep meaning to find the time to implement something, but so far no
luck.  What needs do you have?  That could help me pin down a spec rather than "remake
gitolite".

Reported by James.Moger on 2012-04-28 23:32:01

[gitblit]

Restricting pushes to a branch. For example only a certain user/group can push commits
to a certain branch.

Use case: Everyone can push to master but only the team lead can push to production
after peer review.

Reported by Drew.Kutcharian on 2012-04-29 00:10:54

[gitblit]

You could do this today with the protect-refs.groovy hook script.
https://github.com/gitblit/gitblit/blob/master/groovy/protect-refs.groovy

Reported by James.Moger on 2012-04-29 20:10:54

[gitblit]

Thanks James. protect-refs.groovy should be good for now, but I think it'd be nicer
to eventually have this functionality in the UI too.

Reported by Drew.Kutcharian on 2012-04-30 16:51:15

[gitblit]

We have a requirement to allow authenticated read-only access for some users. Specifically,
having some users that are able to log in to the UI (or use a git client) to view the
contents, logs, etc of a specific repo, but not be able to push any changes there.

Reported by peterloron on 2012-09-10 23:58:11

[gitblit]

For the time-being you can use a pre-receive hook to block any pushes.

Reported by James.Moger on 2012-09-11 11:59:08

[gitblit]

Hi James,

You wrote:
After the next release I am going to play with implementing gitosis/gitolite-like functionality
possibly re-using gitosis/gitolite configuration files.

It's great! But gitosis' configuration is too poor - use gitolite.
The great example of restrictions configuration is svnserve configuration file. Gitolite's
configuration file format is just as SVN's one - they have required flexibility.

With best regards, Mikhail

Reported by 2sh2ka on 2012-09-17 19:18:28

[gitblit]

access rules
http://sitaramc.github.com/gitolite/rules.html

R, for read only
RW, for push existing ref or create new ref
RW+, for "push -f" or ref deletion allowed (i.e., destroy information)
- (the minus sign), to deny access.

access rules for branches 
http://sitaramc.github.com/gitolite/refex.html

Reported by marcomsousa on 2012-09-20 21:59:49

[gitblit]

I think that this should be supported right now.

Authenticated Clone & Push non-force (without push -f)

Reported by marcomsousa on 2012-09-20 22:02:20

[gitblit]

Issue 437 has been merged into this issue.

Reported by James.Moger on 2012-10-03 19:36:16

[gitblit]

I see this commit:
"Finer-grained repository access permissions (issue 332)"

It's really nice.
Thank you very much

Reported by marcomsousa on 2012-10-10 06:33:23

[gitblit]

Thanks.  I'm not quite finished with changes to permissions, but this is definitely
an improvement.

Reported by James.Moger on 2012-10-10 11:43:53

[gitblit]

At the moment I have two repos, to mantain the master branch safe.
It would be lot more easier if the gitblit implements some more advanced permisions.

Branch, like in gitolite:
http://gitolite.com/gitolite/rules.html#what-do-rules-look-like
http://gitolite.com/gitolite/refex.html
http://gitolite.com/gitolite/vref.html

This is in yours plans?

Reported by marcomsousa on 2014-06-17 07:45:31

[gitblit]

I may add something very simple, but I haven't thought about it too much.

More complex ACLs...
1. can be contributed to the core by the community
2. can be written as a Groovy receive hook script
3. can be written as a receive hook plugin

My preference is for someone to attempt #3 - a gitolite-ish receive hook plugin.

Reported by James.Moger on 2014-06-17 12:17:26

[monkiki]

Hi there!

Any news about this enhancement?

GitBlit is really great! Thanks!