Allow enabling git-daemon for repos accessible to @ALL.

It may be useful to automatically allow git-daemon access to public repositories, which are accessible to @ALL users, but restrict access to more tightly secured repos. Signed-off-by: Alexander Gavrilov <angavrilov@gmail.com> Signed-off-by: <stefhen.hovland+github@gmail.com>
res0nat0r · Jun 10, 2009 · 92051c8 · 92051c8
1 parent dc0909a
commit 92051c8
Show file tree

Hide file tree

Showing 2 changed files with 44 additions and 0 deletions.
diff --git a/gitosis/gitdaemon.py b/gitosis/gitdaemon.py
@@ -7,6 +7,7 @@
 log = logging.getLogger('gitosis.gitdaemon')
 
 from gitosis import util
+from gitosis import access
 
 def export_ok_path(repopath):
     p = os.path.join(repopath, 'git-daemon-export-ok')
@@ -82,11 +83,23 @@ def set_export_ok(config):
         {True: 'allow', False: 'deny'}.get(global_enable),
         )
 
+    try:
+        enable_if_all = config.getboolean('gitosis', 'daemon-if-all')
+    except (NoSectionError, NoOptionError):
+        enable_if_all = False
+    log.debug(
+        'If accessible to @all: %r',
+        {True: 'allow', False: 'unchanged'}.get(enable_if_all),
+        )
+
     for (dirpath, repo, name) in walk_repos(config):
         try:
             enable = config.getboolean('repo %s' % name, 'daemon')
         except (NoSectionError, NoOptionError):
             enable = global_enable
+            if not enable and enable_if_all:
+                (users,groups,all_refs) = access.getAllAccess(config,name)
+                enable = ('@all' in all_refs)
 
         if enable:
             log.debug('Allow %r', name)

diff --git a/gitosis/test/test_gitdaemon.py b/gitosis/test/test_gitdaemon.py
@@ -153,3 +153,34 @@ def test_git_daemon_export_ok_allowed_global():
     eq(exported(os.path.join(tmp, 'foo.git')), True)
     eq(exported(os.path.join(tmp, 'quux.git')), True)
     eq(exported(os.path.join(tmp, 'thud.git')), False)
+
+def test_git_daemon_export_ok_allowed_all():
+    tmp = maketemp()
+
+    for repo in [
+        'foo.git',
+        'quux.git',
+        'thud.git',
+        ]:
+        path = os.path.join(tmp, repo)
+        os.mkdir(path)
+
+    # try to provoke an invalid allow
+    writeFile(gitdaemon.export_ok_path(os.path.join(tmp, 'thud.git')), '')
+
+    cfg = RawConfigParser()
+    cfg.add_section('gitosis')
+    cfg.set('gitosis', 'repositories', tmp)
+    cfg.set('gitosis', 'daemon-if-all', 'yes')
+    cfg.add_section('group all')
+    cfg.set('group all', 'readonly', 'foo')
+    cfg.add_section('group boo')
+    cfg.set('group boo', 'members', '@all')
+    cfg.set('group boo', 'readonly', 'quux thud')
+    cfg.add_section('repo thud')
+    # this is still hidden
+    cfg.set('repo thud', 'daemon', 'no')
+    gitdaemon.set_export_ok(config=cfg)
+    eq(exported(os.path.join(tmp, 'foo.git')), True)
+    eq(exported(os.path.join(tmp, 'quux.git')), True)
+    eq(exported(os.path.join(tmp, 'thud.git')), False)