Permalink
Browse files

DEFAULT_ROLE_PERMS replaced by per repo default.roles option

  • Loading branch information...
1 parent 7d0e48a commit 1fcc6c87f75882f451befad6ac7ae3727ef2560a @sitaramc committed Mar 24, 2013
Showing with 48 additions and 18 deletions.
  1. +1 −1 cookbook.mkd
  2. +1 −1 g2migr.mkd
  3. +15 −12 rc.mkd
  4. +1 −1 user.mkd
  5. +30 −3 wild.mkd
View
@@ -181,7 +181,7 @@ something like this:
2. write your hook code with this at the top:
# check if @foo is in the list of groups of which $GL_REPO is a member
- gitolite list-memberships $GL_REPO | grep -x @foo >/dev/null || exit 0
+ gitolite list-memberships -r $GL_REPO | grep -x @foo >/dev/null || exit 0
3. now add your hook as described in earlier steps
View
@@ -106,7 +106,7 @@ Some of them have links where there is more detail than I want to put here.
* `GL_GET_MEMBERSHIPS_PGM` -- is now `GROUPLIST_PGM`, see
[here][ldap].
- * `GL_WILDREPOS_DEFPERMS` -- is now `DEFAULT_ROLE_PERMS`.
+ * `GL_WILDREPOS_DEFPERMS` -- is gone; see [roles][] for how to do this.
* `REPO_BASE` -- **dropped**, is now at a fixed location: `~/repositories`.
If you want it somewhere else go ahead and move it, then place a symlink
View
@@ -91,23 +91,26 @@ information.
This specifies the role names allowed to be used by users running the
[perms][] command. The [wild][] repos doc has more info on roles.
- * `DEFAULT_ROLE_PERMS`, string, default undef
+ * `OWNER_ROLENAME`, string, default undef
- This sets default wildcard permissions for newly created wildcard repos.
+ (requires v3.5 or later)
- If set, this value will be used as the default role permissions for new
- wildcard repositories. The user can change this value with the perms
- command as desired after repository creation; it is only a default.
+ By default, permissions on a wild repo can only be set by the *creator* of
+ the repo (using the [perms][] command). But some sites want to allow
+ other people to do this as well.
- Please be aware this is potentially a multi-line variable. In most
- setups, it will be left undefined. Some installations may benefit from
- setting it to `READERS @all`.
+ To enable this behaviour, the server admin must first set this variable to
+ some string, say 'OWNERS'. (He must also add 'OWNERS' to the ROLES hash
+ described in the previous bullet).
- If you want multiple roles to be assigned by default, here is how. Note
- double quotes this time, due to the embedded newline, which in turn
- require the '@' to be escaped:
+ The creator of the repo can then add other users to the OWNERS role using
+ the [perms][] command.
- DEFAULT_ROLE_PERMS => "READERS \@all\nWRITERS \@senior_devs",
+ The [perms][] command, the new "owns" command, and possibly other commands
+ in future, will then give these users the same privileges that they give
+ to the creator of the repo.
+
+ (Also see the full documentation on [roles][]).
* `LOCAL_CODE`, string
View
@@ -84,7 +84,7 @@ To give some flexibility to users, the admin could add rules like this:
RW = WRITERS
R = READERS
-(he could also add other roles but then he needs to read the documentation).
+(he could also add other [roles][] but then he needs to read the documentation).
Once he does this, you can then use the `perms` command (run `ssh git@host
perms -h` for help) to set permissions for other users by specifying which
View
@@ -104,7 +104,7 @@ metacharacters.
> ----
-## roles
+## #roles roles
The tokens READERS and WRITERS are called "role" names. The access rules in
the conf file decide what permissions these roles have, but they don't say
@@ -115,7 +115,7 @@ You can run `ssh git@host perms -h` for detailed help, but in brief, that
command lets you give and take away roles to users. [This][perms] has some
more detail.
-## adding other roles
+### adding other roles
If you want to have more than just the 2 default roles, say something like:
@@ -132,7 +132,34 @@ You can add the new names to the ROLES hash in the `~/.gitolite.rc` file; see
comments in that file for how to do that. Be sure to run the 2 commands
mentioned there after you have added the roles.
-#### #rolenamewarn **IMPORTANT WARNING ABOUT THIS FEATURE**
+### setting default roles
+
+You can setup some default role assignments as soon as a new wild repo is
+created.
+
+Here's how:
+
+ * enable the 'set-default-roles' feature in the rc file by uncommenting it
+ if it is already present or adding it to the ENABLE list if it is not.
+
+ * supply a set of default role assignments for a wild repo pattern by adding
+ lines like this to the repo config para:
+
+ option default.roles-1 = READERS @all
+ option default.roles-2 = WRITERS @senior-devs
+
+This will then behave as if the [perms][] command was used immediately after
+the repo was created to add those two role assignments.
+
+If you want to simulate the old (pre v3.5) `DEFAULT_ROLE_PERMS` rc file
+variable, just add them under a `repo @all` line. (Remember that this only
+affects newly created wild repos, despite the '@all' name).
+
+### specifying owners
+
+See the section on `OWNER_ROLENAME` in the [rc file documentation][rc].
+
+#### #rolenamewarn <font color="red">**IMPORTANT WARNING ABOUT THIS FEATURE**</font>
Please make sure that none of the role names conflict with any of the user
names or group names in the system. For example, if you have a user called

0 comments on commit 1fcc6c8

Please sign in to comment.