Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

list-memberships and perms changes:

  - list-memberships now requires a '-r' or '-u'; i.e., you have to
    explicitly state whether you are passing a reponame or a username

    see the new '-h' message for details.

  - Easy.pm now has a new 'in_role()' test that is, at present, only
    used by 'owns()', which uses that instead of checking that he is the
    creator.

    The role name used (I recommend "OWNER") must be set in the rc file
    like so

        OWNER_ROLENAME => 'OWNER',

    and if it is not set, defaults to 'CREATOR', which makes it behave
    as things currently do.

  - perms now uses this new 'owns()' function to authorise the user,
    instead of checking that she is the *creator*
  • Loading branch information...
commit 797a81f3eb39023e2ed6c6ed039f8c975042efec 1 parent 5debb4d
@sitaramc authored
View
8 src/commands/perms
@@ -5,7 +5,7 @@ use warnings;
use lib $ENV{GL_LIBDIR};
use Gitolite::Rc;
use Gitolite::Common;
-use Gitolite::Conf::Load;
+use Gitolite::Easy;
=for usage
Usage: ssh git@host perms -l <repo>
@@ -52,7 +52,7 @@ if ( $ARGV[0] eq '-c' ) {
_die "invalid repo '$repo'" unless $repo =~ $REPONAME_PATT;
if (not -d "$rc{GL_REPO_BASE}/$repo.git") {
- my $ret = access( $repo, $ENV{GL_USER}, '^C', 'any' );
+ my $ret = Gitolite::Conf::Load::access( $repo, $ENV{GL_USER}, '^C', 'any' );
_die $generic_error if $ret =~ /DENIED/;
require Gitolite::Conf::Store;
@@ -70,7 +70,7 @@ _system( "gitolite", "trigger", "POST_CREATE", $repo, $ENV{GL_USER}, 'perms' );
sub getperms {
my $repo = shift;
- _die $generic_error if repo_missing($repo) or creator($repo) ne $ENV{GL_USER};
+ _die $generic_error if not owns($repo);
my $pf = "$rc{GL_REPO_BASE}/$repo.git/gl-perms";
print slurp($pf) if -f $pf;
@@ -79,7 +79,7 @@ sub getperms {
}
sub setperms {
- _die $generic_error if repo_missing($repo) or creator($repo) ne $ENV{GL_USER};
+ _die $generic_error if not owns($repo);
my $pf = "$rc{GL_REPO_BASE}/$repo.git/gl-perms";
if ( not @_ ) {
View
37 src/lib/Gitolite/Conf/Load.pm
@@ -538,20 +538,43 @@ sub list_repos {
}
=for list_memberships
-Usage: gitolite list-memberships <name>
+Usage: gitolite list-memberships -u|-r <name>
- - list all groups a name is a member of
- - takes one user/repo name
+List all groups a name is a member of. One of the flags '-u' or '-r' is
+mandatory, to specify if the name is a user or a repo.
+
+For users, the output includes the result from GROUPLIST_PGM, if it is
+defined. For repos, the output includes any repo patterns that the repo name
+matches, as well as any groups that contain those patterns.
=cut
sub list_memberships {
- usage() if @_ and $_[0] eq '-h' or not @_;
+ require Getopt::Long;
- my $name = shift;
+ my ( $user, $repo, $help );
+
+ Getopt::Long::GetOptionsFromArray(
+ \@_,
+ 'user|u=s' => \$user,
+ 'repo|r=s' => \$repo,
+ 'help|h' => \$help,
+ );
+ usage() if $help or ( not $user and not $repo );
load_common();
- my @m = memberships( '', $name );
- return ( sort_u( \@m ) );
+ my @m;
+
+ if ($user and $repo) {
+ # unsupported/undocumented except via "in_role()" in Easy.pm
+ @m = memberships( 'user', $user, $repo );
+ } elsif ($user) {
+ @m = memberships( 'user', $user );
+ } elsif ($repo) {
+ @m = memberships( 'repo', $repo );
+ }
+
+ @m = grep { $_ ne '@all' and $_ ne ( $user || $repo ) } @m;
+ return ( sort_u(\@m) );
}
=for list_members
View
22 src/lib/Gitolite/Easy.pm
@@ -35,6 +35,7 @@ package Gitolite::Easy;
is_admin
is_super_admin
in_group
+ in_role
owns
can_read
@@ -101,12 +102,27 @@ sub in_group {
my $g = shift;
$g =~ s/^\@?/@/;
- return grep { $_ eq $g } @{ Gitolite::Conf::Load::list_memberships($user) };
+ return grep { $_ eq $g } @{ Gitolite::Conf::Load::list_memberships('-u', $user) };
+}
+
+# in_role()
+
+# return true if $ENV{GL_USER} is set and has the given role for the given repo
+
+# shell equivalent
+# if gitolite list-memberships -u $GL_USER -r $GL_REPO | grep -x $ROLENAME >/dev/null; then ...
+sub in_role {
+ valid_user();
+ my $r = shift;
+ $r =~ s/^\@?/@/;
+ my $repo = shift;
+
+ return grep { $_ eq $r } @{ Gitolite::Conf::Load::list_memberships("-u", $user, "-r", $repo) };
}
# owns()
-# return true if $ENV{GL_USER} is set and is the creator of the given repo
+# return true if $ENV{GL_USER} is set and is an OWNER of the given repo.
# shell equivalent
# if gitolite creator $REPONAME $GL_USER; then ...
@@ -117,7 +133,7 @@ sub owns {
# prevent unnecessary disclosure of repo existence info
return 0 if repo_missing($r);
- return ( creator($r) eq $user );
+ return ( creator($r) eq $user or $rc{OWNER_ROLENAME} and in_role( $rc{OWNER_ROLENAME}, $r ) );
}
# can_read()
View
48 t/listers.t
@@ -76,53 +76,37 @@ t3
testing
';
-try "gitolite list-memberships alice"; cmp
-'@all
-@crypto
+try "gitolite list-memberships -u alice"; cmp
+'@crypto
@dilbert
-alice
';
-try "gitolite list-memberships ashok"; cmp
-'@all
-@dilbert
-ashok
+try "gitolite list-memberships -u ashok"; cmp
+'@dilbert
';
-try "gitolite list-memberships carol"; cmp
-'@all
-@crypto
-carol
+try "gitolite list-memberships -u carol"; cmp
+'@crypto
';
-try "gitolite list-memberships git"; cmp
-'@all
-@oss
-git
+try "gitolite list-memberships -r git"; cmp
+'@oss
';
-try "gitolite list-memberships gitolite"; cmp
-'@all
-@oss
-gitolite
+try "gitolite list-memberships -r gitolite"; cmp
+'@oss
';
-try "gitolite list-memberships gitolite3"; cmp
-'@all
-@oss
-gitolite3
+try "gitolite list-memberships -r gitolite3"; cmp
+'@oss
';
-try "gitolite list-memberships cc"; cmp
-'@all
-@prop
-cc
+try "gitolite list-memberships -r cc"; cmp
+'@prop
';
-try "gitolite list-memberships p4"; cmp
-'@all
-@prop
-p4
+try "gitolite list-memberships -r p4"; cmp
+'@prop
';
try "gitolite list-members \@crypto"; cmp
Please sign in to comment.
Something went wrong with that request. Please try again.