diff options
author | Sergey Poznyakoff <gray@gnu.org.ua> | 2014-04-25 13:07:46 +0300 |
---|---|---|
committer | Sergey Poznyakoff <gray@gnu.org.ua> | 2014-04-25 13:07:46 +0300 |
commit | ba7a48a2b88b33c6c49511fd4422d255264fac98 (patch) | |
tree | c82f927e550d44bda4777284838c58eacb6035ea | |
parent | 8291c8576d80453ec7c70cdb8d3baf2dd72cfae4 (diff) | |
download | gitaclhook-ba7a48a2b88b33c6c49511fd4422d255264fac98.tar.gz gitaclhook-ba7a48a2b88b33c6c49511fd4422d255264fac98.tar.bz2 |
Change default rule to "deny".
The old behavior can be restored by setting 'hooks.acldefault = allow'
in Git configuration.
* gitaclhook: Document hooks.acldefault.
* lib/GitACL.pm (default_rule): New sub.
* lib/GitACL/File.pm (check_acl): Use default_rule.
Fix incorrect reference to project_name.
* lib/GitACL/LDAP.pm (check_acl): Use default_rule.
-rwxr-xr-x | gitaclhook | 10 | ||||
-rw-r--r-- | lib/GitACL.pm | 15 | ||||
-rw-r--r-- | lib/GitACL/File.pm | 6 | ||||
-rw-r--r-- | lib/GitACL/LDAP.pm | 4 |
4 files changed, 27 insertions, 8 deletions
@@ -1,3 +1,3 @@ | |||
1 | #! /usr/bin/perl | 1 | #! /usr/bin/perl |
2 | # Copyright (C) 2013 Sergey Poznyakoff <gray@gnu.org> | 2 | # Copyright (C) 2013, 2014 Sergey Poznyakoff <gray@gnu.org> |
3 | # | 3 | # |
@@ -144,3 +144,4 @@ ref. Missing I<REF> and/or I<OP> are treated as a match. | |||
144 | 144 | ||
145 | If no rule applies, the operation is allowed. | 145 | If no rule applies, the operation is denied. This can be changed by setting |
146 | B<hooks.acldefault = allow> in Git configuration file. | ||
146 | 147 | ||
@@ -248,2 +249,7 @@ Suppress diagnostics on stderr. | |||
248 | 249 | ||
250 | =item B<hooks.acldefault> B<allow>|B<deny> | ||
251 | |||
252 | Sets the default rule, i.e. the one that will be executed if no other | ||
253 | rule matched the request. Unless defined, B<deny> is assumed. | ||
254 | |||
249 | =item B<hooks.httpd-user> STRING | 255 | =item B<hooks.httpd-user> STRING |
diff --git a/lib/GitACL.pm b/lib/GitACL.pm index f1f792a..9cd381d 100644 --- a/lib/GitACL.pm +++ b/lib/GitACL.pm | |||
@@ -73,2 +73,16 @@ sub allow($$) { | |||
73 | 73 | ||
74 | sub default_rule($) { | ||
75 | my $self = shift; | ||
76 | my $def = GitACL::git_value('config', 'hooks.acldefault'); | ||
77 | my $msg = "default rule"; | ||
78 | if (defined($def)) { | ||
79 | if ($def eq "allow") { | ||
80 | $self->allow($msg); | ||
81 | } elsif ($def ne "deny") { | ||
82 | $msg .= " (warning: hooks.acldefault has invalid value)"; | ||
83 | } | ||
84 | } | ||
85 | $self->deny($msg); | ||
86 | } | ||
87 | |||
74 | sub info($$) { | 88 | sub info($$) { |
@@ -211,3 +225,2 @@ sub new { | |||
211 | $obj->{project_name} = get_project_name($obj->{git_dir}); | 225 | $obj->{project_name} = get_project_name($obj->{git_dir}); |
212 | |||
213 | $obj->deny("need a ref name") unless defined($args{ref}); | 226 | $obj->deny("need a ref name") unless defined($args{ref}); |
diff --git a/lib/GitACL/File.pm b/lib/GitACL/File.pm index 8842ffd..efabfd4 100644 --- a/lib/GitACL/File.pm +++ b/lib/GitACL/File.pm | |||
@@ -1,3 +1,3 @@ | |||
1 | # This file is part of gitaclhook -*- perl -*- | 1 | # This file is part of gitaclhook -*- perl -*- |
2 | # Copyright (C) 2013 Sergey Poznyakoff <gray@gnu.org> | 2 | # Copyright (C) 2013, 2014 Sergey Poznyakoff <gray@gnu.org> |
3 | # | 3 | # |
@@ -26,3 +26,3 @@ sub check_acl { | |||
26 | my $filename = GitACL::git_value('config', 'hooks.aclfile'); | 26 | my $filename = GitACL::git_value('config', 'hooks.aclfile'); |
27 | $self->allow("no ACL configured for ".$self->project_name) | 27 | $self->allow("no ACL configured for ".$self->{project_name}) |
28 | unless defined($filename); | 28 | unless defined($filename); |
@@ -54,3 +54,3 @@ sub check_acl { | |||
54 | close($fd); | 54 | close($fd); |
55 | $self->allow("default rule"); | 55 | $self->default_rule; |
56 | } | 56 | } |
diff --git a/lib/GitACL/LDAP.pm b/lib/GitACL/LDAP.pm index d8d5489..22bfd8d 100644 --- a/lib/GitACL/LDAP.pm +++ b/lib/GitACL/LDAP.pm | |||
@@ -1,3 +1,3 @@ | |||
1 | # This file is part of gitaclhook -*- perl -*- | 1 | # This file is part of gitaclhook -*- perl -*- |
2 | # Copyright (C) 2013 Sergey Poznyakoff <gray@gnu.org> | 2 | # Copyright (C) 2013, 2014 Sergey Poznyakoff <gray@gnu.org> |
3 | # | 3 | # |
@@ -110,3 +110,3 @@ sub check_acl($) { | |||
110 | $ldap->unbind; | 110 | $ldap->unbind; |
111 | $self->allow("default rule"); | 111 | $self->default_rule; |
112 | } | 112 | } |