diff options
author | Sergey Poznyakoff <gray@gnu.org.ua> | 2014-04-25 13:07:46 +0300 |
---|---|---|
committer | Sergey Poznyakoff <gray@gnu.org.ua> | 2014-04-25 13:07:46 +0300 |
commit | ba7a48a2b88b33c6c49511fd4422d255264fac98 (patch) | |
tree | c82f927e550d44bda4777284838c58eacb6035ea /lib | |
parent | 8291c8576d80453ec7c70cdb8d3baf2dd72cfae4 (diff) | |
download | gitaclhook-ba7a48a2b88b33c6c49511fd4422d255264fac98.tar.gz gitaclhook-ba7a48a2b88b33c6c49511fd4422d255264fac98.tar.bz2 |
Change default rule to "deny".
The old behavior can be restored by setting 'hooks.acldefault = allow'
in Git configuration.
* gitaclhook: Document hooks.acldefault.
* lib/GitACL.pm (default_rule): New sub.
* lib/GitACL/File.pm (check_acl): Use default_rule.
Fix incorrect reference to project_name.
* lib/GitACL/LDAP.pm (check_acl): Use default_rule.
Diffstat (limited to 'lib')
-rw-r--r-- | lib/GitACL.pm | 15 | ||||
-rw-r--r-- | lib/GitACL/File.pm | 6 | ||||
-rw-r--r-- | lib/GitACL/LDAP.pm | 4 |
3 files changed, 19 insertions, 6 deletions
diff --git a/lib/GitACL.pm b/lib/GitACL.pm index f1f792a..9cd381d 100644 --- a/lib/GitACL.pm +++ b/lib/GitACL.pm | |||
@@ -71,6 +71,20 @@ sub allow($$) { | |||
71 | exit 0; | 71 | exit 0; |
72 | } | 72 | } |
73 | 73 | ||
74 | sub default_rule($) { | ||
75 | my $self = shift; | ||
76 | my $def = GitACL::git_value('config', 'hooks.acldefault'); | ||
77 | my $msg = "default rule"; | ||
78 | if (defined($def)) { | ||
79 | if ($def eq "allow") { | ||
80 | $self->allow($msg); | ||
81 | } elsif ($def ne "deny") { | ||
82 | $msg .= " (warning: hooks.acldefault has invalid value)"; | ||
83 | } | ||
84 | } | ||
85 | $self->deny($msg); | ||
86 | } | ||
87 | |||
74 | sub info($$) { | 88 | sub info($$) { |
75 | my ($self, $msg) = @_; | 89 | my ($self, $msg) = @_; |
76 | $self->logmsg("INFO", $msg); | 90 | $self->logmsg("INFO", $msg); |
@@ -209,7 +223,6 @@ sub new { | |||
209 | } | 223 | } |
210 | 224 | ||
211 | $obj->{project_name} = get_project_name($obj->{git_dir}); | 225 | $obj->{project_name} = get_project_name($obj->{git_dir}); |
212 | |||
213 | $obj->deny("need a ref name") unless defined($args{ref}); | 226 | $obj->deny("need a ref name") unless defined($args{ref}); |
214 | $obj->deny("bogus ref $args{ref}") unless $args{ref} =~ s,^refs/,,; | 227 | $obj->deny("bogus ref $args{ref}") unless $args{ref} =~ s,^refs/,,; |
215 | $obj->{ref} = $args{ref}; | 228 | $obj->{ref} = $args{ref}; |
diff --git a/lib/GitACL/File.pm b/lib/GitACL/File.pm index 8842ffd..efabfd4 100644 --- a/lib/GitACL/File.pm +++ b/lib/GitACL/File.pm | |||
@@ -1,5 +1,5 @@ | |||
1 | # This file is part of gitaclhook -*- perl -*- | 1 | # This file is part of gitaclhook -*- perl -*- |
2 | # Copyright (C) 2013 Sergey Poznyakoff <gray@gnu.org> | 2 | # Copyright (C) 2013, 2014 Sergey Poznyakoff <gray@gnu.org> |
3 | # | 3 | # |
4 | # Gitaclhook is free software; you can redistribute it and/or modify | 4 | # Gitaclhook is free software; you can redistribute it and/or modify |
5 | # it under the terms of the GNU General Public License as published by | 5 | # it under the terms of the GNU General Public License as published by |
@@ -24,7 +24,7 @@ sub check_acl { | |||
24 | my @ret; | 24 | my @ret; |
25 | 25 | ||
26 | my $filename = GitACL::git_value('config', 'hooks.aclfile'); | 26 | my $filename = GitACL::git_value('config', 'hooks.aclfile'); |
27 | $self->allow("no ACL configured for ".$self->project_name) | 27 | $self->allow("no ACL configured for ".$self->{project_name}) |
28 | unless defined($filename); | 28 | unless defined($filename); |
29 | 29 | ||
30 | open($fd, "<", $filename) | 30 | open($fd, "<", $filename) |
@@ -52,7 +52,7 @@ sub check_acl { | |||
52 | exit(127); | 52 | exit(127); |
53 | } | 53 | } |
54 | close($fd); | 54 | close($fd); |
55 | $self->allow("default rule"); | 55 | $self->default_rule; |
56 | } | 56 | } |
57 | 57 | ||
58 | 1; | 58 | 1; |
diff --git a/lib/GitACL/LDAP.pm b/lib/GitACL/LDAP.pm index d8d5489..22bfd8d 100644 --- a/lib/GitACL/LDAP.pm +++ b/lib/GitACL/LDAP.pm | |||
@@ -1,5 +1,5 @@ | |||
1 | # This file is part of gitaclhook -*- perl -*- | 1 | # This file is part of gitaclhook -*- perl -*- |
2 | # Copyright (C) 2013 Sergey Poznyakoff <gray@gnu.org> | 2 | # Copyright (C) 2013, 2014 Sergey Poznyakoff <gray@gnu.org> |
3 | # | 3 | # |
4 | # Gitaclhook is free software; you can redistribute it and/or modify | 4 | # Gitaclhook is free software; you can redistribute it and/or modify |
5 | # it under the terms of the GNU General Public License as published by | 5 | # it under the terms of the GNU General Public License as published by |
@@ -108,7 +108,7 @@ sub check_acl($) { | |||
108 | exit(127); | 108 | exit(127); |
109 | } | 109 | } |
110 | $ldap->unbind; | 110 | $ldap->unbind; |
111 | $self->allow("default rule"); | 111 | $self->default_rule; |
112 | } | 112 | } |
113 | 113 | ||
114 | 1; | 114 | 1; |