diff options
Diffstat (limited to 'gitaclhook')
| -rwxr-xr-x | gitaclhook | 31 |
1 files changed, 24 insertions, 7 deletions
@@ -19,7 +19,7 @@ use GitACL; use Pod::Man; use Pod::Usage; use Getopt::Long qw(:config gnu_getopt no_ignore_case); - + =head1 NAME gitaclhook - control access to git repositories @@ -28,7 +28,7 @@ gitaclhook - control access to git repositories B<gitaclhook> I<refname> I<old-sha1> I<new-sha1> -B<gitacthook> [B<--debug>] B<--test> I<REPO> I<USER> I<OP> I<REF> +B<gitacthook> [B<--debug>] B<--test> I<REPO> I<USER> I<OP> I<REF> [I<FILE>...] B<gitaclhook --help> @@ -65,7 +65,7 @@ Non-empty lines introduce ACL rules. The syntax is: =over 4 -I<VERB> I<PROJECT> I<USER> [I<OP> I<REF>] +I<VERB> I<PROJECT> I<USER> [I<OP> I<REF> [I<PATH>]] =back @@ -142,6 +142,12 @@ being its part). If it ends with a B</>, it is treated as a prefix match, so, e.g., B<heads/baz/> matches B<refs/heads/baz> and anything below. Otherwise, it must match exactly the affected ref. +=item I<PATH> + +Pathname pattern. If present, the names of all files affected by the commit +must match it in order for the rule to apply. Matching algorithm is the same +as for I<REF>. + =back =head1 RULE MATCHING @@ -149,7 +155,11 @@ Otherwise, it must match exactly the affected ref. The rule applies only if its I<PROJECT> and I<USER> parts match the project which is being updated and the user who requests the update, its I<OP> contains the opcode of the requested operation and I<REF> matches the affected -ref. Missing I<REF> and/or I<OP> are treated as a match. +ref. If I<PATH> is present each file changed by the commit is compared with +it and removed from the list if it matches. The rule applies only if the +list of files becomes empty. + +Missing I<REF>, I<OP> and I<PATH> are treated as a match. If no rule applies, the operation is denied. This can be changed by setting B<hooks.acl.default = allow> in Git configuration file. @@ -203,6 +213,10 @@ The list of operation codes. =item B<gitAclRef> [optional] Git ref. + +=item B<gitAclPath> [optional] + +Pathname pattern. =item B<gitAclOrder> [optional] @@ -287,11 +301,13 @@ lists from the command line. The syntax is: =over 4 B<gitacthook> [B<--debug>] [B<-d>] B<--test> I<REPO> I<USER> I<OP> I<REF> - + [I<FILE>...] + =back I<REPO> is a pathname of the repository to test, I<USER> is the username, -I<OP> is the operation code and I<REF> is the reference. +I<OP> is the operation code and I<REF> is the reference. Optional I<FILE> +arguments supply names of the files changed by the commit. Optional B<--debug> (B<-d>) options increment the debugging level. @@ -358,11 +374,12 @@ unless ($ENV{GIT_DIR}) { "test|t" => \$test) or exit (3); if ($test) { - abend("--test requires four arguments") unless ($#ARGV == 3); + abend("--test requires four or more arguments") unless ($#ARGV >= 3); $args{git_dir} = $ENV{GIT_DIR} = $ARGV[0]; $args{user} = $ARGV[1]; $args{op} = $ARGV[2]; $args{ref} = $ARGV[3]; + $args{files} = [@ARGV[4..$#ARGV]] if ($#ARGV > 3); $args{old} = '0000000000000000000000000000000000000000'; $args{new} = '0000000000000000000000000000000000000001'; $args{debug} = $debug; |