[PATCH] contrib: Add update-http-moderated hook

git.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH] contrib: Add update-http-moderated hook
@ 2010-07-21  1:23 public_vi
  2010-07-21 10:37 ` Jared Hance
  0 siblings, 1 reply; 2+ messages in thread
From: public_vi @ 2010-07-21  1:23 UTC (permalink / raw)
  To: git; +Cc: public_vi

From: Vitaly _Vi Shukela <public_vi@tut.by>

If the user of http-backend is "mod", allow everything.
Else prevent editing history or deleting refs.
Can be used to set up "anarchic" repositories with anonymous push access,
but also with moderator account that can do "push --force" and "push --delete".

Signed-off-by: Vitaly _Vi Shukela <public_vi@tut.by>
---
 contrib/hooks/update-http-moderated |  121 +++++++++++++++++++++++++++++++++++
 1 files changed, 121 insertions(+), 0 deletions(-)
 create mode 100755 contrib/hooks/update-http-moderated

diff --git a/contrib/hooks/update-http-moderated b/contrib/hooks/update-http-moderated
new file mode 100755
index 0000000..cff4fd7
--- /dev/null
+++ b/contrib/hooks/update-http-moderated
@@ -0,0 +1,121 @@
+#!/bin/sh
+#
+# If the user of http-backend is "mod", allow everything. Else prevent editing history or deleting refs.
+# 
+# Apache configuration example:
+#
+#       SetEnv GIT_PROJECT_ROOT /var/www/git
+#       ScriptAlias /git/ /usr/local/libexec/git-core/git-http-backend/
+#       ScriptAlias /gitmod/ /usr/local/libexec/git-core/git-http-backend/
+#       
+#       
+#       <Location /gitmod/>
+#           AuthName "Git forced push access"
+#           AuthType Basic
+#           AuthUserFile /var/www/git/.htpasswd
+#           AuthGroupFile /dev/null
+#           Require User mod
+#       </Location>
+#
+# Can be used to set up "anarchic" repositories with anonymous push access,
+# but also with moderator account that has "push --force" and "push --delete" permissions.
+#
+# Based on update.sample.
+
+if [ "$REMOTE_USER" == "mod" ]; then exit 0; fi
+
+# --- Command line
+refname="$1"
+oldrev="$2"
+newrev="$3"
+
+# --- Safety check
+if [ -z "$GIT_DIR" ]; then
+	echo "Don't run this script from the command line." >&2
+	echo " (if you want, you could supply GIT_DIR then run" >&2
+	echo "  $0 <ref> <oldrev> <newrev>)" >&2
+	exit 1
+fi
+
+if [ -z "$refname" -o -z "$oldrev" -o -z "$newrev" ]; then
+	echo "Usage: $0 <ref> <oldrev> <newrev>" >&2
+	exit 1
+fi
+
+# check for no description
+projectdesc=$(sed -e '1q' "$GIT_DIR/description")
+case "$projectdesc" in
+"Unnamed repository"* | "")
+	echo "*** Project description file hasn't been set" >&2
+	exit 1
+	;;
+esac
+
+# --- Check types
+# if $newrev is 0000...0000, it's a commit to delete a ref.
+zero="0000000000000000000000000000000000000000"
+if [ "$newrev" = "$zero" ]; then
+	newrev_type=delete
+else
+	newrev_type=$(git-cat-file -t $newrev)
+
+	m="`git merge-base $newrev $oldrev`"
+	if [ "$oldrev" != "$zero" -a "$m" != "$oldrev" ] ; then
+	    echo "Non-fast-forward!" >&2;
+	    exit 1;
+	fi;
+fi
+
+
+case "$refname","$newrev_type" in
+	refs/tags/*,commit)
+		# un-annotated tag
+		short_refname=${refname##refs/tags/}
+		    echo "*** The un-annotated tag, $short_refname, is not allowed in this repository" >&2
+		    echo "*** Use 'git tag [ -a | -s ]' for tags you want to propagate." >&2
+		    exit 1
+		;;
+	refs/tags/*,delete)
+		# delete tag
+		    echo "*** Deleting a tag is not allowed in this repository" >&2
+		    exit 1
+		;;
+	refs/tags/*,tag)
+		# annotated tag
+		if git rev-parse $refname > /dev/null 2>&1
+		then
+			echo "*** Tag '$refname' already exists." >&2
+			echo "*** Modifying a tag is not allowed in this repository." >&2
+			exit 1
+		fi
+		;;
+	refs/heads/*,commit)
+		# create branch
+		if [ "$oldrev" = "$zero" ]; then
+			#exit 1  # Uncomment it to disallow creating new branches
+			:;
+		fi
+		;;
+	refs/heads/*,delete)
+		# delete branch
+		echo "*** Deleting a branch is not allowed in this repository" >&2
+		exit 1
+		;;
+	refs/remotes/*,commit)
+		# tracking branch
+		exit 1;
+		;;
+	refs/remotes/*,delete)
+		# delete tracking branch
+		echo "*** Deleting a tracking branch is not allowed in this repository" >&2
+		exit 1
+		;;
+	*)
+		# Anything else (is there anything else?)
+		echo "*** Update hook: unknown type of update to ref $refname of type $newrev_type" >&2
+		exit 1
+		;;
+esac
+
+# --- Finished
+exit 0
-- 
1.7.1

^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [PATCH] contrib: Add update-http-moderated hook
  2010-07-21  1:23 [PATCH] contrib: Add update-http-moderated hook public_vi
@ 2010-07-21 10:37 ` Jared Hance
  0 siblings, 0 replies; 2+ messages in thread
From: Jared Hance @ 2010-07-21 10:37 UTC (permalink / raw)
  To: git

On Wed, Jul 21, 2010 at 04:23:07AM +0300, public_vi@tut.by wrote:
> +#           Require User mod

> +if [ "$REMOTE_USER" == "mod" ]; then exit 0; fi

Perhaps, for easier configurability, you should at the very least have
a variable at the top such as GIT_MOD_USER=mod in case the users of
this script want to change it at some point.

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2010-07-21 10:37 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-07-21  1:23 [PATCH] contrib: Add update-http-moderated hook public_vi
2010-07-21 10:37 ` Jared Hance

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).