From: Jakub Narebski <jnareb@gmail.com>
To: Matt McCutchen <matt@mattmccutchen.net>
Cc: git@vger.kernel.org
Subject: Re: [PATCH 2/2] gitweb: support hiding projects from user-visible lists
Date: Sat, 13 Dec 2008 14:02:01 -0800 (PST) [thread overview]
Message-ID: <m3ljujg2eh.fsf@localhost.localdomain> (raw)
In-Reply-To: <1229203007.31181.6.camel@mattlaptop2.local>
Matt McCutchen <matt@mattmccutchen.net> writes:
Commit message, please?
> Signed-off-by: Matt McCutchen <matt@mattmccutchen.net>
> ---
>
> My Web site has a single gitweb installation in which some of the
> repositories are protected by a basic authentication login. By virtue
> of my aforementioned setup with gitweb and pulling at the same URL, the
> login applies uniformly to both. I had to include these repositories in
> the projects_list because I use strict_export, but I want to hide them
> when the user views the project list. This patch implements that
> feature, and the previous one fixes a bug I noticed along the way.
>
> Matt
Cannot you do this with new $export_auth_hook gitweb configuration
variable, added by Alexander Gavrilov in
dd7f5f1 (gitweb: Add a per-repository authorization hook.)
It is used in check_export_ok subroutine, and is is checked also when
getting list of project from file
>From gitweb/INSTALL
- Finally, it is possible to specify an arbitrary perl subroutine that
will be called for each project to determine if it can be exported.
The subroutine receives an absolute path to the project as its only
parameter.
For example, if you use mod_perl to run the script, and have dumb
http protocol authentication configured for your repositories, you
can use the following hook to allow access only if the user is
authorized to read the files:
$export_auth_hook = sub {
use Apache2::SubRequest ();
use Apache2::Const -compile => qw(HTTP_OK);
my $path = "$_[0]/HEAD";
my $r = Apache2::RequestUtil->request;
my $sub = $r->lookup_file($path);
return $sub->filename eq $path
&& $sub->status == Apache2::Const::HTTP_OK;
};
> gitweb/gitweb.perl | 13 +++++++++----
> 1 files changed, 9 insertions(+), 4 deletions(-)
No documentation, in gitweb/README or gitweb/INSTALL
>
> diff --git a/gitweb/gitweb.perl b/gitweb/gitweb.perl
> index 5357bcc..085cc60 100755
> --- a/gitweb/gitweb.perl
> +++ b/gitweb/gitweb.perl
> @@ -1144,7 +1144,7 @@ sub untabify {
>
> sub project_in_list {
> my $project = shift;
> - # Tell git_get_projects_list to include forks.
> + # Tell git_get_projects_list to include forks and hidden repositories.
> my @list = git_get_projects_list(undef, 1);
> return @list && scalar(grep { $_->{'path'} eq $project } @list);
> }
> @@ -2174,15 +2174,18 @@ sub git_get_projects_list {
> # 'git%2Fgit.git Linus+Torvalds'
> # 'libs%2Fklibc%2Fklibc.git H.+Peter+Anvin'
> # 'linux%2Fhotplug%2Fudev.git Greg+Kroah-Hartman'
> + #
> + # 1 in the third field hides the project from user-visible lists, e.g.:
> + # 'linux%2Fembargoed-security-fixes.git John+Doe 1'
I guess I'd rather use _last_ field, in the event we add project
description to project list file format.
> my %paths;
> open my ($fd), $projects_list or return;
> PROJECT:
> while (my $line = <$fd>) {
> chomp $line;
> - my ($path, $owner) = split ' ', $line;
> + my ($path, $owner, $hidden) = split ' ', $line;
> $path = unescape($path);
> $owner = unescape($owner);
> - if (!defined $path) {
> + if (!defined $path || ($hidden && !$for_strict_export)) {
> next;
> }
> if ($filter ne '') {
> @@ -2227,6 +2230,8 @@ sub git_get_projects_list {
> return @list;
> }
>
> +# This is used to look up the owner of a project the user is already allowed to
> +# see, so we shouldn't omit hidden repositories.
> our $gitweb_project_owner = undef;
> sub git_get_project_list_from_file {
>
> @@ -2241,7 +2246,7 @@ sub git_get_project_list_from_file {
> open (my $fd , $projects_list);
> while (my $line = <$fd>) {
> chomp $line;
> - my ($pr, $ow) = split ' ', $line;
> + my ($pr, $ow, $hidden) = split ' ', $line;
> $pr = unescape($pr);
> $ow = unescape($ow);
> $gitweb_project_owner->{$pr} = to_utf8($ow);
> --
> 1.6.1.rc2.27.gc7114
>
--
Jakub Narebski
Poland
ShadeHawk on #git
next prev parent reply other threads:[~2008-12-13 22:03 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <4ba6b6c3fc183002407f322663d7ab53c1c28a91.1229202740.git.matt@mattmccutchen.net>
2008-12-13 21:16 ` [PATCH 2/2] gitweb: support hiding projects from user-visible lists Matt McCutchen
2008-12-13 22:02 ` Jakub Narebski [this message]
2008-12-13 22:05 ` Jakub Narebski
2008-12-14 2:34 ` Sending a threaded patch series with Evolution Matt McCutchen
2008-12-24 1:40 ` [PATCH 2/2] gitweb: support hiding projects from user-visible lists Matt McCutchen
2009-01-02 19:33 ` Jakub Narebski
2009-01-03 18:29 ` gitweb config with some public, some basic-authenticated repos Matt McCutchen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m3ljujg2eh.fsf@localhost.localdomain \
--to=jnareb@gmail.com \
--cc=git@vger.kernel.org \
--cc=matt@mattmccutchen.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).