Bug#626581: gitosis: New feature: private subdirs ("realm")

Fri, 13 May 2011 02:03:20 -0700 

Package: gitosis
Version: 0.2+20090917-14.1
Severity: wishlist
Tags: upstream, patch

Hello,

I've written a patch that enables per-{user,group} subdirectory
delegation. Simply end the name of a repo with a / and that group has
now automatic read-only or read-write access to a whole subtree of the
repositories hierarchy.

I've sent my patch upstream with no reply so far.

Patch attached, or get them from
https://github.com/lfousse/gitosis/tree/topic/subtree

Laurent.

>From ea7d1c8c8cd8d8e125ef8a36f567aab69459e4e5 Mon Sep 17 00:00:00 2001
From: Laurent Fousse <laur...@komite.net>
Date: Tue, 3 May 2011 17:03:47 +0200
Subject: [PATCH 1/2] Repository specified in gitosis.conf can now end in '/'.

    In this case, it means the whole subtree is writable/readable,
    with the nice feature that a user can have a private subtree
    of git repositories, created on the spot.
---
 gitosis/access.py |    8 +++++++-
 1 files changed, 7 insertions(+), 1 deletions(-)

diff --git a/gitosis/access.py b/gitosis/access.py
index c95c842..cf716d6 100644
--- a/gitosis/access.py
+++ b/gitosis/access.py
@@ -42,8 +42,14 @@ def haveAccess(config, user, mode, path):
             repos = repos.split()
 
         mapping = None
+        
+        # Check if the requested path starts with a valid prefix.
+        isvalidprefix = False
+        for r in repos:
+            if r[-1] == '/' and path.find(r) == 0:
+                isvalidprefix = True
 
-        if path in repos:
+        if (path in repos) or isvalidprefix:
             log.debug(
                 'Access ok for %(user)r as %(mode)r on %(path)r'
                 % dict(
-- 
1.7.5.1


>From c1a910807f131acff6233845e49caf20fb684099 Mon Sep 17 00:00:00 2001
From: Laurent Fousse <laur...@komite.net>
Date: Tue, 3 May 2011 17:27:18 +0200
Subject: [PATCH 2/2] Document the new '/' trick.

---
 README.rst |   16 ++++++++++++++++
 1 files changed, 16 insertions(+), 0 deletions(-)

diff --git a/README.rst b/README.rst
index 9204776..25ec5f4 100644
--- a/README.rst
+++ b/README.rst
@@ -129,6 +129,22 @@ it::
 That's it. If you now add others to ``members``, they can use that
 repository too.
 
+Delegating repositories creation in a subtree
+=============================================
+
+If the name of a repository ends in '/', it means the whole subtree
+(starting with this prefix) will be readable (resp. writable) by the
+corresponding group members. This is useful to allow creation of
+repositories on the spot by users without admin privilege in a
+specific subtree. For example::
+
+	[group myself]
+	members = jdoe
+	writable = jdoerealm/
+
+Now the user ``jdoe`` can push to any path beneath the ``jdoerealm``
+prefix and create his whole subtree of repositories without
+administrator intervention.
 
 Example configuration
 =====================
-- 
1.7.5.1

Reply via email to