Package: gitosis Version: 0.2+20090917-14.1 Severity: wishlist Tags: upstream, patch
Hello, I've written a patch that enables per-{user,group} subdirectory delegation. Simply end the name of a repo with a / and that group has now automatic read-only or read-write access to a whole subtree of the repositories hierarchy. I've sent my patch upstream with no reply so far. Patch attached, or get them from https://github.com/lfousse/gitosis/tree/topic/subtree Laurent.
>From ea7d1c8c8cd8d8e125ef8a36f567aab69459e4e5 Mon Sep 17 00:00:00 2001 From: Laurent Fousse <laur...@komite.net> Date: Tue, 3 May 2011 17:03:47 +0200 Subject: [PATCH 1/2] Repository specified in gitosis.conf can now end in '/'. In this case, it means the whole subtree is writable/readable, with the nice feature that a user can have a private subtree of git repositories, created on the spot. --- gitosis/access.py | 8 +++++++- 1 files changed, 7 insertions(+), 1 deletions(-) diff --git a/gitosis/access.py b/gitosis/access.py index c95c842..cf716d6 100644 --- a/gitosis/access.py +++ b/gitosis/access.py @@ -42,8 +42,14 @@ def haveAccess(config, user, mode, path): repos = repos.split() mapping = None + + # Check if the requested path starts with a valid prefix. + isvalidprefix = False + for r in repos: + if r[-1] == '/' and path.find(r) == 0: + isvalidprefix = True - if path in repos: + if (path in repos) or isvalidprefix: log.debug( 'Access ok for %(user)r as %(mode)r on %(path)r' % dict( -- 1.7.5.1
>From c1a910807f131acff6233845e49caf20fb684099 Mon Sep 17 00:00:00 2001 From: Laurent Fousse <laur...@komite.net> Date: Tue, 3 May 2011 17:27:18 +0200 Subject: [PATCH 2/2] Document the new '/' trick. --- README.rst | 16 ++++++++++++++++ 1 files changed, 16 insertions(+), 0 deletions(-) diff --git a/README.rst b/README.rst index 9204776..25ec5f4 100644 --- a/README.rst +++ b/README.rst @@ -129,6 +129,22 @@ it:: That's it. If you now add others to ``members``, they can use that repository too. +Delegating repositories creation in a subtree +============================================= + +If the name of a repository ends in '/', it means the whole subtree +(starting with this prefix) will be readable (resp. writable) by the +corresponding group members. This is useful to allow creation of +repositories on the spot by users without admin privilege in a +specific subtree. For example:: + + [group myself] + members = jdoe + writable = jdoerealm/ + +Now the user ``jdoe`` can push to any path beneath the ``jdoerealm`` +prefix and create his whole subtree of repositories without +administrator intervention. Example configuration ===================== -- 1.7.5.1