Revision - b767c79 - Teach update-paranoid how to store ACLs organized by groups

Revision b767c792fa202539cfb9bba36f46c62bcbf7c987 authored by Shawn O. Pearce on 09 August 2007, 06:38:09 UTC, committed by Junio C Hamano on 10 August 2007, 07:59:43 UTC

Teach update-paranoid how to store ACLs organized by groups

In some applications of this paranoid update hook the set of ACL
rules that need to be applied to a user can be large, and the
number of users that those rules must also be applied to can be
more than a handful of individuals.  Rather than repeating the same
rules multiple times (once for each user) we now allow users to be
members of groups, where the group supplies the list of ACL rules.
For various reasons we don't depend on the underlying OS groups
and instead perform our own group handling.

Users can be made a member of one or more groups by setting the
user.memberOf property within the "users/$who.acl" file:

  [user]
    memberOf = developer
	memberOf = administrator

This will cause the hook to also parse the "groups/$groupname.acl"
file for each value of user.memberOf, and merge any allow rules
that match the current repository with the user's own private rules
(if they had any).

Since some rules are basically the same but may have a component
differ based on the individual user, any user.* key may be inserted
into a rule using the "${user.foo}" syntax.  The allow rule does
not match if the user does not define one (and exactly one) value
for the key "foo".

Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

1 parent 3955d99

Files
Changes

Permalinks

remote.h

#ifndef REMOTE_H
#define REMOTE_H

struct remote {
	const char *name;

	const char **uri;
	int uri_nr;

	const char **push_refspec;
	struct refspec *push;
	int push_refspec_nr;

	const char **fetch_refspec;
	struct refspec *fetch;
	int fetch_refspec_nr;

	const char *receivepack;
};

struct remote *remote_get(const char *name);

typedef int each_remote_fn(struct remote *remote, void *priv);
int for_each_remote(each_remote_fn fn, void *priv);

int remote_has_uri(struct remote *remote, const char *uri);

struct refspec {
	unsigned force : 1;
	unsigned pattern : 1;

	char *src;
	char *dst;
};

struct ref *alloc_ref(unsigned namelen);

/*
 * Frees the entire list and peers of elements.
 */
void free_refs(struct ref *ref);

int match_refs(struct ref *src, struct ref *dst, struct ref ***dst_tail,
	       int nr_refspec, char **refspec, int all);

/*
 * For the given remote, reads the refspec's src and sets the other fields.
 */
int remote_find_tracking(struct remote *remote, struct refspec *refspec);

#endif

Showing with 0 additions and 0 deletions (0 / 0 diffs computed)

Computing file changes ...