Girocco/ProjPerm.pm

   1 package Girocco::ProjPerm;
   2
   3 # This is base class for various permission models; these control updating
   4 # permissions of appropriate files in push-enabled repositories.
   5 # The /etc/group file is maintained by Girocco::Project itself.
   6
   7 # The chosen subclass of this class is used as base class of Girocco::Project.
   8
   9 use strict;
  10 use warnings;
  11
  12 use Girocco::Config;
  13
  14 BEGIN {
  15         our @interesting = qw(refs info objects);
  16 }
  17
  18 sub perm_initialize {
  19         my ($proj) = @_;
  20         die "unimplemented";
  21 }
  22
  23 sub perm_user_add {
  24         my ($proj, $username, $uid) = @_;
  25         die "unimplemented";
  26 }
  27
  28 sub perm_user_del {
  29         my ($proj, $username, $uid) = @_;
  30         die "unimplemented";
  31 }
  32
  33 sub shared_mode {
  34         my ($proj) = @_;
  35         # The --shared= argument for git init
  36         die "unimplemented";
  37 }
  38
  39 1;
  40
  41
  42 package Girocco::ProjPerm::Group;
  43
  44 # This is the naive permission model: on init, we just chgrp the relevant
  45 # pieces to our group and make them group-writable. But oh, we cannot do that
  46 # since we are not root; so we just sit happily and do nothing else.
  47 # Then, we can just sit happily and do nothing else either.
  48
  49 use strict;
  50 use warnings;
  51
  52 BEGIN {
  53         use base qw(Girocco::ProjPerm);
  54 }
  55
  56 sub perm_initialize {
  57         my ($proj) = @_;
  58
  59         # tell fixupd about the new project
  60         open(my $fifo, '>'.$Girocco::Config::fixup_queue) or die "Opening fifo failed: $!";
  61         print $fifo $proj->{name};
  62         close $fifo;
  63
  64         1;
  65 }
  66
  67 sub perm_user_add {
  68         my ($proj, $username, $uid) = @_;
  69         1;
  70 }
  71
  72 sub perm_user_del {
  73         my ($proj, $username, $uid) = @_;
  74         1;
  75 }
  76
  77 sub shared_mode {
  78         my ($proj) = @_;
  79         "group";
  80 }
  81
  82 1;
  83
  84
  85 package Girocco::ProjPerm::Hooks;
  86
  87 # This is the "soft-security" permission model: we keep the repository
  88 # world-writable and check if the user is allowed to push only within
  89 # the update hook that will call our can_user_push() method.
  90
  91 use strict;
  92 use warnings;
  93
  94 BEGIN {
  95         use base qw(Girocco::ProjPerm);
  96 }
  97
  98 sub perm_initialize {
  99         my ($proj) = @_;
 100         1;
 101 }
 102
 103 sub perm_user_add {
 104         my ($proj, $username, $uid) = @_;
 105         1;
 106 }
 107
 108 sub perm_user_del {
 109         my ($proj, $username, $uid) = @_;
 110         1;
 111 }
 112
 113 sub shared_mode {
 114         my ($proj) = @_;
 115         "0777";
 116 }
 117
 118 sub can_user_push {
 119         my ($proj, $username) = @_;
 120         grep { $_ eq $username } @{$proj->{users}};
 121 }
 122
 123 1;