search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
mail.sh: provide a way to pass an extra email header
[girocco.git] / hooks / update
blobb11c1cafdb96ea1436ea2c8e6a6eae036f03b477
1 #!/bin/sh
2 #
3 # Currently, we just confine the mob user to the mob branch here.
4 #
5 # TODO: Generalized branches push permissions support.
6
7 set -e
8
9 if ! [ -x /usr/bin/perl ]; then
10 # We are INSIDE the chroot
11
12 reporoot=/@jailreporoot@
13 webadmurl=@webadmurl@
14 mob=@mob@
15 proj="$(pwd)"; proj="${proj#$reporoot/}"; projbare="${proj%.git}"
16
17 if ! [ -f .nofetch ]; then
18 echo "The $proj project is a mirror and may not be pushed to, sorry" >&2
19 exit 3
20 fi
21
22 if ! can_user_push "$projbare"; then
23 echo "The user '$LOGNAME' does not have push permissions for project '$proj'" >&2
24 echo "You may adjust push permissions at $webadmurl/editproj.cgi?name=$proj" >&2
25 exit 3
26 fi
27
28 if [ "$mob" = "mob" -a "$LOGNAME" = "mob" ]; then
29 if [ x"$1" != x"refs/heads/mob" ]; then
30 echo "The mob user may push only to the 'mob' branch, sorry" >&2
31 exit 1
32 fi
33 if [ x"$2" = x"0000000000000000000000000000000000000000" ]; then
34 echo "The mob user may not _create_ the 'mob' branch, sorry" >&2
35 exit 2
36 fi
37 if [ x"$3" = x"0000000000000000000000000000000000000000" ]; then
38 echo "The mob user may not _delete_ the 'mob' branch, smch, sorry"
39 exit 3
40 fi
41 fi
42
43 exit 0
44 fi
45
46 # We are NOT inside the chroot
47
48 . @basedir@/shlib.sh
49
50 if [ "$cfg_permission_control" = "Hooks" ]; then
51 # We have some permission control to do!
52 proj="$(pwd)"; proj="${proj#$cfg_reporoot/}"; projbare="${proj%.git}"
53 # XXX: Sanity check on project name and $USER here? Seems superfluous.
54 if ! perl -I@basedir@ -MGirocco::Project -e 'exit(1) unless Girocco::Project->load("'$projbare'")->can_user_push("'$USER'")'; then
55 echo "The user '$USER' does not have push permissions for project '$proj'" >&2
56 echo "You may adjust push permissions at $cfg_webadmurl/editproj.cgi?name=$proj" >&2
57 exit 3
58 fi
59 fi
60
61 if [ -n "$GIT_PROJECT_ROOT" ]; then
62 # We are doing a smart HTTP push
63
64 proj="$(pwd)"; proj="${proj#$cfg_reporoot/}"; projbare="${proj%.git}"
65
66 if ! [ -f .nofetch ]; then
67 echo "The $proj project is a mirror and may not be pushed to, sorry" >&2
68 exit 3
69 fi
70
71 authuser="${REMOTE_USER#/UID=}"
72 authuuid="${authuser}"
73 authuser="${authuser%/dnQualifier=*}"
74 authuuid="${authuuid#$authuser/dnQualifier=}"
75 if [ -z "$authuser" ]; then
76 echo "Only authenticated users may push, sorry" >&2
77 exit 3
78 fi
79
80 if perl -I@basedir@ -MGirocco::Project -MGirocco::User <<EOT; then :; else
81 my \$p = Girocco::Project->load('$projbare');
82 exit 1 unless \$p && \$p->can_user_push('$authuser');
83 my \$u = Girocco::User->load('$authuser');
84 exit 2 unless \$u && \$u->{uuid} eq '$authuuid';
85 exit 0
86 EOT
87 if [ $? -eq 2 ]; then
88 echo "The user '$authuser' certificate being used is no longer valid." \
89 echo "You may download a new user certificate at $cfg_webadmurl/edituser.cgi"
90 else
91 echo "The user '$authuser' does not have push permissions for project '$proj'" >&2
92 echo "You may adjust push permissions at $cfg_webadmurl/editproj.cgi?name=$proj" >&2
93 fi
94 exit 3
95 fi
96
97 if [ "$cfg_mob" = "mob" -a "$authuser" = "mob" ]; then
98 if [ x"$1" != x"refs/heads/mob" ]; then
99 echo "The mob user may push only to the 'mob' branch, sorry" >&2
100 exit 1
101 fi
102 if [ x"$2" = x"0000000000000000000000000000000000000000" ]; then
103 echo "The mob user may not _create_ the 'mob' branch, sorry" >&2
104 exit 2
105 fi
106 if [ x"$3" = x"0000000000000000000000000000000000000000" ]; then
107 echo "The mob user may not _delete_ the 'mob' branch, smch, sorry"
108 exit 3
109 fi
110 fi
111 fi
112
113 exit 0
The repo.or.cz duct tape "Girocco"