search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Pick up git-browser multiple scheme fix
[girocco.git] / hooks / update
blob3b790959772afec6f52f6245e6db6ba3ff508dbb
1 #!/bin/sh
2 #
3 # Currently, we just confine the mob user to the mob branch here.
4 #
5 # TODO: Generalized branches push permissions support.
6
7 set -e
8
9 if ! [ -x /usr/bin/perl ]; then
10 # We are INSIDE the chroot
11
12 reporoot=/@jailreporoot@
13 webadmurl=@webadmurl@
14 mob=@mob@
15 proj="$(pwd)"; proj="${proj#$reporoot/}"; projbare="${proj%.git}"
16
17 if ! [ -f .nofetch ]; then
18 echo "The $proj project is a mirror and may not be pushed to, sorry" >&2
19 exit 3
20 fi
21
22 if ! can_user_push "$projbare"; then
23 echo "The user '$LOGNAME' does not have push permissions for project '$proj'" >&2
24 echo "You may adjust push permissions at $webadmurl/editproj.cgi?name=$proj" >&2
25 exit 3
26 fi
27
28 if [ "$mob" = "mob" -a "$LOGNAME" = "mob" ]; then
29 if [ x"$1" != x"refs/heads/mob" ]; then
30 echo "The mob user may push only to the 'mob' branch, sorry" >&2
31 exit 1
32 fi
33 if [ x"$2" = x"0000000000000000000000000000000000000000" ]; then
34 echo "The mob user may not _create_ the 'mob' branch, sorry" >&2
35 exit 2
36 fi
37 if [ x"$3" = x"0000000000000000000000000000000000000000" ]; then
38 echo "The mob user may not _delete_ the 'mob' branch, smch, sorry"
39 exit 3
40 fi
41 fi
42
43 exit 0
44 fi
45
46 # We are NOT inside the chroot
47
48 . @basedir@/shlib.sh
49
50 if [ "$cfg_permission_control" = "Hooks" ]; then
51 # We have some permission control to do!
52 proj="$(pwd)"; proj="${proj#$cfg_reporoot/}"; projbare="${proj%.git}"
53 # XXX: Sanity check on project name and $USER here? Seems superfluous.
54 if ! perl -I@basedir@ -MGirocco::Project -e 'exit(1) unless Girocco::Project->load("'$projbare'")->can_user_push("'$USER'")'; then
55 echo "The user '$USER' does not have push permissions for project '$proj'" >&2
56 echo "You may adjust push permissions at $cfg_webadmurl/editproj.cgi?name=$proj" >&2
57 exit 3
58 fi
59 fi
60
61 if [ -n "$GIT_PROJECT_ROOT" ]; then
62 # We are doing a smart HTTP push
63
64 proj="$(pwd)"; proj="${proj#$cfg_reporoot/}"; projbare="${proj%.git}"
65
66 if ! [ -f .nofetch ]; then
67 echo "The $proj project is a mirror and may not be pushed to, sorry" >&2
68 exit 3
69 fi
70
71 authuser="${REMOTE_USER#/UID=}"
72 authuuid="${authuser}"
73 authuser="${authuser%/dnQualifier=*}"
74 authuuid="${authuuid#$authuser}"
75 authuuid="${authuuid#/dnQualifier=}"
76 if [ -z "$authuser" ]; then
77 echo "Only authenticated users may push, sorry" >&2
78 exit 3
79 fi
80
81 if perl -I@basedir@ -MGirocco::Project -MGirocco::User <<EOT; then :; else
82 my \$p = Girocco::Project->load('$projbare');
83 exit 1 unless \$p && \$p->can_user_push('$authuser');
84 exit 0 if \$Girocco::Config::mob eq 'mob' && '$authuser' eq 'mob';
85 my \$u = Girocco::User->load('$authuser');
86 exit 2 unless \$u && \$u->{uuid} eq '$authuuid';
87 exit 0
88 EOT
89 if [ $? -eq 2 ]; then
90 echo "The user '$authuser' certificate being used is no longer valid." \
91 echo "You may download a new user certificate at $cfg_webadmurl/edituser.cgi"
92 else
93 echo "The user '$authuser' does not have push permissions for project '$proj'" >&2
94 echo "You may adjust push permissions at $cfg_webadmurl/editproj.cgi?name=$proj" >&2
95 fi
96 exit 3
97 fi
98
99 if [ "$cfg_mob" = "mob" -a "$authuser" = "mob" ]; then
100 if [ x"$1" != x"refs/heads/mob" ]; then
101 echo "The mob user may push only to the 'mob' branch, sorry" >&2
102 exit 1
103 fi
104 if [ x"$2" = x"0000000000000000000000000000000000000000" ]; then
105 echo "The mob user may not _create_ the 'mob' branch, sorry" >&2
106 exit 2
107 fi
108 if [ x"$3" = x"0000000000000000000000000000000000000000" ]; then
109 echo "The mob user may not _delete_ the 'mob' branch, smch, sorry"
110 exit 3
111 fi
112 fi
113 fi
114
115 exit 0
The repo.or.cz duct tape "Girocco"