search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
httpspush.html: make it clearer where to get a user certificate
[girocco.git] / hooks / update
blobf22abf04531b399a3f022109ac95c1e2834d330e
1 #!/bin/sh
2 #
3 # Currently, we just confine the mob user to the mob branch here.
4 #
5 # TODO: Generalized branches push permissions support.
6
7 set -e
8
9 if ! [ -x /usr/bin/perl ]; then
10 # We are INSIDE the chroot
11
12 reporoot=/@jailreporoot@
13 webadmurl=@webadmurl@
14 mob=@mob@
15 proj="$(pwd)"; proj="${proj#$reporoot/}"; projbare="${proj%.git}"
16
17 if ! [ -f .nofetch ]; then
18 echo "The $proj project is a mirror and may not be pushed to, sorry" >&2
19 exit 3
20 fi
21
22 if ! can_user_push "$projbare"; then
23 echo "The user '$LOGNAME' does not have push permissions for project '$proj'" >&2
24 echo "You may adjust push permissions at $webadmurl/editproj.cgi?name=$proj" >&2
25 exit 3
26 fi
27
28 if [ "$mob" = "mob" -a "$LOGNAME" = "mob" ]; then
29 if [ x"$1" != x"refs/heads/mob" ]; then
30 echo "The mob user may push only to the 'mob' branch, sorry" >&2
31 exit 1
32 fi
33 if [ x"$2" = x"0000000000000000000000000000000000000000" ]; then
34 echo "The mob user may not _create_ the 'mob' branch, sorry" >&2
35 exit 2
36 fi
37 if [ x"$3" = x"0000000000000000000000000000000000000000" ]; then
38 echo "The mob user may not _delete_ the 'mob' branch, smch, sorry"
39 exit 3
40 fi
41 fi
42
43 exit 0
44 fi
45
46 # We are NOT inside the chroot
47
48 . @basedir@/shlib.sh
49
50 if [ "$cfg_permission_control" = "Hooks" ]; then
51 # We have some permission control to do!
52 proj="$(pwd)"; proj="${proj#$cfg_reporoot/}"; projbare="${proj%.git}"
53 # XXX: Sanity check on project name and $USER here? Seems superfluous.
54 if ! perl -I@basedir@ -MGirocco::Project -le 'exit(1) unless Girocco::Project->load("'$projbare'")->can_user_push("'$USER'")'; then
55 echo "The user '$USER' does not have push permissions for project '$proj'" >&2
56 echo "You may adjust push permissions at $cfg_webadmurl/editproj.cgi?name=$proj" >&2
57 exit 3
58 fi
59 fi
60
61 if [ -n "$GIT_PROJECT_ROOT" ]; then
62 # We are doing a smart HTTP push
63
64 proj="$(pwd)"; proj="${proj#$cfg_reporoot/}"; projbare="${proj%.git}"
65
66 if ! [ -f .nofetch ]; then
67 echo "The $proj project is a mirror and may not be pushed to, sorry" >&2
68 exit 3
69 fi
70
71 authuser="${REMOTE_USER#/UID=}"
72 if [ -z "$authuser" ]; then
73 echo "Only authenticated users may push, sorry" >&2
74 exit 3
75 fi
76
77 if ! perl -I@basedir@ -MGirocco::Project -le 'exit(1) unless Girocco::Project->load("'$projbare'")->can_user_push("'$authuser'")'; then
78 echo "The user '$authuser' does not have push permissions for project '$proj'" >&2
79 echo "You may adjust push permissions at $cfg_webadmurl/editproj.cgi?name=$proj" >&2
80 exit 3
81 fi
82
83 if [ "$cfg_mob" = "mob" -a "$authuser" = "mob" ]; then
84 if [ x"$1" != x"refs/heads/mob" ]; then
85 echo "The mob user may push only to the 'mob' branch, sorry" >&2
86 exit 1
87 fi
88 if [ x"$2" = x"0000000000000000000000000000000000000000" ]; then
89 echo "The mob user may not _create_ the 'mob' branch, sorry" >&2
90 exit 2
91 fi
92 if [ x"$3" = x"0000000000000000000000000000000000000000" ]; then
93 echo "The mob user may not _delete_ the 'mob' branch, smch, sorry"
94 exit 3
95 fi
96 fi
97 fi
98
99 exit 0
The repo.or.cz duct tape "Girocco"