3 # Currently, we just confine the mob user to the mob branch here.
5 # TODO: Generalized branches push permissions support.
9 if ! [ -x /usr
/bin
/perl
]; then
10 # We are INSIDE the chroot
12 reporoot
=/@jailreporoot@
15 proj
="$(pwd)"; proj
="${proj#$reporoot/}"; projbare
="${proj%.git}"
17 if ! [ -f .nofetch
]; then
18 echo "The $proj project is a mirror and may not be pushed to, sorry" >&2
22 if ! can_user_push
"$projbare"; then
23 echo "The user '$LOGNAME' does not have push permissions for project '$proj'" >&2
24 echo "You may adjust push permissions at $webadmurl/editproj.cgi?name=$proj" >&2
28 if [ "$mob" = "mob" -a "$LOGNAME" = "mob" ]; then
29 if [ x
"$1" != x
"refs/heads/mob" ]; then
30 echo "The mob user may push only to the 'mob' branch, sorry" >&2
33 if [ x
"$2" = x
"0000000000000000000000000000000000000000" ]; then
34 echo "The mob user may not _create_ the 'mob' branch, sorry" >&2
37 if [ x
"$3" = x
"0000000000000000000000000000000000000000" ]; then
38 echo "The mob user may not _delete_ the 'mob' branch, smch, sorry"
46 # We are NOT inside the chroot
50 if [ "$cfg_permission_control" = "Hooks" ]; then
51 # We have some permission control to do!
52 proj
="$(pwd)"; proj
="${proj#$cfg_reporoot/}"; projbare
="${proj%.git}"
53 # XXX: Sanity check on project name and $USER here? Seems superfluous.
54 if ! perl
-I@basedir@
-MGirocco::Project
-le 'exit(1) unless Girocco::Project->load("'$projbare'")->can_user_push("'$USER'")'; then
55 echo "The user '$USER' does not have push permissions for project '$proj'" >&2
56 echo "You may adjust push permissions at $cfg_webadmurl/editproj.cgi?name=$proj" >&2
61 if [ -n "$GIT_PROJECT_ROOT" ]; then
62 # We are doing a smart HTTP push
64 proj
="$(pwd)"; proj
="${proj#$cfg_reporoot/}"; projbare
="${proj%.git}"
66 if ! [ -f .nofetch
]; then
67 echo "The $proj project is a mirror and may not be pushed to, sorry" >&2
71 authuser
="${REMOTE_USER#/UID=}"
72 if [ -z "$authuser" ]; then
73 echo "Only authenticated users may push, sorry" >&2
77 if ! perl
-I@basedir@
-MGirocco::Project
-le 'exit(1) unless Girocco::Project->load("'$projbare'")->can_user_push("'$authuser'")'; then
78 echo "The user '$authuser' does not have push permissions for project '$proj'" >&2
79 echo "You may adjust push permissions at $cfg_webadmurl/editproj.cgi?name=$proj" >&2
83 if [ "$cfg_mob" = "mob" -a "$authuser" = "mob" ]; then
84 if [ x
"$1" != x
"refs/heads/mob" ]; then
85 echo "The mob user may push only to the 'mob' branch, sorry" >&2
88 if [ x
"$2" = x
"0000000000000000000000000000000000000000" ]; then
89 echo "The mob user may not _create_ the 'mob' branch, sorry" >&2
92 if [ x
"$3" = x
"0000000000000000000000000000000000000000" ]; then
93 echo "The mob user may not _delete_ the 'mob' branch, smch, sorry"