Girocco/ProjPerm.pm

   1 package Girocco::ProjPerm;
   2
   3 # This is base class for various permission models; these control updating
   4 # permissions of appropriate files in push-enabled repositories.
   5 # The /etc/group file is maintained by Girocco::Project itself.
   6
   7 # The chosen subclass of this class is used as base class of Girocco::Project.
   8
   9 use strict;
  10 use warnings;
  11
  12 use Girocco::Config;
  13
  14 BEGIN {
  15         our @interesting = qw(refs info objects);
  16 }
  17
  18 sub perm_initialize {
  19         my ($proj) = @_;
  20         die "unimplemented";
  21 }
  22
  23 sub perm_user_add {
  24         my ($proj, $username, $uid) = @_;
  25         die "unimplemented";
  26 }
  27
  28 sub perm_user_del {
  29         my ($proj, $username, $uid) = @_;
  30         die "unimplemented";
  31 }
  32
  33 sub shared_mode {
  34         my ($proj) = @_;
  35         # The --shared= argument for git init
  36         die "unimplemented";
  37 }
  38
  39 1;
  40
  41
  42 package Girocco::ProjPerm::Group;
  43
  44 # This is the naive permission model: on init, we just chgrp the relevant
  45 # pieces to our group and make them group-writable. But oh, we cannot do that
  46 # since we are not root; so we just sit happily and do nothing else.
  47 # Then, we can just sit happily and do nothing else either.
  48
  49 use strict;
  50 use warnings;
  51
  52 BEGIN {
  53         use base qw(Girocco::ProjPerm);
  54 }
  55
  56 sub perm_initialize {
  57         my ($proj) = @_;
  58
  59         # adjust group and other permissions
  60         system("chmod", "-R", "ug+rw,o+r", $proj->{path}) == 0 or die "Running chmod failed: $!";
  61
  62         1;
  63 }
  64
  65 sub perm_user_add {
  66         my ($proj, $username, $uid) = @_;
  67         1;
  68 }
  69
  70 sub perm_user_del {
  71         my ($proj, $username, $uid) = @_;
  72         1;
  73 }
  74
  75 sub shared_mode {
  76         my ($proj) = @_;
  77         "group";
  78 }
  79
  80 sub can_user_push {
  81         my ($proj, $username) = @_;
  82         grep { $_ eq $username } @{$proj->{users}};
  83 }
  84
  85 1;
  86
  87
  88 package Girocco::ProjPerm::Hooks;
  89
  90 # This is the "soft-security" permission model: we keep the repository
  91 # world-writable and check if the user is allowed to push only within
  92 # the update hook that will call our can_user_push() method.
  93
  94 use strict;
  95 use warnings;
  96
  97 BEGIN {
  98         use base qw(Girocco::ProjPerm);
  99 }
 100
 101 sub perm_initialize {
 102         my ($proj) = @_;
 103         1;
 104 }
 105
 106 sub perm_user_add {
 107         my ($proj, $username, $uid) = @_;
 108         1;
 109 }
 110
 111 sub perm_user_del {
 112         my ($proj, $username, $uid) = @_;
 113         1;
 114 }
 115
 116 sub shared_mode {
 117         my ($proj) = @_;
 118         "0777";
 119 }
 120
 121 sub can_user_push {
 122         my ($proj, $username) = @_;
 123         grep { $_ eq $username } @{$proj->{users}};
 124 }
 125
 126 1;