From b9150dc7a908c79145520461b3e026254131ca48 Mon Sep 17 00:00:00 2001
From: Petr Baudis <pasky@ucw.cz>
Date: Tue, 10 Oct 2006 03:58:14 +0200
Subject: [PATCH] Support for the mob user

---
 TODO               |  1 -
 cgi/Git/RepoCGI.pm | 18 ++++++++++++++++++
 cgi/p/editproj.cgi |  2 ++
 mob.html           | 51 +++++++++++++++++++++++++++++++++++++++++++++++++++
 update-hook        | 21 +++++++++++++++++++++
 5 files changed, 92 insertions(+), 1 deletion(-)
 create mode 100644 mob.html
 create mode 100644 update-hook

diff --git a/TODO b/TODO
index efdef8e..daa30a3 100644
--- a/TODO
+++ b/TODO
@@ -1,2 +1 @@
-mob: passwordless user
 README.html
diff --git a/cgi/Git/RepoCGI.pm b/cgi/Git/RepoCGI.pm
index 9d0db0d..f28d0ba 100644
--- a/cgi/Git/RepoCGI.pm
+++ b/cgi/Git/RepoCGI.pm
@@ -310,6 +310,23 @@ sub _group_update {
 	);
 }
 
+sub _install_hook {
+	my $self = shift;
+	my ($name) = @_;
+	open SRC, "/home/repo/repomgr/$name-hook" or die "cannot open hook $name: $!";
+	open DST, '>'.$self->{path}.'/hooks/'.$name or die "cannot open hook $name for writing: $!";
+	while (<SRC>) { print DST $_; }
+	close DST;
+	close SRC;
+}
+
+sub _install_hooks {
+	my $self = shift;
+	foreach my $hook ('update') {
+		$self->_install_hook($hook);
+	}
+}
+
 # private constructor, do not use
 sub _new {
 	my $class = shift;
@@ -425,6 +442,7 @@ sub conjure {
 	$self->_nofetch(1);
 	$self->_properties_save;
 	$self->_group_add(':');
+	$self->_install_hooks;
 }
 
 sub update {
diff --git a/cgi/p/editproj.cgi b/cgi/p/editproj.cgi
index 3e260ad..b3e6ed8 100755
--- a/cgi/p/editproj.cgi
+++ b/cgi/p/editproj.cgi
@@ -58,6 +58,8 @@ so perhaps you will need to click a lot.</p>
 EOT
 if ($proj->{mirror}) {
 	print "<p><em>Warning: This is a mirrored repository, thus you cannot push into it. Changing the user set will have no practical effect.</em></p>\n";
+} elsif (not grep { $_ eq 'mob' } @{$h{users}}) {
+	print "<p><em>(Please consider adding the <tt>mob</tt> user. <a href=\"/mob.html\">[learn more]</a>)/em></p>\n";
 }
 foreach my $user (@{$h{users}}) {
 	print "<li><input type=\"checkbox\" name=\"user\" value=\"$user\" checked=\"1\" /> $user</li>\n";
diff --git a/mob.html b/mob.html
new file mode 100644
index 0000000..74fe0df
--- /dev/null
+++ b/mob.html
@@ -0,0 +1,51 @@
+<html><head><title>repo.or.cz :: About the Mob Account</title></head>
+<body>
+<h1>About the Mob Account</h1>
+
+<p>The <tt>mob</tt> account (the name a tribute to the paper
+<a href="http://www.dreamsongs.com/MobSoftware.html">Mob Software: The Erotic Life of Code</a>)
+is.a way to enable <em>anonymous push access</em> for your project.
+This is largely an experiment and may be scrapped in the future if
+it will not get widespread use, but I think it's an interesting try.
+The idea is to provide unmoderated <em>side</em> channel for random
+contributors to work on a project, coming from the same place as
+e.g. Wikipedia - that given enough interested people, the quality
+will grow rapidly and occassional "vandalism" will get fixed quickly.
+Of course this may not work nearly so well for software, but here
+we are, to give it a try.</p>
+
+<h2>For Repository Admins</h2>
+
+<p>How it works? First, you need to add the <tt>mob</tt> user to the
+list of users allowed to push in your project. <tt>mob</tt> is a
+keyless, passwordless user that anyone can use to push, without
+any special setup. <strong>But</strong> this does not mean that
+your project is not in the hands of raging mindless mob! The <tt>mob</tt>
+user has a special restriction: it can push only to an existing
+<tt>mob</tt> branch. This means that the second step you need to take
+is to create a <tt>mob</tt> branch in the repository (e.g.
+<code>cg branch-add mob git+ssh://repo.or.cz/srv/git/project.git#mob
+	&amp;&amp; cg-push mob</code>). Then the <tt>mob</tt> user
+will be able to push to that and only that branch, and it won't be
+able to push whatsoever until you take the second step.</p>
+
+<p>To sum it up: Anonymous pushes are allowed <em>only</em> to the <tt>mob</tt>
+branch and <em>only</em> if you add a <tt>mob</tt> user and do an initial
+pushout of the <tt>mob</tt> branch.</p>
+
+<h2>For Users</h2>
+
+<p>To clone the <tt>mob</tt> branch instead of the default <tt>master</tt>
+branch, paste <tt>#mob</tt> to the URL passed to <tt>cg-clone</tt>.</p>
+
+<p><strong>Note that you are taking a huge security risk on yourself
+	if you just blindly grab the mob branch and run it on your
+	system.</strong></p>
+
+<h2>For Developers</h2>
+
+<p>Set up a remote branch to point at <tt>git+ssh://mob@repo.or.cz/srv/git/project.git#mob</tt>.
+Then push there. Have fun and enjoy, you are making the history!</p>
+
+</body>
+</html>
diff --git a/update-hook b/update-hook
new file mode 100644
index 0000000..5fbe408
--- /dev/null
+++ b/update-hook
@@ -0,0 +1,21 @@
+#!/bin/sh
+#
+# Currently, we just confine the mob user to the mob branch here.
+#
+# TODO: CIA support. Mailing list notifications support. Generalized
+# branches push permissions support.
+#
+
+# mob user is 65538, that's hardcoded
+if [ $EUID -eq 65538 ]; then
+	if [ x"$1" != x"refs/heads/mob" ]; then
+		echo "The mob user can push only to the 'mob' branch, sorry" >&2
+		exit 1
+	fi
+	if expr "$2" : '0*$' >/dev/null; then
+		echo "The mob user cannot _create_ the 'mob' branch, sorry" >&2
+		exit 2
+	fi
+fi
+
+exit 0
-- 
2.11.4.GIT