git module bugs [#18243]

Submitted by helpmin on Wed, 05/18/2011 - 18:32

Regarding user access

I have a question regarding access. It looks like that all users have read access, even if they are not assigned to allowed repos (in edit ftp user->other users permissions)

Assigning a user to allowed repos, doesn't seem to make a difference. The user still doesn't have any write access.

Regarding help files

In Edit FTP Users if you click on the help link for grant access to git repos you get

Failed to read help file /usr/libexec/webmin/virtualmin-git/help/reps.html

or help for git login

Failed to read help file /usr/libexec/webmin/virtualmin-git/help/git.html

Status:

Active

Comments

Submitted by JamieCameron on Thu, 05/19/2011 - 13:51 Comment #1

How are you determining if a user has access? The allowed user settings only limit web access to the repos ..

Those missing help pages will be fixed in the next version.

Submitted by helpmin on Thu, 05/19/2011 - 17:35 Comment #2

Ok, understand now. Please ignore the write issue.

But all users have web access to the repos.

Submitted by JamieCameron on Sat, 05/21/2011 - 23:51 Comment #3

Do you mean web access via gitweb , or by checking out using the git command with an http: repo path?

Submitted by helpmin on Sun, 05/22/2011 - 00:00 Comment #4

I meant web access via gitweb. The htaccess control works, but once users are authorized, they can see all repos (.git files).

I believe now that your module didn't implement the projects_list feature in gitweb (wishful thinking).

Maybe I overlooked something, but in the end I used gitolite to do that.

Submitted by JamieCameron on Mon, 05/23/2011 - 14:56 Comment #5

Ok, I don't see any way to have gitweb limit access to repositories on a per-user basis :-(

Submitted by helpmin on Mon, 05/23/2011 - 19:22 Comment #6

You could use the auth_hool feature in gitweb.conf. Here is an example:

# set project root etc. absolute paths
$ENV{GL_REPO_BASE_ABS} = ( $REPO_BASE =~ m(^/) ? $REPO_BASE : "$gl_home/$REPO_BASE" );
$projects_list = $projectroot = $ENV{GL_REPO_BASE_ABS};

$export_auth_hook = sub {
    my $repo = shift;
    # gitweb passes us the full repo path; so we strip the beginning
    # and the end, to get the repo name as it is specified in gitolite conf
    return unless $repo =~ s/^\Q$projectroot\E\/?(.+)\.git$/$1/;

    # check for (at least) "R" permission
    my ($perm, $creator) = &repo_rights($repo);
    return ($perm =~ /R/);
};