diff options
| author | Daniel Silverstone <daniel.silverstone@codethink.co.uk> | 2013-05-17 15:27:14 +0100 |
|---|---|---|
| committer | Daniel Silverstone <daniel.silverstone@codethink.co.uk> | 2013-05-17 15:27:14 +0100 |
| commit | 4f6fbbb22d6f769694250b904985c6196067d7de (patch) | |
| tree | d0498fbc392dd0a5b953b2e53e11f541bec9e014 /gitano-admin/rules/other-project.lace | |
| parent | a2c5cf39071b52b78dc50879f941f25470c32337 (diff) | |
| download | trove-setup-4f6fbbb22d6f769694250b904985c6196067d7de.tar.gz | |
Add rules to deny forced updates to refs which are not under
TROVE_ID/${user}/...
This reduces the chances of accidental force-pushes to branches
if you are using an old version of git or have misconfigured it.
Reviewed-By: Richard Maw <richard.maw@codethink.co.uk>
Diffstat (limited to 'gitano-admin/rules/other-project.lace')
| -rw-r--r-- | gitano-admin/rules/other-project.lace | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/gitano-admin/rules/other-project.lace b/gitano-admin/rules/other-project.lace index ad88098..a42c06a 100644 --- a/gitano-admin/rules/other-project.lace +++ b/gitano-admin/rules/other-project.lace @@ -4,7 +4,7 @@ # | || | | (_) \ V / __/ # |_||_| \___/ \_/ \___| # -# Copyright 2012 Codethink Limited +# Copyright 2012,2013 Codethink Limited # # Rules for any repository not under ##PREFIX## @@ -17,6 +17,9 @@ allow "Anyone may write here" op_write # Lorry can do anything reffy which is not inside the local refs allow "Lorry may touch everything but refs/heads/##PREFIX##" op_is_reffy is_lorry !is_local_ref +# Noone can rewind/rebase outside of their personal refs +deny "Non-personal branches may not be rewound/rebased" op_forcedupdate !is_lorry !ref_is_personal + # Everyone else can do reffy things inside refs/heads/##PREFIX## allow "Project writers may alter any refs" op_is_reffy !is_lorry is_local_ref |