diff options
author | Sam Thursfield <sam.thursfield@codethink.co.uk> | 2015-06-05 15:32:57 +0100 |
---|---|---|
committer | Baserock Gerrit <gerrit@baserock.org> | 2015-11-19 15:05:45 +0000 |
commit | d83ffbf8aa6fa7cb3a8c50b03b77d0c09a88ed04 (patch) | |
tree | a08d3068bfffda9ab0b1d85c95ff43a071ebc7a7 /share/gitano | |
parent | 1ca53f11d302a7db3ef53e09ba7c259689a9cb83 (diff) | |
download | trove-setup-d83ffbf8aa6fa7cb3a8c50b03b77d0c09a88ed04.tar.gz |
Allow tags to be pushed to the trove's own namespace in mirrored repos
Previously, when Trove mirrored an upstream repo, it would allow users
to push branches as long as they started with the trove-id. The
intention is to keep local changes in a separate namespace that can
co-exist with whatever branches the upstream repo has. This patch
extends this to tags, so that users can push tags to refs/tags/{{
trove-id}}/whatever.
This is necessary for the `morph anchor` command to work as expected
when the 'ref' fields of some definitions point to tag objects. Git
itself prevents pushing tags to 'refs/heads/...' so `morph anchor` must
be configured to push them to 'refs/tags/...'. Without this patch,
Gitano will prevent that as well, but with this patch, `morph anchor`
should be usable.
Repos in the Trove's own prefix (such as the baserock/ repos on
git.baserock.org, or the foo-trove/ repos on a Trove with trove ID
'foo-trove') are the only ones not considered to be mirrors, and
users can already push branches and tags wherever they want to in these
repos.
Change-Id: I06496ea6c5c57d3fae7e5750cf51e31bbd16d8d2
Diffstat (limited to 'share/gitano')
-rw-r--r-- | share/gitano/skel/gitano-admin/rules/defines.lace | 3 | ||||
-rw-r--r-- | share/gitano/skel/gitano-admin/rules/other-project.lace | 5 |
2 files changed, 5 insertions, 3 deletions
diff --git a/share/gitano/skel/gitano-admin/rules/defines.lace b/share/gitano/skel/gitano-admin/rules/defines.lace index 466ac6f..16b6d96 100644 --- a/share/gitano/skel/gitano-admin/rules/defines.lace +++ b/share/gitano/skel/gitano-admin/rules/defines.lace @@ -100,7 +100,8 @@ define trove_site_admin group trove-admin define target_group_gitano_admin targetgroup gitano-admin define is_lorry user lorry -define is_local_ref ref ~^refs/heads/{{ ESC_PREFIX }}/ +define is_local_branch ref ~^refs/heads/{{ ESC_PREFIX }}/ +define is_local_tag ref ~^refs/tags/{{ ESC_PREFIX }}/ define lorryable_repo allof !repo_is_local_project !repo_is_personal !is_admin_repo define is_worker group workers diff --git a/share/gitano/skel/gitano-admin/rules/other-project.lace b/share/gitano/skel/gitano-admin/rules/other-project.lace index e5f05be..346718e 100644 --- a/share/gitano/skel/gitano-admin/rules/other-project.lace +++ b/share/gitano/skel/gitano-admin/rules/other-project.lace @@ -15,11 +15,12 @@ allow "Anyone may read here" op_read allow "Anyone may write here" op_write !is_anonymous # Lorry can do anything reffy which is not inside the local refs -allow "Lorry may touch everything but refs/heads/{{ TROVE_ID }}" op_is_reffy is_lorry !is_local_ref +allow "Lorry may touch everything but refs/heads/{{ TROVE_ID }} or refs/tags/{{ TROVE_ID }}" op_is_reffy is_lorry !is_local_branch !is_local_tag # Noone can rewind/rebase outside of their personal refs deny "Non-personal branches may not be rewound/rebased" op_forcedupdate !is_lorry !ref_is_personal # Everyone else can do reffy things inside refs/heads/{{ TROVE_ID }} -allow "Project writers may alter any refs" op_is_reffy !is_lorry is_local_ref +allow "Project writers may alter any branches in the {{ TROVE_ID }} namespace" op_is_reffy !is_lorry is_local_branch +allow "Project writers may alter any tags in the {{ TROVE_ID }} namespace" op_is_reffy !is_lorry is_local_tag |