diff options
author | Daniel Silverstone <dsilvers@digital-scurf.org> | 2012-06-29 22:01:22 +0100 |
---|---|---|
committer | Daniel Silverstone <dsilvers@digital-scurf.org> | 2012-06-29 22:01:22 +0100 |
commit | 59e90a85e214bac473a37a35d11d5a0b066397a1 (patch) | |
tree | f6c4345aae1bdfb69984297203e5505a7984253a /example | |
parent | 9ebce674738a5d46a8079725e2445d73ee8b7703 (diff) | |
download | gitano-59e90a85e214bac473a37a35d11d5a0b066397a1.tar.gz |
EXAMPLE: Change from a .git to a set of files, so it's easier to see/edit the example gitano-admin
Diffstat (limited to 'example')
28 files changed, 113 insertions, 483 deletions
diff --git a/example/gitano-admin.git/HEAD b/example/gitano-admin.git/HEAD deleted file mode 100644 index cb089cd..0000000 --- a/example/gitano-admin.git/HEAD +++ /dev/null @@ -1 +0,0 @@ -ref: refs/heads/master diff --git a/example/gitano-admin.git/config b/example/gitano-admin.git/config deleted file mode 100644 index 07d359d..0000000 --- a/example/gitano-admin.git/config +++ /dev/null @@ -1,4 +0,0 @@ -[core] - repositoryformatversion = 0 - filemode = true - bare = true diff --git a/example/gitano-admin.git/description b/example/gitano-admin.git/description deleted file mode 100644 index 498b267..0000000 --- a/example/gitano-admin.git/description +++ /dev/null @@ -1 +0,0 @@ -Unnamed repository; edit this file 'description' to name the repository. diff --git a/example/gitano-admin.git/hooks/applypatch-msg.sample b/example/gitano-admin.git/hooks/applypatch-msg.sample deleted file mode 100755 index 8b2a2fe..0000000 --- a/example/gitano-admin.git/hooks/applypatch-msg.sample +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/sh -# -# An example hook script to check the commit log message taken by -# applypatch from an e-mail message. -# -# The hook should exit with non-zero status after issuing an -# appropriate message if it wants to stop the commit. The hook is -# allowed to edit the commit message file. -# -# To enable this hook, rename this file to "applypatch-msg". - -. git-sh-setup -test -x "$GIT_DIR/hooks/commit-msg" && - exec "$GIT_DIR/hooks/commit-msg" ${1+"$@"} -: diff --git a/example/gitano-admin.git/hooks/commit-msg.sample b/example/gitano-admin.git/hooks/commit-msg.sample deleted file mode 100755 index b58d118..0000000 --- a/example/gitano-admin.git/hooks/commit-msg.sample +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/sh -# -# An example hook script to check the commit log message. -# Called by "git commit" with one argument, the name of the file -# that has the commit message. The hook should exit with non-zero -# status after issuing an appropriate message if it wants to stop the -# commit. The hook is allowed to edit the commit message file. -# -# To enable this hook, rename this file to "commit-msg". - -# Uncomment the below to add a Signed-off-by line to the message. -# Doing this in a hook is a bad idea in general, but the prepare-commit-msg -# hook is more suited to it. -# -# SOB=$(git var GIT_AUTHOR_IDENT | sed -n 's/^\(.*>\).*$/Signed-off-by: \1/p') -# grep -qs "^$SOB" "$1" || echo "$SOB" >> "$1" - -# This example catches duplicate Signed-off-by lines. - -test "" = "$(grep '^Signed-off-by: ' "$1" | - sort | uniq -c | sed -e '/^[ ]*1[ ]/d')" || { - echo >&2 Duplicate Signed-off-by lines. - exit 1 -} diff --git a/example/gitano-admin.git/hooks/post-commit.sample b/example/gitano-admin.git/hooks/post-commit.sample deleted file mode 100755 index 2266821..0000000 --- a/example/gitano-admin.git/hooks/post-commit.sample +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -# -# An example hook script that is called after a successful -# commit is made. -# -# To enable this hook, rename this file to "post-commit". - -: Nothing diff --git a/example/gitano-admin.git/hooks/post-receive.sample b/example/gitano-admin.git/hooks/post-receive.sample deleted file mode 100755 index 7a83e17..0000000 --- a/example/gitano-admin.git/hooks/post-receive.sample +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/sh -# -# An example hook script for the "post-receive" event. -# -# The "post-receive" script is run after receive-pack has accepted a pack -# and the repository has been updated. It is passed arguments in through -# stdin in the form -# <oldrev> <newrev> <refname> -# For example: -# aa453216d1b3e49e7f6f98441fa56946ddcd6a20 68f7abf4e6f922807889f52bc043ecd31b79f814 refs/heads/master -# -# see contrib/hooks/ for a sample, or uncomment the next line and -# rename the file to "post-receive". - -#. /usr/share/doc/git-core/contrib/hooks/post-receive-email diff --git a/example/gitano-admin.git/hooks/post-update.sample b/example/gitano-admin.git/hooks/post-update.sample deleted file mode 100755 index ec17ec1..0000000 --- a/example/gitano-admin.git/hooks/post-update.sample +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -# -# An example hook script to prepare a packed repository for use over -# dumb transports. -# -# To enable this hook, rename this file to "post-update". - -exec git update-server-info diff --git a/example/gitano-admin.git/hooks/pre-applypatch.sample b/example/gitano-admin.git/hooks/pre-applypatch.sample deleted file mode 100755 index b1f187c..0000000 --- a/example/gitano-admin.git/hooks/pre-applypatch.sample +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/sh -# -# An example hook script to verify what is about to be committed -# by applypatch from an e-mail message. -# -# The hook should exit with non-zero status after issuing an -# appropriate message if it wants to stop the commit. -# -# To enable this hook, rename this file to "pre-applypatch". - -. git-sh-setup -test -x "$GIT_DIR/hooks/pre-commit" && - exec "$GIT_DIR/hooks/pre-commit" ${1+"$@"} -: diff --git a/example/gitano-admin.git/hooks/pre-commit.sample b/example/gitano-admin.git/hooks/pre-commit.sample deleted file mode 100755 index b187c4b..0000000 --- a/example/gitano-admin.git/hooks/pre-commit.sample +++ /dev/null @@ -1,46 +0,0 @@ -#!/bin/sh -# -# An example hook script to verify what is about to be committed. -# Called by "git commit" with no arguments. The hook should -# exit with non-zero status after issuing an appropriate message if -# it wants to stop the commit. -# -# To enable this hook, rename this file to "pre-commit". - -if git rev-parse --verify HEAD >/dev/null 2>&1 -then - against=HEAD -else - # Initial commit: diff against an empty tree object - against=4b825dc642cb6eb9a060e54bf8d69288fbee4904 -fi - -# If you want to allow non-ascii filenames set this variable to true. -allownonascii=$(git config hooks.allownonascii) - -# Cross platform projects tend to avoid non-ascii filenames; prevent -# them from being added to the repository. We exploit the fact that the -# printable range starts at the space character and ends with tilde. -if [ "$allownonascii" != "true" ] && - # Note that the use of brackets around a tr range is ok here, (it's - # even required, for portability to Solaris 10's /usr/bin/tr), since - # the square bracket bytes happen to fall in the designated range. - test "$(git diff --cached --name-only --diff-filter=A -z $against | - LC_ALL=C tr -d '[ -~]\0')" -then - echo "Error: Attempt to add a non-ascii file name." - echo - echo "This can cause problems if you want to work" - echo "with people on other platforms." - echo - echo "To be portable it is advisable to rename the file ..." - echo - echo "If you know what you are doing you can disable this" - echo "check using:" - echo - echo " git config hooks.allownonascii true" - echo - exit 1 -fi - -exec git diff-index --check --cached $against -- diff --git a/example/gitano-admin.git/hooks/pre-rebase.sample b/example/gitano-admin.git/hooks/pre-rebase.sample deleted file mode 100755 index f0f6da3..0000000 --- a/example/gitano-admin.git/hooks/pre-rebase.sample +++ /dev/null @@ -1,172 +0,0 @@ -#!/bin/sh -# -# Copyright (c) 2006, 2008 Junio C Hamano -# -# The "pre-rebase" hook is run just before "git rebase" starts doing -# its job, and can prevent the command from running by exiting with -# non-zero status. -# -# The hook is called with the following parameters: -# -# $1 -- the upstream the series was forked from. -# $2 -- the branch being rebased (or empty when rebasing the current branch). -# -# This sample shows how to prevent topic branches that are already -# merged to 'next' branch from getting rebased, because allowing it -# would result in rebasing already published history. - -publish=next -basebranch="$1" -if test "$#" = 2 -then - topic="refs/heads/$2" -else - topic=`git symbolic-ref HEAD` || - exit 0 ;# we do not interrupt rebasing detached HEAD -fi - -case "$topic" in -refs/heads/??/*) - ;; -*) - exit 0 ;# we do not interrupt others. - ;; -esac - -# Now we are dealing with a topic branch being rebased -# on top of master. Is it OK to rebase it? - -# Does the topic really exist? -git show-ref -q "$topic" || { - echo >&2 "No such branch $topic" - exit 1 -} - -# Is topic fully merged to master? -not_in_master=`git rev-list --pretty=oneline ^master "$topic"` -if test -z "$not_in_master" -then - echo >&2 "$topic is fully merged to master; better remove it." - exit 1 ;# we could allow it, but there is no point. -fi - -# Is topic ever merged to next? If so you should not be rebasing it. -only_next_1=`git rev-list ^master "^$topic" ${publish} | sort` -only_next_2=`git rev-list ^master ${publish} | sort` -if test "$only_next_1" = "$only_next_2" -then - not_in_topic=`git rev-list "^$topic" master` - if test -z "$not_in_topic" - then - echo >&2 "$topic is already up-to-date with master" - exit 1 ;# we could allow it, but there is no point. - else - exit 0 - fi -else - not_in_next=`git rev-list --pretty=oneline ^${publish} "$topic"` - /usr/bin/perl -e ' - my $topic = $ARGV[0]; - my $msg = "* $topic has commits already merged to public branch:\n"; - my (%not_in_next) = map { - /^([0-9a-f]+) /; - ($1 => 1); - } split(/\n/, $ARGV[1]); - for my $elem (map { - /^([0-9a-f]+) (.*)$/; - [$1 => $2]; - } split(/\n/, $ARGV[2])) { - if (!exists $not_in_next{$elem->[0]}) { - if ($msg) { - print STDERR $msg; - undef $msg; - } - print STDERR " $elem->[1]\n"; - } - } - ' "$topic" "$not_in_next" "$not_in_master" - exit 1 -fi - -exit 0 - -<<\DOC_END -################################################################ - -This sample hook safeguards topic branches that have been -published from being rewound. - -The workflow assumed here is: - - * Once a topic branch forks from "master", "master" is never - merged into it again (either directly or indirectly). - - * Once a topic branch is fully cooked and merged into "master", - it is deleted. If you need to build on top of it to correct - earlier mistakes, a new topic branch is created by forking at - the tip of the "master". This is not strictly necessary, but - it makes it easier to keep your history simple. - - * Whenever you need to test or publish your changes to topic - branches, merge them into "next" branch. - -The script, being an example, hardcodes the publish branch name -to be "next", but it is trivial to make it configurable via -$GIT_DIR/config mechanism. - -With this workflow, you would want to know: - -(1) ... if a topic branch has ever been merged to "next". Young - topic branches can have stupid mistakes you would rather - clean up before publishing, and things that have not been - merged into other branches can be easily rebased without - affecting other people. But once it is published, you would - not want to rewind it. - -(2) ... if a topic branch has been fully merged to "master". - Then you can delete it. More importantly, you should not - build on top of it -- other people may already want to - change things related to the topic as patches against your - "master", so if you need further changes, it is better to - fork the topic (perhaps with the same name) afresh from the - tip of "master". - -Let's look at this example: - - o---o---o---o---o---o---o---o---o---o "next" - / / / / - / a---a---b A / / - / / / / - / / c---c---c---c B / - / / / \ / - / / / b---b C \ / - / / / / \ / - ---o---o---o---o---o---o---o---o---o---o---o "master" - - -A, B and C are topic branches. - - * A has one fix since it was merged up to "next". - - * B has finished. It has been fully merged up to "master" and "next", - and is ready to be deleted. - - * C has not merged to "next" at all. - -We would want to allow C to be rebased, refuse A, and encourage -B to be deleted. - -To compute (1): - - git rev-list ^master ^topic next - git rev-list ^master next - - if these match, topic has not merged in next at all. - -To compute (2): - - git rev-list master..topic - - if this is empty, it is fully merged to "master". - -DOC_END diff --git a/example/gitano-admin.git/hooks/prepare-commit-msg.sample b/example/gitano-admin.git/hooks/prepare-commit-msg.sample deleted file mode 100755 index f093a02..0000000 --- a/example/gitano-admin.git/hooks/prepare-commit-msg.sample +++ /dev/null @@ -1,36 +0,0 @@ -#!/bin/sh -# -# An example hook script to prepare the commit log message. -# Called by "git commit" with the name of the file that has the -# commit message, followed by the description of the commit -# message's source. The hook's purpose is to edit the commit -# message file. If the hook fails with a non-zero status, -# the commit is aborted. -# -# To enable this hook, rename this file to "prepare-commit-msg". - -# This hook includes three examples. The first comments out the -# "Conflicts:" part of a merge commit. -# -# The second includes the output of "git diff --name-status -r" -# into the message, just before the "git status" output. It is -# commented because it doesn't cope with --amend or with squashed -# commits. -# -# The third example adds a Signed-off-by line to the message, that can -# still be edited. This is rarely a good idea. - -case "$2,$3" in - merge,) - /usr/bin/perl -i.bak -ne 's/^/# /, s/^# #/#/ if /^Conflicts/ .. /#/; print' "$1" ;; - -# ,|template,) -# /usr/bin/perl -i.bak -pe ' -# print "\n" . `git diff --cached --name-status -r` -# if /^#/ && $first++ == 0' "$1" ;; - - *) ;; -esac - -# SOB=$(git var GIT_AUTHOR_IDENT | sed -n 's/^\(.*>\).*$/Signed-off-by: \1/p') -# grep -qs "^$SOB" "$1" || echo "$SOB" >> "$1" diff --git a/example/gitano-admin.git/hooks/update.sample b/example/gitano-admin.git/hooks/update.sample deleted file mode 100755 index 71ab04e..0000000 --- a/example/gitano-admin.git/hooks/update.sample +++ /dev/null @@ -1,128 +0,0 @@ -#!/bin/sh -# -# An example hook script to blocks unannotated tags from entering. -# Called by "git receive-pack" with arguments: refname sha1-old sha1-new -# -# To enable this hook, rename this file to "update". -# -# Config -# ------ -# hooks.allowunannotated -# This boolean sets whether unannotated tags will be allowed into the -# repository. By default they won't be. -# hooks.allowdeletetag -# This boolean sets whether deleting tags will be allowed in the -# repository. By default they won't be. -# hooks.allowmodifytag -# This boolean sets whether a tag may be modified after creation. By default -# it won't be. -# hooks.allowdeletebranch -# This boolean sets whether deleting branches will be allowed in the -# repository. By default they won't be. -# hooks.denycreatebranch -# This boolean sets whether remotely creating branches will be denied -# in the repository. By default this is allowed. -# - -# --- Command line -refname="$1" -oldrev="$2" -newrev="$3" - -# --- Safety check -if [ -z "$GIT_DIR" ]; then - echo "Don't run this script from the command line." >&2 - echo " (if you want, you could supply GIT_DIR then run" >&2 - echo " $0 <ref> <oldrev> <newrev>)" >&2 - exit 1 -fi - -if [ -z "$refname" -o -z "$oldrev" -o -z "$newrev" ]; then - echo "Usage: $0 <ref> <oldrev> <newrev>" >&2 - exit 1 -fi - -# --- Config -allowunannotated=$(git config --bool hooks.allowunannotated) -allowdeletebranch=$(git config --bool hooks.allowdeletebranch) -denycreatebranch=$(git config --bool hooks.denycreatebranch) -allowdeletetag=$(git config --bool hooks.allowdeletetag) -allowmodifytag=$(git config --bool hooks.allowmodifytag) - -# check for no description -projectdesc=$(sed -e '1q' "$GIT_DIR/description") -case "$projectdesc" in -"Unnamed repository"* | "") - echo "*** Project description file hasn't been set" >&2 - exit 1 - ;; -esac - -# --- Check types -# if $newrev is 0000...0000, it's a commit to delete a ref. -zero="0000000000000000000000000000000000000000" -if [ "$newrev" = "$zero" ]; then - newrev_type=delete -else - newrev_type=$(git cat-file -t $newrev) -fi - -case "$refname","$newrev_type" in - refs/tags/*,commit) - # un-annotated tag - short_refname=${refname##refs/tags/} - if [ "$allowunannotated" != "true" ]; then - echo "*** The un-annotated tag, $short_refname, is not allowed in this repository" >&2 - echo "*** Use 'git tag [ -a | -s ]' for tags you want to propagate." >&2 - exit 1 - fi - ;; - refs/tags/*,delete) - # delete tag - if [ "$allowdeletetag" != "true" ]; then - echo "*** Deleting a tag is not allowed in this repository" >&2 - exit 1 - fi - ;; - refs/tags/*,tag) - # annotated tag - if [ "$allowmodifytag" != "true" ] && git rev-parse $refname > /dev/null 2>&1 - then - echo "*** Tag '$refname' already exists." >&2 - echo "*** Modifying a tag is not allowed in this repository." >&2 - exit 1 - fi - ;; - refs/heads/*,commit) - # branch - if [ "$oldrev" = "$zero" -a "$denycreatebranch" = "true" ]; then - echo "*** Creating a branch is not allowed in this repository" >&2 - exit 1 - fi - ;; - refs/heads/*,delete) - # delete branch - if [ "$allowdeletebranch" != "true" ]; then - echo "*** Deleting a branch is not allowed in this repository" >&2 - exit 1 - fi - ;; - refs/remotes/*,commit) - # tracking branch - ;; - refs/remotes/*,delete) - # delete tracking branch - if [ "$allowdeletebranch" != "true" ]; then - echo "*** Deleting a tracking branch is not allowed in this repository" >&2 - exit 1 - fi - ;; - *) - # Anything else (is there anything else?) - echo "*** Update hook: unknown type of update to ref $refname of type $newrev_type" >&2 - exit 1 - ;; -esac - -# --- Finished -exit 0 diff --git a/example/gitano-admin.git/info/exclude b/example/gitano-admin.git/info/exclude deleted file mode 100644 index a5196d1..0000000 --- a/example/gitano-admin.git/info/exclude +++ /dev/null @@ -1,6 +0,0 @@ -# git ls-files --others --exclude-from=.git/info/exclude -# Lines that start with '#' are comments. -# For a project mostly in C, the following would be a good set of -# exclude patterns (uncomment them if you want to use them): -# *.[oa] -# *~ diff --git a/example/gitano-admin.git/info/refs b/example/gitano-admin.git/info/refs deleted file mode 100644 index 8362975..0000000 --- a/example/gitano-admin.git/info/refs +++ /dev/null @@ -1 +0,0 @@ -ec8ffa1c6a3eb23628b977a895a8b607d07e8722 refs/heads/master diff --git a/example/gitano-admin.git/objects/info/packs b/example/gitano-admin.git/objects/info/packs deleted file mode 100644 index 8c45162..0000000 --- a/example/gitano-admin.git/objects/info/packs +++ /dev/null @@ -1,2 +0,0 @@ -P pack-802788fdca38958b3c13622d6a8d3ccf0ccbbb50.pack - diff --git a/example/gitano-admin.git/objects/pack/pack-802788fdca38958b3c13622d6a8d3ccf0ccbbb50.idx b/example/gitano-admin.git/objects/pack/pack-802788fdca38958b3c13622d6a8d3ccf0ccbbb50.idx Binary files differdeleted file mode 100644 index 93ddf13..0000000 --- a/example/gitano-admin.git/objects/pack/pack-802788fdca38958b3c13622d6a8d3ccf0ccbbb50.idx +++ /dev/null diff --git a/example/gitano-admin.git/objects/pack/pack-802788fdca38958b3c13622d6a8d3ccf0ccbbb50.pack b/example/gitano-admin.git/objects/pack/pack-802788fdca38958b3c13622d6a8d3ccf0ccbbb50.pack Binary files differdeleted file mode 100644 index 5018b68..0000000 --- a/example/gitano-admin.git/objects/pack/pack-802788fdca38958b3c13622d6a8d3ccf0ccbbb50.pack +++ /dev/null diff --git a/example/gitano-admin.git/packed-refs b/example/gitano-admin.git/packed-refs deleted file mode 100644 index 0ad6570..0000000 --- a/example/gitano-admin.git/packed-refs +++ /dev/null @@ -1,2 +0,0 @@ -# pack-refs with: peeled -ec8ffa1c6a3eb23628b977a895a8b607d07e8722 refs/heads/master diff --git a/example/gitano-admin/groups/gitano-admin.conf b/example/gitano-admin/groups/gitano-admin.conf new file mode 100644 index 0000000..959690d --- /dev/null +++ b/example/gitano-admin/groups/gitano-admin.conf @@ -0,0 +1,4 @@ +description = "Gitano Administrators" +members = { "dsilvers" } +subgroups = {} + diff --git a/example/gitano-admin/rules/adminchecks.lace b/example/gitano-admin/rules/adminchecks.lace new file mode 100644 index 0000000..75ca753 --- /dev/null +++ b/example/gitano-admin/rules/adminchecks.lace @@ -0,0 +1,23 @@ +# Core project administration rules + +# Called with ref known to be refs/gitano/admin + +# Administrators already got to do anything, so this is for non-admins + +# Non-admin members may not delete the admin ref +deny "Non-administrators may not delete the admin ref" op_deleteref + +# By default, you don't want anything but gitano-admin members to touch +# anything in the hooks/ tree, so don't allow that +define contains_hooks target_tree ~^hooks/ +define updates_hooks treediff/targets ~^hooks/ + +deny "Attempt to create hooks" op_createref contains_hooks +deny "Attempt to alter hooks" op_is_update updates_hooks + +# Otherwise, the project's owner is allowed to alter the admin tree +allow "Project owner may alter the admin ref" is_owner + +# Any other opportunities for altering the admin ref must be provided +# by the project's rules +
\ No newline at end of file diff --git a/example/gitano-admin/rules/core.lace b/example/gitano-admin/rules/core.lace new file mode 100644 index 0000000..1fcc46a --- /dev/null +++ b/example/gitano-admin/rules/core.lace @@ -0,0 +1,24 @@ +# Prepare the initial definitions + +default deny "The ruleset didn't provide access. Denying by default." + +include global:defines + +# Now, if we're in the admin group, we can always do stuff +allow "Administrators can do anything" is_admin + +# Owners of repositories are allowed to hand it over +allow "Owners can hand over repositories" is_owner op_setowner + +# Site-defined rules for repository creation +include global:createrepo op_createrepo + +# Site-defined rules for project repositories +include global:project + +# Now the project rules themselves +include main + +# Now, if you want to allow anonymous access if the project doesn't prevent +# it, then you can uncomment the following: +# allow "Anonymous access is okay" op_read !is_admin_repo diff --git a/example/gitano-admin/rules/createrepo.lace b/example/gitano-admin/rules/createrepo.lace new file mode 100644 index 0000000..719323c --- /dev/null +++ b/example/gitano-admin/rules/createrepo.lace @@ -0,0 +1,11 @@ +# Rules related to creating repositories + +# Administrators have already been permitted whatever they like +# so this is for non-admins. + +# Uncomment the following to allow repositories in personal/username/ +define repo_is_personal repository ~^personal/${user}/ +allow "Personal repo creation is okay" repo_is_personal + +# Otherwise the default is that non-admins can't create repositories +deny "Repository creation is not permitted." diff --git a/example/gitano-admin/rules/defines.lace b/example/gitano-admin/rules/defines.lace new file mode 100644 index 0000000..870fffc --- /dev/null +++ b/example/gitano-admin/rules/defines.lace @@ -0,0 +1,27 @@ +# A useful set of defines + +# User/group related +define is_admin group gitano-admin +define is_owner owner ${user} + +# Primary repository-related operations +define op_read operation read +define op_write operation write +define op_createrepo operation createrepo +define op_setowner operation setowner + +# Reference update related operations +define op_createref operation createref +define op_deleteref operation deleteref +define op_fastforward operation updaterefff +define op_forcedupdate operation updaterefnonff + +# Combinator operations +define op_is_basic anyof op_read op_write +define op_is_update anyof op_fastforward op_forcedupdate +define op_is_normal anyof op_fastforward op_createref op_deleteref + +# Administration +define is_admin_repo repository gitano-admin +define is_gitano_ref ref ~^refs/gitano/ +define is_admin_ref ref refs/gitano/admin diff --git a/example/gitano-admin/rules/project.lace b/example/gitano-admin/rules/project.lace new file mode 100644 index 0000000..5ef531a --- /dev/null +++ b/example/gitano-admin/rules/project.lace @@ -0,0 +1,16 @@ +# Core project administration rules + +# Admins already got allowed, so this is for non-admin users only +allow "Owners can always read and write" op_is_basic is_owner + +# Uncomment if you want to *force* anonymous access to all but gitano-admin +# allow "Anonymous access always allowed" op_read !is_admin_repo + +# Okay, if we're altering the admin ref, in we go +include global:adminchecks is_admin_ref + +# Now we're into branch operations. Owners can do any normal operation +# Normal ops are create/delete/fastforward on refs +allow "Owners can create refs" op_is_normal is_owner +# We don't enable non-fastforward updates by default. Projects must do +# this in their own rules if they want it. diff --git a/example/gitano-admin/site.conf b/example/gitano-admin/site.conf new file mode 100644 index 0000000..bec6f3e --- /dev/null +++ b/example/gitano-admin/site.conf @@ -0,0 +1,5 @@ +-- Sample configuration for Gitano +site_name = "Gitano pre-alpha repository server (Laced)" +repository_root = "/home/gitano/repos" +bin_path = "/home/gitano/bin" +graveyard_root = "/home/gitano/graveyard" diff --git a/example/gitano-admin/users/dsilvers/torpor.key b/example/gitano-admin/users/dsilvers/torpor.key new file mode 100644 index 0000000..973e0f9 --- /dev/null +++ b/example/gitano-admin/users/dsilvers/torpor.key @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDmFPyhleGHuoWGgMWZWxZujNM6S4gwxx/FZw94d5ZBiRAQ2miKemdhQxoPnVhzLzx4CX0sFfU1P7HUEx+6xigf8EjrHxBYTgjh7JSCR0apcExoAVihVG+pnMDCf+CqueIbUMVRm7PEmTcg4NNMx7f60Y0zrUa3iNnU8flA+28IkrCz0RVycAKT418337PqRBaXBbnCprNkF2gOHj1mLymsE0ehwiQOd2+ocjHdxSwDayJ2OwNAIdPcb/78RixH12d5F7r3cdNNFjuXuXwSrG+ILEtbXFJEvEXnccOARMeW7uzlZsSkfeNivU3nyxJ8ZxDAFSL8JHi8edBwON6qr7+r danielsilverstone@torpor diff --git a/example/gitano-admin/users/dsilvers/user.conf b/example/gitano-admin/users/dsilvers/user.conf new file mode 100644 index 0000000..971d92d --- /dev/null +++ b/example/gitano-admin/users/dsilvers/user.conf @@ -0,0 +1,2 @@ +real_name = "Daniel Silverstone" +email_address = "dsilvers@digital-scurf.org" |