1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
|
Access control by configuration keys
------------------------------------
While Gitano allows arbitrarily complex accss control via Lace, and supports
group and repository prefix matching to manage large projects, these approaches
are often overkill for installations with small numbers of repositories, users,
and permission grants.
Instead, the default ruleset for Gitano also supports adding users, by name, to the
config lists "project.readers" and "project.writers" allowing a much simpler
per-repository configuration approach.
Note: This lookup is linear time, so it won't scale to a large number of users.
Also it doesn't automatically get updated if users are added/deleted/renamed.
If any of that concerns you, take the time to use a proper group and Lace approach.
SCENARIO Access controlled by configuration keys
GIVEN a standard instance
AND testinstance using adminkey, adds a new user alice, with a key called main
By default users may not read repositories they are not owners to,
so cloning fails.
WHEN testinstance adminkey runs create testrepo
AND alice, using main, expecting failure, clones testrepo as testrepo
THEN stderr contains \(FATAL: Not authorised\|The requested URL returned error: 403\)
When the user is added to the project.reader config then cloning works.
WHEN testinstance adminkey runs config testrepo set project.readers.* alice
AND alice, using main, clones testrepo as testrepo
THEN alice has a clone of testrepo
Pushing any content fails however.
WHEN alice using main pushes an empty commit in testrepo
THEN stderr contains \(FATAL: Not authorised\|The requested URL returned error: 403\)
Pushing works once the user is added to project.writers.
WHEN testinstance adminkey runs config testrepo set project.writers.* alice
AND alice applies add-a-FOO.patch in testrepo
AND alice, using main, pushes testrepo to testrepo.git
AND server-side testrepo reads git object HEAD
THEN stdout contains Apply add-a-FOO.patch content change
Being a project writer implies also being a project reader.
WHEN testinstance adminkey runs config testrepo del project.readers.i_1
AND alice, using main, clones testrepo as testrepo2
THEN alice has a clone of testrepo2
FINALLY the instance is torn down
|