stagit: static git page generator - access: simplify permissions

commit: 8ef8e7ebbbf23f159a042a8083a6fe16198d27ea
parent: f60aee3a165ae1cf788e09218f18275a97e8d033
Author: Tobias Bengfort <tobias.bengfort@posteo.de>
Date: 2020-03-29 19:44

access: simplify permissions

Diffstat

M	gitolite/shell.py	2	+-
M	gitolite/stagit.py	31	+++++++++----------------------
M	gitolite/update.py	2	+-

3 files changed, 11 insertions, 24 deletions

diff --git a/gitolite/shell.py b/gitolite/shell.py

@@ -36,7 +36,7 @@ if __name__ == '__main__':
   36    36 	cmd, repo = parse_soc()
   37    37 
   38    38 	access = 'w' if cmd == 'git-receive-pack' else 'r'
   39    -1 	if not stagit.config.has_perm(repo, user, access, None):
   -1    39 	if not stagit.config.has_perm(repo, user, access):
   40    40 		sys.stderr.write('access denied\n')
   41    41 		sys.exit(1)
   42    42

diff --git a/gitolite/stagit.py b/gitolite/stagit.py

@@ -51,31 +51,18 @@ class Config:
   51    51 		except KeyError:
   52    52 			pass
   53    53 
   54    -1 	def has_perm(self, repo, user, access, ref):
   -1    54 	def has_perm(self, repo, user, access):
   55    55 		users = set([user, '@all'])
   56    -1 		repos = set([repo, '@all'])
   57    -1 		for key, values in self._iter_sets('GROUPS', '@'):
   -1    56 		for group, values in self._iter_sets('GROUPS', '@'):
   58    57 			if user in values:
   59    -1 				users.add(key)
   60    -1 			if repo in values:
   61    -1 				repos.add(key)
   62    -1 
   63    -1 		ret = False
   64    -1 		for r in repos:
   65    -1 			for key, values in self._iter_sets(r, '!'):
   66    -1 				if users.isdisjoint(values):
   67    -1 					continue
   68    -1 				refex, perm = key.rsplit('!', 1)
   69    -1 				if ref and refex and refex[1:] != ref:
   70    -1 					continue
   71    -1 				if perm == '-':
   72    -1 					return False
   73    -1 				elif access in perm:
   74    -1 					ret = True
   75    -1 		return ret
   -1    58 				users.add(group)
   -1    59 		for perm, values in self._iter_sets(repo, '!'):
   -1    60 			if access in perm and not users.isdisjoint(values):
   -1    61 				return True
   -1    62 		return False
   76    63 
   77    64 	def is_public(self, repo):
   78    -1 		return self.has_perm(repo, '@public', 'r', None)
   -1    65 		return self.has_perm(repo, '@public', 'r')
   79    66 
   80    67 	def iter_repos(self):
   81    68 		for key in self.config:
@@ -84,7 +71,7 @@ class Config:
   84    71 
   85    72 	def iter_user_repos(self, user):
   86    73 		for repo in self.iter_repos():
   87    -1 			if self.has_perm(repo, user, 'r', None):
   -1    74 			if self.has_perm(repo, user, 'r'):
   88    75 				yield repo
   89    76 
   90    77

diff --git a/gitolite/update.py b/gitolite/update.py

@@ -33,6 +33,6 @@ if __name__ == '__main__':
   33    33 	ref, oldrev, newrev = sys.argv[1:]
   34    34 
   35    35 	access = get_access(repo, ref, oldrev, newrev)
   36    -1 	if not stagit.config.has_perm(repo, user, access, ref):
   -1    36 	if not stagit.config.has_perm(repo, user, access):
   37    37 		sys.stderr.write('access denied\n')
   38    38 		sys.exit(1)