diff options
Diffstat (limited to 'git.liw.fi.yarn')
| -rw-r--r-- | git.liw.fi.yarn | 72 |
1 files changed, 72 insertions, 0 deletions
diff --git a/git.liw.fi.yarn b/git.liw.fi.yarn index 72714d7..c3b0dbb 100644 --- a/git.liw.fi.yarn +++ b/git.liw.fi.yarn @@ -61,6 +61,27 @@ A non-admin mustn't be able to create or remove users. FINALLY remove user tstusr on server AND remove user tstusr2 on server +Public repository creation, access, and removal +----------------------------------------------- + +The ruleset is meant to make all repositories public. + +Admin should be able to create a public repository. That repository +should then be accessible to both the admin and a non-admin via both +git and ssh protocols. Finally, the admin, but not a non-admin, should +be able to remove the repository. + + SCENARIO public repositories + ASSUMING no tstusr user exists on server + GIVEN an ssh key for tstusr + WHEN admin creates user tstusr + AND admin creates repository tstrepo + THEN admin can clone tstrepo using git + AND admin can clone tstrepo using ssh + AND tstusr can clone tstrepo using ssh + FINALLY remove repository tstrepo on server + AND remove user tstusr on server + Implementation sections ======================= @@ -173,3 +194,54 @@ Admin clean up user at end of scenario. then user_del admin "$MATCH_1" fi + +Repository creation +------------------- + +Repositories can only be created by the admin. + + IMPLEMENTS WHEN admin creates repository (\S+) + run_gitano_as admin create "$MATCH_1" + +Repository cloning +------------------ + +Repositories can be cloned using git or ssh protocols, and they +may be cloned by various users. We store the clone repositories +as `$DATADIR/$USER/$REPO`. If the same user clones the same +repository more than once, we only keep the last one. + +It doesn't matter who clones over git, since git is open to everyone. +So we only have a variant for admin, for simplicity. + + IMPLEMENTS THEN admin can clone (\S+) using git + localdir="$DATADIR/admin/$MATCH_1" + rm -rf "$localdir" + mkdir -p "$localdir" + git clone "git://$GITHOST/$MATCH_1" "$localdir" + +However, cloning over ssh is serious business, for ACL. The tricky bit +here is to get git to use the right ssh key. We do this by having +a ./ssh script that runs the real ssh, but adds a `-i` option to the +desired keyfile. But we only do that for non-admin users. + + IMPLEMENTS THEN (\S+) can clone (\S+) using ssh + localdir="$DATADIR/admin/$MATCH_2" + rm -rf "$localdir" + mkdir -p "$localdir" + url="ssh://$GITANO@$GITHOST/$MATCH_2" + if [ "$MATCH_1" = admin ] + then + git clone "$url" "$localdir" + else + KEYFILE="$DATADIR/$MATCH_1.key" \ + PATH="$SRCDIR:$PATH" git clone "$url" "$localdir" + fi + +Repository removal +------------------ + +At the end, we need to clean up repositories. + + IMPLEMENTS FINALLY remove repository (\S+) on server + destroy_repo admin "$MATCH_1" |