Clever Geek Handbook

Executing user ACL in git by discarding multiple folders and allowing all others

I have implemented a git server using all the required hooks mentioned in the git Hooks section. While implementing the server side binding for the user's ACL, which is available in this link, I have the following problems:

  • I have 130 folders in a repository, but I want to deny access to only 2 folders in this repository and allow access to all other folders.
  • To do this, in "acl_file" I added all the folder names in the specified format. So there are 130 folders in this file and it is very difficult to go and check if the user is writable for each folder.
  • Also, I can't keep checking which developer is checking the files in the folder.

All I need is there a way to just specify an entry in this "acl_file" so that all users can access all folders except the two special folders that should be restricted?

Note:

I tried to give access to all folders by specifying the following line:

avail | user1, user2 | - grant permission to all folders

unavail | user1 | xyz - Deny permission for the xyz folder.

But user1 gets access to the xyz folder even though I have given up on that folder.

As it doesn't work, can anyone provide an alternative method that will allow access to all folders in the repository and deny permission for only any specific folder?

+3


source to share


2 answers


An alternative method would be to use an alternate tool: gitolite (a perl script that runs alongside your git server and will be called by your font listener like Apache Server ).

Gitolite is an authorization layer that manages all kinds of ACLs, including folder management, via VREF (hook update).

the VREF page includes an example:



Another way to use this is when you know what is allowed instead of what is not .
Let's say a QA person is allowed to touch a file named CHANGELOG

and any files in a directory named ReleaseNotes

:

repo foo
        RW+                             =   @senior_devs
        RW                              =   @junior_devs
        RW+                             =   QA-guy

        RW+ VREF/NAME/CHANGELOG         =   QA-guy
        RW+ VREF/NAME/ReleaseNotes/     =   QA-guy
        -   VREF/NAME/                  =   QA-guy

VREF is a hook (guided guitar) so VREF / NAME is great for file / folder constraints.

0


source


Git doesn't support acl in the same repository.

To provide different levels of access to different data, you need to split them into different storages.
After that, you will be able to control access to each repo separately.



Now, to collect all this data into one folder, you will need to use Git Submodules .

0


source






More articles:


All Articles