3 # Original version by Junio C Hamano <junkio@cox.net> and i
4 # Carl Baldwin <cnb@fc.hp.com>. The original version is available at
5 # http://kernel.org/pub/software/scm/git/docs/howto/update-hook-example.txt
7 # Modified by Jonas Juselius <jonas.juselius@chem.uit.no>
12 # If you are having trouble with this access control hook script
13 # you can try setting this to true. It will tell you exactly
14 # why a user is being allowed/denied access.
18 # Default shell globbing messes things up downstream
22 $verbose && echo >&2 "-Grant- $1"
28 $verbose && echo >&2 "-Deny- $1"
34 $verbose && echo >&2 "-Info- $1"
37 # Implement generic branch and tag policies.
38 # - Tags should not be updated once created.
39 # - Branches should only be fast-forwarded.
42 [ -f "$GIT_DIR/$1" ] &&
43 deny
>/dev
/null
"You can't overwrite an existing tag"
46 # No rebasing or rewinding
47 if expr "$2" : '0*$' >/dev
/null
; then
48 info
"The branch '$1' is new..."
50 # updating -- make sure it is a fast forward
51 mb
=$
(git-merge-base
"$2" "$3")
53 "$2,$mb") info
"Update is fast-forward" ;;
54 "$2,$mb") info
"Update is fast-forward" ;;
55 ",$2") echo "$3" |
grep -q '^0\+$'
57 info
"Deleting branch"
59 deny
>/dev
/null
"This is not a fast-forward update."
61 *) deny
>/dev
/null
"This is not a fast-forward update." ;;
67 # "Branch is not under refs/heads or refs/tags. What are you trying to do?"
71 # Implement per-branch controls based on username
72 allowed_users_file
=$GIT_DIR/info
/allowed-users
74 info
"The user is: '$username'"
76 if [ -f "$allowed_users_file" ]; then
77 rc
=$
(cat $allowed_users_file |
grep -v '^#' |
grep -v '^$' |
78 while read head_pattern user_patterns
; do
79 head_pattern
=`eval "echo $head_pattern"`
80 user_patterns
=`eval "echo $user_patterns"`
81 matchlen
=$
(expr "$1" : "$head_pattern")
82 if [ "$matchlen" == "${#1}" ]; then
83 info
"Found matching head pattern: '$head_pattern'"
84 for user_pattern
in $user_patterns; do
85 info
"Checking user: '$username' against pattern: '$user_pattern'"
86 matchlen
=$
(expr "$username" : "$user_pattern")
87 if [ "$matchlen" == "${#username}" ]; then
88 grant
"Allowing user: '$username' with pattern: '$user_pattern'"
91 deny
"The user is not in the access list for this branch"
97 grant
) grant
>/dev
/null
"Granting access based on $allowed_users_file" ;;
98 # deny) deny >/dev/null "Denying access based on $allowed_users_file" ;;
103 allowed_groups_file
=$GIT_DIR/info
/allowed-groups
105 info
"The user belongs to the following groups:"
108 if [ -f "$allowed_groups_file" ]; then
109 rc
=$
(cat $allowed_groups_file |
grep -v '^#' |
grep -v '^$' |
110 while read head_pattern group_patterns
; do
111 matchlen
=$
(expr "$1" : "$head_pattern")
112 if [ "$matchlen" == "${#1}" ]; then
113 info
"Found matching head pattern: '$head_pattern'"
114 for group_pattern
in $group_patterns; do
115 for groupname
in $groups; do
116 info
"Checking group: '$groupname' against pattern: '$group_pattern'"
117 matchlen
=$
(expr "$groupname" : "$group_pattern")
118 if [ "$matchlen" == "${#groupname}" ]; then
119 grant
"Allowing group: '$groupname' with pattern: '$group_pattern'"
123 deny
"None of the user's groups are in the access list for this
130 grant
) grant
>/dev
/null
"Granting access based on $allowed_groups_file" ;;
131 # deny) deny >/dev/null "Denying access based on $allowed_groups_file" ;;
138 grant
>/dev
/null
"Granting access based on $allowed_users_file" ;;
140 deny
>/dev
/null
"Denying access based on $allowed_users_file" ;;
142 grant
>/dev
/null
"Granting access based on $allowed_groups_file" ;;
144 deny
>/dev
/null
"Denying access based on $allowed_groups_file" ;;
145 *) deny
>/dev
/null
"There are no more rules to check. Denying access" ;;