]>
Commit | Line | Data |
---|---|---|
0328cfed ER |
1 | # ---------------------------------------------------------------------- |
2 | ||
3 | # Per-repo authorization for gitweb using gitolite v3 access rules | |
4 | # Read comments, modify code as needed, and include in gitweb.conf | |
5 | ||
6 | # ---------------------------------------------------------------------- | |
7 | ||
8 | # First, run 'gitolite query-rc -a' (as the gitolite hosting user) to find the | |
9 | # values for GL_BINDIR and GL_LIBDIR in your installation. Then use those | |
10 | # values in the code below: | |
11 | ||
12 | BEGIN { | |
13 | $ENV{HOME} = '/home/git'; # or whatever is the hosting user's $HOME | |
14 | $ENV{GL_BINDIR} = '/full/path/to/gitolite/src'; | |
15 | $ENV{GL_LIBDIR} = '/full/path/to/gitolite/src/lib'; | |
16 | } | |
17 | ||
18 | # Pull in gitolite's perl API module. Among other things, this also sets the | |
19 | # GL_REPO_BASE environment variable. | |
20 | use lib $ENV{GL_LIBDIR}; | |
21 | use Gitolite::Easy; | |
22 | ||
23 | # Set projectroot for gitweb. If you already set it earlier in gitweb.conf | |
24 | # you don't need this but please make sure the path you used is the same as | |
25 | # the value of GL_REPO_BASE in the 'gitolite query-rc -a' output above. | |
26 | $projectroot = $ENV{GL_REPO_BASE}; | |
27 | ||
28 | # Now get the user name. Unauthenticated clients will be deemed to be the | |
29 | # 'gitweb' user so make sure gitolite's conf file does not allow that user to | |
30 | # see anything sensitive. | |
31 | $ENV{GL_USER} = $cgi->remote_user || 'gitweb'; | |
32 | ||
33 | $export_auth_hook = sub { | |
34 | my $repo = shift; | |
35 | # gitweb passes us the full repo path; we need to strip the beginning and | |
36 | # the end, to get the repo name as it is specified in gitolite conf | |
37 | return unless $repo =~ s/^\Q$projectroot\E\/?(.+)\.git$/$1/; | |
38 | ||
39 | # call Easy.pm's 'can_read' function | |
40 | return can_read($repo); | |
41 | }; |