Ensure that lace warns if an ACL check is being bypassed

author: Daniel Silverstone <dsilvers@digital-scurf.org> 2016-12-03 15:17:01 +0000
committer: Daniel Silverstone <dsilvers@digital-scurf.org> 2016-12-03 16:06:49 +0000
commit: 00c1817dacfae3be2749f199000a2db25b5c8a43 (patch)
tree: cf46d9fc64da9fbbaa9d49bca3fcb9e9a9012ade /lib
parent: abdf0cf6b732d8a7aff05c26e7cd0c82d2ea0f34 (diff)
download: gitano-00c1817dacfae3be2749f199000a2db25b5c8a43.tar.gz
1 files changed, 13 insertions, 0 deletions
diff --git a/lib/gitano/lace.lua b/lib/gitano/lace.lua
index 6d9c0bf..59c5a7a 100644
--- a/lib/gitano/lace.lua
+++ b/lib/gitano/lace.lua
@@ -209,6 +209,19 @@ local function compile_ruleset(repo, adminsha, globaladminsha)
 end
 
 local function run_ruleset(ruleset, ctx)
+   -- First check if we're running as bypass
+   if ctx.as_user == "gitano-bypass" then
+      log.stdout(i18n.expand("LACE_BYPASS_BANNER_HEADER"))
+      log.stdout(i18n.expand("LACE_BYPASS_ALERT_MESSAGE"))
+      log.stdout(i18n.expand("LACE_BYPASS_BANNER_FOOTER"))
+      return "allow", i18n.expand("LACE_BYPASSED")
+   end
+   if ctx.as_user == nil and ctx.user == "gitano-bypass" then
+      log.stdout(i18n.expand("LACE_BYPASS_BANNER_HEADER"))
+      log.stdout(i18n.expand("LACE_BYPASS_ALERT_MESSAGE"))
+      log.stdout(i18n.expand("LACE_BYPASS_BANNER_FOOTER"))
+      return "allow", i18n.expand("LACE_BYPASSED")
+   end
    return lace.engine.run(ruleset, ctx)
 end
author	Daniel Silverstone <dsilvers@digital-scurf.org>	2016-12-03 15:17:01 +0000
committer	Daniel Silverstone <dsilvers@digital-scurf.org>	2016-12-03 16:06:49 +0000
commit	00c1817dacfae3be2749f199000a2db25b5c8a43 (patch)
tree	cf46d9fc64da9fbbaa9d49bca3fcb9e9a9012ade /lib
parent	abdf0cf6b732d8a7aff05c26e7cd0c82d2ea0f34 (diff)
download	gitano-00c1817dacfae3be2749f199000a2db25b5c8a43.tar.gz