From 00c1817dacfae3be2749f199000a2db25b5c8a43 Mon Sep 17 00:00:00 2001
From: Daniel Silverstone <dsilvers@digital-scurf.org>
Date: Sat, 3 Dec 2016 15:17:01 +0000
Subject: Ensure that lace warns if an ACL check is being bypassed

---
 lib/gitano/lace.lua | 13 +++++++++++++
 1 file changed, 13 insertions(+)

(limited to 'lib')

diff --git a/lib/gitano/lace.lua b/lib/gitano/lace.lua
index 6d9c0bf..59c5a7a 100644
--- a/lib/gitano/lace.lua
+++ b/lib/gitano/lace.lua
@@ -209,6 +209,19 @@ local function compile_ruleset(repo, adminsha, globaladminsha)
 end
 
 local function run_ruleset(ruleset, ctx)
+   -- First check if we're running as bypass
+   if ctx.as_user == "gitano-bypass" then
+      log.stdout(i18n.expand("LACE_BYPASS_BANNER_HEADER"))
+      log.stdout(i18n.expand("LACE_BYPASS_ALERT_MESSAGE"))
+      log.stdout(i18n.expand("LACE_BYPASS_BANNER_FOOTER"))
+      return "allow", i18n.expand("LACE_BYPASSED")
+   end
+   if ctx.as_user == nil and ctx.user == "gitano-bypass" then
+      log.stdout(i18n.expand("LACE_BYPASS_BANNER_HEADER"))
+      log.stdout(i18n.expand("LACE_BYPASS_ALERT_MESSAGE"))
+      log.stdout(i18n.expand("LACE_BYPASS_BANNER_FOOTER"))
+      return "allow", i18n.expand("LACE_BYPASSED")
+   end
    return lace.engine.run(ruleset, ctx)
 end
 
-- 
cgit v1.2.1