blob: 30836496a723b87cc3a7fa3c980b62cd57cea6c6 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
Evaluation of rules in Gitano
-----------------------------
Rules in gitano are a "first match wins" mechanism of controlling access to a
repository. There are two sources of rules for a respository. The first set
of rules considered is the rules explicitly stated in the repository in
question. Those rules are stored in the refs/gitano/admin branch of the
repository, access to which is being considered. The second source of rules is
the core.rules file in the gitano-admin repository's master branch.
Gitano defines a set of magical user/group names which always start 'gitano/'
and since the admin layout does not allow for users or groups to be created
By default, the core.rules file (which is *never* automatically rewritten by
the gitano tools and thus can have commentary etc in it) defines a few useful
rules which form the basis of a gitano install.
The default set of core.rules gitano will install in a fresh gitano-admin
repository are:
---8<----
GrantClone(User "gitano/any")
GrantWrite(User "gitano/owner")
Callout("main")
---8<----
If evaluation ever falls off the end of the core rules then Gitano evaluates
the built in stop-gap rule of 'Deny(User "gitano/any")' which effectively
denies everything to everyone. This means that if the rule evaluator falls off
the end of the repository-specific rules then as a last ditch effort we deny
all access.
|
