凹凸棒石限制进入分支机构 [英] Gitolite restrict access to branch

问题描述

我的服务器上有GITOLITE，我想配置对存储库的访问.我想限制某些用户对某些分支的访问.我尝试了很多变种来配置gitolite.conf文件，但没有找到解决方案来限制对某些分支的访问权限.

I have GITOLITE on my server and I want to configure access to my repository. I want to restrict access to some branches for some users. I try a lot of variants how to configure gitolite.conf file and I didn't find solution how to restrict acces to some branches.

1)

@developers1 = user1
@developers2 = user2

repo dbatest 
   RW+    = @developers1
   R test = @developers2
   - test = @developers2
   RW+    = @developers2

当user2执行命令时:git push origin test:推入成功 在gitolite日志中，我有以下几行:

When user2 executed command: git push origin test: push succeed In gitolite log I had this lines:

http    ARGV=user2  SOC=git-receive-pack 'dbatest'  FROM=10.65.184.239
6453    pre_git dbatest user2   W   any refs/.*
6453    system,git,http-backend
6453    END

2)

@developers1 = user1
@developers2 = user2

repo dbatest 
   RW+    = @developers1
   - test = @developers2
   RW+    = @developers2

当user2执行命令时:git push origin test:推送成功 在gitolite日志中，我有以下几行:

When user2 executed command: git push origin test: push succeed In gitolite log I had this lines:

http    ARGV=user2  SOC=git-receive-pack 'dbatest'  FROM=10.65.184.239
6457    pre_git dbatest user2   W   any refs/.*
6457        system,git,http-backend
6457    END

3)

@developers1 = user1
@developers2 = user2

repo dbatest 
   RW+    = @developers1
   R test = @developers2
   - test = @developers2
   RW+    = @developers2
   option deny-rules = 1

当user2执行命令:git push origin test:推送被拒绝，他看到此消息:

When user2 executed command: git push origin test: push denied and he saw this message:

fatal: remote error: FATAL: W any dbatest user2 DENIED by refs/heads/test
(or you mis-spelled the reponame)

在乙醇钠盐日志中，我有这个:

And in gitolite log i had this:

8161    http    ARGV=user2  SOC=git-receive-pack 'dbatest'  FROM=10.65.184.239
8161    die W any dbatest user2 DENIED by refs/heads/test<<newline>>(or you mis-spelled the reponame)

这看起来不错，但是当他尝试将某些内容推入master分支时，他有这样的想法.

It's look like good, but when he try to push something into the master branch he had this meesage to.

我尝试在我的gitolite配置文件中混合使用这些行，但是它们对我不起作用.

I tryed mix this lines in my gitolite config file but they didn't work for me.

如果有人可以帮助我，我会很高兴.我想限制某些开发人员对某些分支的写访问权限.我无法创建其他存储库，我必须在一个主存储库上使用限制策略.

I will be happy if someone can help me with it. I want to restrict write access to some branches for some developers. I cann't create additional repository I must to use restrict policy on one main repository.

非常感谢！

推荐答案

如果我查看

dilbert和dev团队有这些限制

dilbert and the dev team has these restrictions

they can do anything to branches whose names start with "dev/"
**they can create or fast-forward push, but not rewind or delete, any branch except `master`**

所以看起来不错:

- test  = @developers2
   RW+  = @developers2

不过，乙醇钠有两种检查方法:

However gitolite has two checks:

• 当引用未知时(在这种情况下，将忽略- test)一个，
• 一个裁判是众所周知的.

• one when the ref is unknown (in which case - test is ignored),
• one for the ref is known.

在您的情况下，应该知道ref(测试)，并且应用拒绝规则.

In your case, the ref (test) should be known and the deny rule apply.

您可以通过以下方法跟踪特定规则的逻辑来进行更多调试:

You can debug more by tracing the logic of your specific rules with:

gitolite access -s dbatest user2 W test

OP Sufelfay 确认 查看全文