分支机构的Gitolite权限 [英] Gitolite permissions on branches
问题描述
这是运行gitolite3 v3的gitolite @ ubuntuserver .1-2-g3eefc06 on git 1.7.9.5
所有这些都说我正在尝试完成的是(我想)比较简单。我有一群初级开发人员[@scrubs],我只希望他们创建并提交新分支,并能够读取/拉取主分支。通过这种方式,我可以在合并之前查看它们的代码。
我有一群高级开发人员[@vets],我想要免费统治。
>我的配置文件如下:
@scrubs = al ted matthew
@vets = kevin will guy
@offlimitbranches = master $
repo gitolite-admin
RW + = @vets matthew
repo dawebsite
RW + = @vets
- @offlimitbranches = @scrubs
RW + = @scrubs
R @offlimitbranches = @scrubs
R = daemon
选项deny-rules = 1
dawebsiteOwner=这是网站
我注意到没有任何工作可以拒绝,直到我添加了:
选项deny-rules = 1
其中我认为我可能在20个例子中找到了一个例子(轻轻的一声饶恕了挫败感。
有了这个目前的设置,兽医可以按照预期做任何事情。
磨刀草不能拉到或推到主人(我认为那是因为它抓住了它可能匹配的第一条规则?)磨砂也不能拉或推到任何非主分支,也不能推新创建的分支。每次尝试都会返回相同的消息FATAL:[R / W]任何dawebsite matthew被refs / heads / master拒绝$
我试过使用master,master $ ,@offlimitbranches甚至refs / heads / master都无法为分支参考。
如果有人能帮我解释一下这个,我会非常感激。
更新**
玩弄东西我注意到,如果我从磨砂组中删除matthew并试图直接操纵他 $ b
- master $ = matthew
RW + = matthew
如果他移动到一个新的分支并且尝试了以下操作:(感谢VonC在日志上的抬头)
git pull origin newBranch
git push origin newBranch
每个都会返回一个错误
拉:
ARGV = matthew SOC = git-upload-pack'dawebsite.git'FROM = 172.24.1.198
access(dawebsite,matthew,R,'any'), - > R任何dawebsite matthew被refs / heads / master拒绝$
trigger,Writable,access_1,ACCESS_1,dawebsite,matthew,R,any,R任何dawebsite,matthew由refs / heads / master $ D
R任何dawebsite matthew被refs / heads / master拒绝$<< LT; lt; newline>>>(或者你误拼了reponame)
PUSH:
ARGV = matthew SOC = git-receive-pack'dawebsite.git'FROM = 172.24.1.198
access(dawebsite,matthew,W,'any'), - > W任何medehrdev matthew由refs / heads / master拒绝$
触发器,可写,access_1,ACCESS_1,dawebsite,matthew,W,任何,W任何dawebsite matthew由refs / heads / master拒绝$
W任何dawebsite matthew由refs / heads / master拒绝$<<< newLine>>(或者你误拼了reponame)
看起来我所有的分支都与ref master $匹配,因为它们都是从master中衍生出来的?
我的配置,现在正在工作:
@gatekeepers = ustimenko
@developers = ustimenko user1 user2
@deployers = puppet
@project = repo1
@project = cakephp
repo @project
RW + = @gatekeepers
R master develop = @developers
- master develop = @developers
RW + = @developers
R = @deployers
- Gatekee持有完全访问权。
- 开发人员可以阅读master和开发分支,然后拒绝
其他操作。其他事情。 - 部署人员可以阅读全部内容。
I'm really at a loss here. I've read through quite a few examples, and tried all of them. The most basic ones work fine, but anytime I try to move to something a bit more complicated everything falls apart (even when I'm directly copying the example). Also, for the record I am on gitolite version 3 as shown by the server spam:
this is gitolite@ubuntuserver running gitolite3 v3.1-2-g3eefc06 on git 1.7.9.5
All this said what I am TRYING to accomplish is (I THINK) relatively simple. I have a group of junior developers [@scrubs], and I only want them to create and commit to new branches, and be able to read/pull master. That way I can review their code before it gets merged in.
I have a group of senior developers [@vets] that I want to have free reign.
My config file is as follows:
@scrubs = al ted matthew
@vets = kevin will guy
@offlimitbranches = master$
repo gitolite-admin
RW+ = @vets matthew
repo dawebsite
RW+ = @vets
- @offlimitbranches = @scrubs
RW+ = @scrubs
R @offlimitbranches = @scrubs
R = daemon
option deny-rules = 1
dawebsite "Owner" = "This is THE site"
I noticed nothing worked at all for denying till I added :
option deny-rules = 1
of which I think I found in maybe one out of 20 examples (a touch of a rant forgive the frustration.
With this current set up vets can do anything as expected.
scrubs can neither pull or push to master (and I think that's because it grabs the first rule it can possible match?) Scrubs also can not pull or push to any non master branch, nor push newly created branches. Each attempt returns the same message "FATAL: [R/W] any dawebsite matthew DENIED by refs/heads/master$"
I've tried using master, master$, @offlimitbranches and even refs/heads/master to no avail for the branch ref.
If anyone can help shed some light on this for me I'd be quite appreciative.
Update**
Playing around with things I've noticed that if i remove matthew from the scrubs group and try to manipulate him directly with
- master$ = matthew
RW+ = matthew
if he moves to a new branch and tried the following: (thanks VonC for the heads up on the logs)
git pull origin newBranch
git push origin newBranch
each returns an error
PULL:
ARGV=matthew SOC=git-upload-pack 'dawebsite.git' FROM=172.24.1.198
access(dawebsite, matthew, R, 'any'),-> R any dawebsite matthew DENIED by refs/heads/master$
trigger,Writable,access_1,ACCESS_1,dawebsite,matthew,R,any,R any dawebsite,matthew DENIED by refs/heads/master$
R any dawebsite matthew DENIED by refs/heads/master$<<newline>>(or you mis-spelled the reponame)
PUSH:
ARGV=matthew SOC=git-receive-pack 'dawebsite.git' FROM=172.24.1.198
access(dawebsite, matthew, W, 'any'),-> W any medehrdev matthew DENIED by refs/heads/master$
trigger,Writable,access_1,ACCESS_1,dawebsite,matthew,W,any,W any dawebsite matthew DENIED by refs/heads/master$
W any dawebsite matthew DENIED by refs/heads/master$<<newline>>(or you mis-spelled the reponame)
It seems all my branches match against the ref master$ is that because they are all spawned off of master?
My config, that is working now:
@gatekeepers = ustimenko
@developers = ustimenko user1 user2
@deployers = puppet
@project = repo1
@project = cakephp
repo @project
RW+ = @gatekeepers
R master develop = @developers
- master develop = @developers
RW+ = @developers
R = @deployers
- Gatekeepers have full access.
- Developers can read master and develop branches, then they denied other actions there.
- Developers can do all other things.
- Deployers can read all.
这篇关于分支机构的Gitolite权限的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
