gitolite disallow access for directory on master branch but not on user branch

Question

Consider the following repo:

REPO/src/A/

REPO/src/B/

Is it possible by having only 1 repo to implement the following restrictions?

On master branch, allow full access to maintainers role
On master branch, disallow access to A but allow for B to contributors role.
On personal branches, allow full access to A and B to creators.

Note: the VREF by name might be, in your case: `VREF/NAME/src/A` instead of `VREF/NAME/A`. — VonC, Aug 10 '12 at 11:21

score 4 · Accepted Answer · edited May 23 '17 at 12:12

4

With Gitolite V3 or 'g3' and its VREF, it should be possible to implement those restrictions.

But the access you can manage is only for write-access.
If a user can clone a repo, he/she will have read-access to all the repo (as mentioned in "gitolite: allow to change only selelected files").
If you really want to limit read-access, you might try gitolite 'partial-copy'.

Few notes:

VREF can be used for restricting pushes by dir/file name.
I use here the notion of role, not group of users: you need to set the permission separately for said users.
Personnal branches are described here.

An access rule is like:

<permission> <zero or more refexes> = <one or more users/user groups>

<zero or more refexes> means your can combines refexes

That would give something like (not tested):

repo REPO
        RW+  master                     =   MAINTAINER
        -    master         VREF/NAME/A =   CONTRIBUTOR
        RW   master         VREF/NAME/B =   CONTRIBUTOR
        RW   personal/USER/ VREF/NAME/A =   CREATOR
        RW   personal/USER/ VREF/NAME/B =   CREATOR

edited May 23 '17 at 12:12

Community

1
1

answered Aug 10 '12 at 10:46

VonC

1,262,500
529
4,410
5,250

Hey, i don't care about read access. I ll give a go with your suggested setup and come back with feedback. – Kostas Konstantinidis Aug 10 '12 at 13:06
1

@Konstantinos Excellent. Make sure you have gitolite V3 installed within your GitLab setup. And try it outside of gitlab, with direct git command through ssh. – VonC Aug 10 '12 at 13:09
@VonC, but aren’t combined refexes ORed and not ANDed? – Michal Rus Dec 09 '14 at 20:24
@MichalRus not exactly: it follows a principle of rule accumulation: http://gitolite.com/gitolite/conf.html#rule-accumulation – VonC Dec 09 '14 at 21:08

score 0 · Answer 2 · answered Jan 28 '13 at 17:45

0

repo REPO
    - master VREF/NAME/src/A = @contributors
    RW+ master = @maintainers @contributors
    RW+ personal/ = @creators

answered Jan 28 '13 at 17:45

srwalter

111
3

gitolite disallow access for directory on master branch but not on user branch

2 Answers2

Linked