1

I would like to configure a repository to be accessed by every developer but one particular file should only be modified by certain users.

RWCD                             = @developer
RW+ refs/tags                    = @developer
RW+ VREF/NAME/version.properties = @versionPropertyModifier
-   VREF/NAME/version.properties = @all

This works all fine but there is one problem: When any developer who is not member of the @versionPropertyModifier group wants to push a new branch the push is rejected with link to the version.properties vref.

Whats wrong with my rule set?

Max
  • 1,053
  • 1
  • 13
  • 34

1 Answers1

0

The example for Vref/NAME is not exactly the same:

repo foo
        RW+                             =   @senior_devs
        RW                              =   @junior_devs

        -   VREF/NAME/Makefile          =   @junior_devs

When a senior dev pushes, the VREF is not invoked at all. But when a junior dev pushes, the VREF is invoked, and it returns a list of files changed as virtual refs, looking like this:

VREF/NAME/file-1
VREF/NAME/dir-2/file-3
...etc...

Each of these refs is matched against the access rules. If one of them happens to be the Makefile, then the ref returned (VREF/NAME/Makefile) will match the deny rule and kill the push.

So in your case:

RWCD                              = @developer
RW+  refs/tags                    = @developer
-    VREF/NAME/version.properties = @versionPropertyModifier
VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250
  • Thanks for your answer but that configuration is just the other way around. Now users in the group "@versionPropertyModifier" can´t modify the file version.properties. But it should be: Only users in group "@versionPropertyModifier" should be allowed to modify the version.properties file and @all should be able to create branches and push them. – Max Dec 07 '17 at 07:02
  • @MeMeMax As I mentioned here (https://stackoverflow.com/a/29840269/6309) or there (http://gitolite.com/gitolite/cookbook/#access), did you try a `gitolite acces` to debug your rules? – VonC Dec 07 '17 at 14:44
  • Tried to debug but didn´t come to a solution. I think VREF/NAME_NC is what I am looking for but I´m not sure yet. I need to upgrade our gitolite version first to test it. – Max Dec 08 '17 at 06:36
  • @MeMeMax upgrading gitolite sounds like a good idea. I assumed you were using the very latest version available. – VonC Dec 08 '17 at 07:23