gitweb integration with gerrit
351 views
Skip to first unread message
Warren Turkal
Dec 11, 2013, 6:31:36 PM12/11/13
to Repo and Gerrit Discussion
Hey,
I wanted to allow any user of particular group to access the gitweb of projects they can access. I had the following permissions set:
[access "refs/*"]
read = group Administrators
[access "refs/meta/config"]
exclusiveGroupPermissions = read
read = group Administrators
[access "refs/meta/dashboards/*"]
exclusiveGroupPermissions = read
read = group Administrators
This did not allow gitweb links to work for people in the "Engineers" group. So I found this message from this mailing list:
https://groups.google.com/d/msg/repo-discuss/1gtpscotpfA/eJBu65XkXv4J
As a result of that message, I added the following perms:
[access "refs/meta/config"]
...
read = group Engineers
[access "refs/meta/dashboards/*"]
...
read = group Engineers
I understand why the perms needed to be added due to the exclusivity of those sections. At the very least, I think this need to be able to read all branches from a repo to git any gitweb access should be documented in the gitweb integration docs. Is good place for that info?
Alternatively, and ideally IMO, is there any meaningful way to life the restriction such that if someone can read a commit with their gerrit permissions should also be able to see that commit in gitweb?
Thanks,
wt
-- Warren Turkal
Site Reliability Engineer |
w...@ooyala.com | 650-961-3400
www.ooyala.com | blog | @ooyala
Shawn Pearce
Dec 11, 2013, 6:38:16 PM12/11/13
to Warren Turkal, Repo and Gerrit Discussion
On Wed, Dec 11, 2013 at 3:31 PM, Warren Turkal <w...@ooyala.com> wrote:
Hey,I wanted to allow any user of particular group to access the gitweb of projects they can access. I had the following permissions set:[access "refs/*"]read = group Administrators
[access "refs/meta/config"]exclusiveGroupPermissions = readread = group Administrators[access "refs/meta/dashboards/*"]exclusiveGroupPermissions = readread = group Administrators
This did not allow gitweb links to work for people in the "Engineers" group. So I found this message from this mailing list:
https://groups.google.com/d/msg/repo-discuss/1gtpscotpfA/eJBu65XkXv4J
As a result of that message, I added the following perms:[access "refs/meta/config"]...read = group Engineers[access "refs/meta/dashboards/*"]...read = group Engineers
I understand why the perms needed to be added due to the exclusivity of those sections. At the very least, I think this need to be able to read all branches from a repo to git any gitweb access should be documented in the gitweb integration docs. Is good place for that info?
Yes. Patches to update the documentation would be most appreciated. :-)
Alternatively, and ideally IMO, is there any meaningful way to life the restriction such that if someone can read a commit with their gerrit permissions should also be able to see that commit in gitweb?
Not really. Filtering all gitweb requests to ensure the Gerrit security is enforced as set by the admin or project owner is pretty gnarly. So we punted and chose not to try.
Warren Turkal
Dec 11, 2013, 7:01:52 PM12/11/13
to Shawn Pearce, Repo and Gerrit Discussion
On Wed, Dec 11, 2013 at 3:38 PM, Shawn Pearce <s...@google.com> wrote:
Yes. Patches to update the documentation would be most appreciated. :-)
Here you go: https://gerrit-review.googlesource.com/52981
Reply all
Reply to author
Forward
0 new messages