mirrors
/
gitblit
mirror of https://github.com/gitblit/gitblit.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 43 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2950 Commits
11 Branches
Branch: 1026-Lucene-Index-PDF
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '1026-Lucene-Index-PDF'
${ noResults }
gitblit/src/site/administration.mkd

administration.mkd 9.1KB
Raw Permalink Normal View History

Big push for first release. * Build script overhaul including building & publishing GO, WAR, Docs, and Site. * Restored JGit 0.12.1 dependency and backported Blame. Got tired of waiting for JGit 1.0.0 Maven artifacts. * Changed Summary Page layout * Optional cookie authentication * Added icons for log, tags, and branches panels. * Show last commit author and short message on branches panel. * Unit testing. * Documentation.
13 years ago
Building site content and documentation from Markdown.
13 years ago
Owner editing. Frozen status. Grouped repositories. Documentation.
13 years ago
Building site content and documentation from Markdown.
13 years ago
Owner editing. Frozen status. Grouped repositories. Documentation.
13 years ago
Building site content and documentation from Markdown.
13 years ago
Owner editing. Frozen status. Grouped repositories. Documentation.
13 years ago
Readme markdown on summary page per-repository.
13 years ago
Implemented a Federation Client. Bare clone tweaks. Documentation.
12 years ago
Largely completed, uber-cool federation feature.
12 years ago
Documentation. Refactoring class names. Re-encapsulate settings.
12 years ago
Implemented Federation Sets. Documentation.
12 years ago
Documentation. Updated to MarkdownPapers 1.2.3.
12 years ago
Building site content and documentation from Markdown.
13 years ago
Fix cloning repositories with + in their names
10 years ago
Building site content and documentation from Markdown.
13 years ago
Documentation. Moved clone and fetch into JGitUtils. Create bare only.
13 years ago
Documentation. Enforce ".git" suffix for created repositories.
13 years ago
Big push for first release. * Build script overhaul including building & publishing GO, WAR, Docs, and Site. * Restored JGit 0.12.1 dependency and backported Blame. Got tired of waiting for JGit 1.0.0 Maven artifacts. * Changed Summary Page layout * Optional cookie authentication * Added icons for log, tags, and branches panels. * Show last commit author and short message on branches panel. * Unit testing. * Documentation.
13 years ago
Documentation. Enforce ".git" suffix for created repositories.
13 years ago
Owner editing. Frozen status. Grouped repositories. Documentation.
13 years ago
Finer-grained repository access permissions (issue 36) Implemented discrete repository access permissions to replace the really primitive course-grained permissions used to this point. This implementation allows for finer-grained access control, but still falls short of integrated, branch-based permissions sought by some. Access permissions follow the conventions established by Gitosis and Gitolite so they should feel immediately comfortable to experienced users. This permissions infrastructure is complete and works exactly as expected. Unfortunately, there is no ui in this commit to change permissions, that will be forthcoming. In the meantime, Gitblit hot-reloads users.conf so the permissions can be manipulated at runtime with a text editor. The following per-repository permissions are now supported: - V (view in web ui, RSS feeds, download zip) - R (clone) - RW (clone and push) - RWC (clone and push with ref creation) - RWD (clone and push with ref creation, deletion) - RW+ (clone and push with ref creation, deletion, rewind) And a users.conf entry looks something like this: [user "hannibal"] password = bossman repository = RWD:topsecret.git
11 years ago
Try regex permission matching if exact permission is not found (issue 36)
11 years ago
Documentation
11 years ago
Try regex permission matching if exact permission is not found (issue 36)
11 years ago
Permission regexes are now case-insensitive
11 years ago
Try regex permission matching if exact permission is not found (issue 36)
11 years ago
Implemented exclusion (X) permission
11 years ago
Try regex permission matching if exact permission is not found (issue 36)
11 years ago
Documentation
11 years ago
Finer-grained repository access permissions (issue 36) Implemented discrete repository access permissions to replace the really primitive course-grained permissions used to this point. This implementation allows for finer-grained access control, but still falls short of integrated, branch-based permissions sought by some. Access permissions follow the conventions established by Gitosis and Gitolite so they should feel immediately comfortable to experienced users. This permissions infrastructure is complete and works exactly as expected. Unfortunately, there is no ui in this commit to change permissions, that will be forthcoming. In the meantime, Gitblit hot-reloads users.conf so the permissions can be manipulated at runtime with a text editor. The following per-repository permissions are now supported: - V (view in web ui, RSS feeds, download zip) - R (clone) - RW (clone and push) - RWC (clone and push with ref creation) - RWD (clone and push with ref creation, deletion) - RW+ (clone and push with ref creation, deletion, rewind) And a users.conf entry looks something like this: [user "hannibal"] password = bossman repository = RWD:topsecret.git
11 years ago
Experimental committer verification
11 years ago
Revised committer verification to require email address Change-Id: I5298c93e03099813f5713a4effd87913429aa3dc
10 years ago
Documentation Change-Id: I717e13d1f852a4adf50b547f4769dd62da2384ce
10 years ago
Experimental committer verification
11 years ago
Documentation Change-Id: I717e13d1f852a4adf50b547f4769dd62da2384ce
10 years ago
Experimental committer verification
11 years ago
Revised committer verification to require email address Change-Id: I5298c93e03099813f5713a4effd87913429aa3dc
10 years ago
Experimental committer verification
11 years ago
Documentation
11 years ago
Finer-grained repository access permissions (issue 36) Implemented discrete repository access permissions to replace the really primitive course-grained permissions used to this point. This implementation allows for finer-grained access control, but still falls short of integrated, branch-based permissions sought by some. Access permissions follow the conventions established by Gitosis and Gitolite so they should feel immediately comfortable to experienced users. This permissions infrastructure is complete and works exactly as expected. Unfortunately, there is no ui in this commit to change permissions, that will be forthcoming. In the meantime, Gitblit hot-reloads users.conf so the permissions can be manipulated at runtime with a text editor. The following per-repository permissions are now supported: - V (view in web ui, RSS feeds, download zip) - R (clone) - RW (clone and push) - RWC (clone and push with ref creation) - RWD (clone and push with ref creation, deletion) - RW+ (clone and push with ref creation, deletion, rewind) And a users.conf entry looks something like this: [user "hannibal"] password = bossman repository = RWD:topsecret.git
11 years ago
Documentation
10 years ago
Support --baseFolder parameter and small data reorganization
11 years ago
Documentation
11 years ago
Support --baseFolder parameter and small data reorganization
11 years ago
Teams support. Teams simplify the management of user-repository access permissions. Teams have a list of restricted repositories. Users are also added to teams and that grants them access to those repositories. Federation and RPC support are still in-progress.
12 years ago
Documentation
11 years ago
Teams support. Teams simplify the management of user-repository access permissions. Teams have a list of restricted repositories. Users are also added to teams and that grants them access to those repositories. Federation and RPC support are still in-progress.
12 years ago
Documentation
11 years ago
Teams support. Teams simplify the management of user-repository access permissions. Teams have a list of restricted repositories. Users are also added to teams and that grants them access to those repositories. Federation and RPC support are still in-progress.
12 years ago
Implemented ConfigUserService. Fixed and deprecated FileUserService.
12 years ago
Finer-grained repository access permissions (issue 36) Implemented discrete repository access permissions to replace the really primitive course-grained permissions used to this point. This implementation allows for finer-grained access control, but still falls short of integrated, branch-based permissions sought by some. Access permissions follow the conventions established by Gitosis and Gitolite so they should feel immediately comfortable to experienced users. This permissions infrastructure is complete and works exactly as expected. Unfortunately, there is no ui in this commit to change permissions, that will be forthcoming. In the meantime, Gitblit hot-reloads users.conf so the permissions can be manipulated at runtime with a text editor. The following per-repository permissions are now supported: - V (view in web ui, RSS feeds, download zip) - R (clone) - RW (clone and push) - RWC (clone and push with ref creation) - RWD (clone and push with ref creation, deletion) - RW+ (clone and push with ref creation, deletion, rewind) And a users.conf entry looks something like this: [user "hannibal"] password = bossman repository = RWD:topsecret.git
11 years ago
Teams support. Teams simplify the management of user-repository access permissions. Teams have a list of restricted repositories. Users are also added to teams and that grants them access to those repositories. Federation and RPC support are still in-progress.
12 years ago
Finer-grained repository access permissions (issue 36) Implemented discrete repository access permissions to replace the really primitive course-grained permissions used to this point. This implementation allows for finer-grained access control, but still falls short of integrated, branch-based permissions sought by some. Access permissions follow the conventions established by Gitosis and Gitolite so they should feel immediately comfortable to experienced users. This permissions infrastructure is complete and works exactly as expected. Unfortunately, there is no ui in this commit to change permissions, that will be forthcoming. In the meantime, Gitblit hot-reloads users.conf so the permissions can be manipulated at runtime with a text editor. The following per-repository permissions are now supported: - V (view in web ui, RSS feeds, download zip) - R (clone) - RW (clone and push) - RWC (clone and push with ref creation) - RWD (clone and push with ref creation, deletion) - RW+ (clone and push with ref creation, deletion, rewind) And a users.conf entry looks something like this: [user "hannibal"] password = bossman repository = RWD:topsecret.git
11 years ago
Try regex permission matching if exact permission is not found (issue 36)
11 years ago
Teams support. Teams simplify the management of user-repository access permissions. Teams have a list of restricted repositories. Users are also added to teams and that grants them access to those repositories. Federation and RPC support are still in-progress.
12 years ago
Finer-grained repository access permissions (issue 36) Implemented discrete repository access permissions to replace the really primitive course-grained permissions used to this point. This implementation allows for finer-grained access control, but still falls short of integrated, branch-based permissions sought by some. Access permissions follow the conventions established by Gitosis and Gitolite so they should feel immediately comfortable to experienced users. This permissions infrastructure is complete and works exactly as expected. Unfortunately, there is no ui in this commit to change permissions, that will be forthcoming. In the meantime, Gitblit hot-reloads users.conf so the permissions can be manipulated at runtime with a text editor. The following per-repository permissions are now supported: - V (view in web ui, RSS feeds, download zip) - R (clone) - RW (clone and push) - RWC (clone and push with ref creation) - RWD (clone and push with ref creation, deletion) - RW+ (clone and push with ref creation, deletion, rewind) And a users.conf entry looks something like this: [user "hannibal"] password = bossman repository = RWD:topsecret.git
11 years ago
Support mailing lists for Teams
12 years ago
Implemented Team hook scripts
12 years ago
Implemented ConfigUserService. Fixed and deprecated FileUserService.
12 years ago
Documentation
11 years ago
Building site content and documentation from Markdown.
13 years ago
Finer-grained repository access permissions (issue 36) Implemented discrete repository access permissions to replace the really primitive course-grained permissions used to this point. This implementation allows for finer-grained access control, but still falls short of integrated, branch-based permissions sought by some. Access permissions follow the conventions established by Gitosis and Gitolite so they should feel immediately comfortable to experienced users. This permissions infrastructure is complete and works exactly as expected. Unfortunately, there is no ui in this commit to change permissions, that will be forthcoming. In the meantime, Gitblit hot-reloads users.conf so the permissions can be manipulated at runtime with a text editor. The following per-repository permissions are now supported: - V (view in web ui, RSS feeds, download zip) - R (clone) - RW (clone and push) - RWC (clone and push with ref creation) - RWD (clone and push with ref creation, deletion) - RW+ (clone and push with ref creation, deletion, rewind) And a users.conf entry looks something like this: [user "hannibal"] password = bossman repository = RWD:topsecret.git
11 years ago
Documentation. Updated to MarkdownPapers 1.2.3.
12 years ago
Building site content and documentation from Markdown.
13 years ago
Finer-grained repository access permissions (issue 36) Implemented discrete repository access permissions to replace the really primitive course-grained permissions used to this point. This implementation allows for finer-grained access control, but still falls short of integrated, branch-based permissions sought by some. Access permissions follow the conventions established by Gitosis and Gitolite so they should feel immediately comfortable to experienced users. This permissions infrastructure is complete and works exactly as expected. Unfortunately, there is no ui in this commit to change permissions, that will be forthcoming. In the meantime, Gitblit hot-reloads users.conf so the permissions can be manipulated at runtime with a text editor. The following per-repository permissions are now supported: - V (view in web ui, RSS feeds, download zip) - R (clone) - RW (clone and push) - RWC (clone and push with ref creation) - RWD (clone and push with ref creation, deletion) - RW+ (clone and push with ref creation, deletion, rewind) And a users.conf entry looks something like this: [user "hannibal"] password = bossman repository = RWD:topsecret.git
11 years ago
Documentation. Changed status RPC protection. Status tab for Manager.
12 years ago
Building site content and documentation from Markdown.
13 years ago
Finer-grained repository access permissions (issue 36) Implemented discrete repository access permissions to replace the really primitive course-grained permissions used to this point. This implementation allows for finer-grained access control, but still falls short of integrated, branch-based permissions sought by some. Access permissions follow the conventions established by Gitosis and Gitolite so they should feel immediately comfortable to experienced users. This permissions infrastructure is complete and works exactly as expected. Unfortunately, there is no ui in this commit to change permissions, that will be forthcoming. In the meantime, Gitblit hot-reloads users.conf so the permissions can be manipulated at runtime with a text editor. The following per-repository permissions are now supported: - V (view in web ui, RSS feeds, download zip) - R (clone) - RW (clone and push) - RWC (clone and push with ref creation) - RWD (clone and push with ref creation, deletion) - RW+ (clone and push with ref creation, deletion, rewind) And a users.conf entry looks something like this: [user "hannibal"] password = bossman repository = RWD:topsecret.git
11 years ago
Documentation
11 years ago
Finer-grained repository access permissions (issue 36) Implemented discrete repository access permissions to replace the really primitive course-grained permissions used to this point. This implementation allows for finer-grained access control, but still falls short of integrated, branch-based permissions sought by some. Access permissions follow the conventions established by Gitosis and Gitolite so they should feel immediately comfortable to experienced users. This permissions infrastructure is complete and works exactly as expected. Unfortunately, there is no ui in this commit to change permissions, that will be forthcoming. In the meantime, Gitblit hot-reloads users.conf so the permissions can be manipulated at runtime with a text editor. The following per-repository permissions are now supported: - V (view in web ui, RSS feeds, download zip) - R (clone) - RW (clone and push) - RWC (clone and push with ref creation) - RWD (clone and push with ref creation, deletion) - RW+ (clone and push with ref creation, deletion, rewind) And a users.conf entry looks something like this: [user "hannibal"] password = bossman repository = RWD:topsecret.git
11 years ago
Building site content and documentation from Markdown.
13 years ago
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200 
  1. ## Gitblit Configuration

  2. 

  3. ### Administering Repositories

  4. Repositories can be created, edited, renamed, and deleted through the web UI.  They may also be created, edited, and deleted from the command-line using real [Git](http://git-scm.com) or your favorite file manager and text editor.

  5. 

  6. All repository settings are stored within the repository `.git/config` file under the *gitblit* section.

  7. 

  8.     [gitblit]

  9. 	    description = master repository

  10. 	    owner = james

  11. 	    useTickets = false

  12. 	    useDocs = true

  13. 	    showRemoteBranches = false

  14. 	    accessRestriction = clone

  15. 	    isFrozen = false

  16. 	    showReadme = false

  17. 	    federationStrategy = FEDERATE_THIS

  18. 	    isFederated = false

  19. 	    skipSizeCalculation = false

  20. 	    federationSets = 

  21. 

  22. #### Repository Names

  23. Repository names must be case-insensitive-unique but are CASE-SENSITIVE ON CASE-SENSITIVE FILESYSTEMS.  The name must be composed of letters, digits, or `/ _ - . ~ +`<br/>

  24. Whitespace is illegal.

  25. 

  26. Repositories can be grouped within subfolders.  e.g. *libraries/mycoollib.git* and *libraries/myotherlib.git*

  27. 

  28. All repositories created with Gitblit are *bare* and will automatically have *.git* appended to the name at creation time, if not already specified. 

  29. 

  30. #### Repository Owner

  31. The *Repository Owner* has the special permission of being able to edit a repository through the web UI.  The Repository Owner is not permitted to rename the repository, delete the repository, or reassign ownership to another user.

  32. 

  33. ### Access Restrictions and Access Permissions

  34. ![permissions matrix](permissions_matrix.png "Permissions and Restrictions")

  35. 

  36. #### Discrete Permissions (Gitblit v1.2.0+)

  37. 

  38. Since v1.2.0, Gitblit supports more discrete permissions.  While Gitblit does not offer a built-in solution for branch-based permissions like Gitolite, it does allow for the following repository access permissions:

  39. 

  40. - **V** (view in web ui, RSS feeds, download zip)

  41. - **R** (clone)

  42. - **RW** (clone and push)

  43. - **RWC** (clone and push with ref creation)

  44. - **RWD** (clone and push with ref creation, deletion)

  45. - **RW+** (clone and push with ref creation, deletion, rewind)

  46. 

  47. These permission codes are combined with the repository path to create a user permission:

  48. 

  49.     RW:mygroup/myrepo.git

  50. 

  51. **NOTE:**  

  52. The following repository permissions are equivalent:

  53. 

  54. - myrepo.git

  55. - RW+:myrepo.git

  56. 

  57. This is to preserve backwards-compatibility with Gitblit <= 1.1.0 which granted rewind power to all access-permitted users.

  58. 

  59. #### Discrete Permissions with Regex Matching (Gitblit v1.2.0+)

  60. 

  61. Gitblit also supports *case-insensitive* regex matching for repository permissions.  The following permission grants push privileges to all repositories in the *mygroup* folder.

  62. 

  63.     RW:mygroup/.*

  64. 

  65. ##### Exclusions

  66. 

  67. When using regex matching it may also be useful to exclude specific repositories or to exclude regex repository matches.  You may specify the **X** permission for exclusion.  The following example grants clone permission to all repositories except the repositories in mygroup.  The user/team will have no access whatsoever to these repositories.

  68. 

  69.     X:mygroup/.*

  70.     R:.*

  71. 

  72. ##### Order is Important

  73. 

  74. The preceding example should suggest that order of permissions is important with regex matching.  Here are the rules for determining the permission that is applied to a repository request:

  75. 

  76. 1. If the user is an admin or repository owner, then RW+

  77. 2. Else if user has an explicit permission, use that

  78. 3. Else check for the first regex match in user permissions

  79. 4. Else check for the HIGHEST permission from team memberships

  80.     1. If the team is an admin team, then RW+

  81.     2. Else if a team has an explicit permission, use that

  82.     3. Else check for the first regex match in team permissions

  83. 

  84. #### No-So-Discrete Permissions (Gitblit &lt;= v1.1.0)

  85. 

  86. Prior to v1.2.0, Gitblit has two main access permission groupings:  

  87. 

  88. 1. what you are permitted to do as an anonymous user

  89. 2. **RW+** for any permitted user

  90. 

  91. #### Committer Verification

  92. 

  93. You may optionally enable committer verification which requires that each commit be committed by the authenticated user pushing the commits.  i.e. If Bob is pushing the commits, Bob **must** be the committer of those commits.

  94. 

  95. **How is this enforced?**

  96. 

  97. Bob must properly set his *user.name* and *user.email* values for the repository to match his Gitblit user account **BEFORE** committing to his repository.

  98. 

  99. ```

  100. [user "bob"]

  101.     displayName = Bob Jones

  102.     emailAddress = bob@somewhere.com

  103. ```

  104. 

  105.     git config user.name "Bob Jones"

  106.     git config user.email bob@somewhere.com	

  107. or

  108. 

  109.     git config user.name bob

  110.     git config user.email bob@somewhere.com	

  111. 

  112. The committer email address is required to be identical.  Display name or username can be used as the committer name.

  113. 

  114. All checks are case-insensitive.

  115. 

  116. **What about merges?**

  117. 

  118. You can not use fast-forward merges on your client when using committer verification.  You must specify *--no-ff* to ensure that a merge commit is created with your identity as the committer.  Only the first/left parent chain is traversed when verifying commits.

  119. 

  120. #### Reflog

  121. 

  122. Gitblit v1.2.1 introduced an incomplete reflog mechanism which was completed in 1.3.0.  All pushes to Gitblit are automatically logged on an orphan branch, `refs/meta/gitblit/reflog`.  If this ref exists, the reflog page link will be displayed on the repository pages.

  123. 

  124. This reflog is similar to, but not the same as, the normal Git reflog. The Gitblit reflog links Gitblit accounts to ref changes and because it is stored on an orphan branch, the reflog is portable by the federation mechanism or by a normal <code>git clone --mirror</code> command.

  125. 

  126. ### Teams

  127. 

  128. Teams have assigned users and assigned repositories.  A user can be a member of multiple teams and a repository may belong to multiple teams.  This allows the administrator to quickly add a user to a team without having to keep track of all the appropriate repositories. 

  129. 

  130. ### Administering Users

  131. All users and permissions are stored in the `users.conf` file. Your file extension must be *.conf* in order to use this user service.

  132. 

  133. The `users.conf` file uses a Git-style configuration format:

  134. 

  135.     [user "admin"]

  136. 	    password = admin

  137. 	    role = "#admin"

  138. 	    role = "#notfederated"

  139. 	    repository = RW+:repo1.git

  140. 	    repository = RW+:repo2.git

  141. 	    

  142. 	[user "hannibal"]

  143. 		password = bossman

  144. 		repository = RWD:topsecret.git

  145. 		repository = RW+:ateam/[A-Za-z0-9-~_\\./]+

  146. 

  147. 	[user "faceman"]

  148. 		password = vanity

  149. 

  150. 	[user "murdock"]

  151. 		password = crazy		

  152. 	    

  153. 	[user "babaracus"]

  154. 		password = grrrr

  155. 	    

  156. 	[team "ateam"]

  157. 		user = hannibal

  158. 		user = faceman

  159. 		user = murdock

  160. 		user = babaracus

  161. 		repository = RW:topsecret.git

  162. 		mailingList = list@ateam.org

  163. 		postReceiveScript = sendmail

  164. 

  165. The `users.conf` file allows flexibility for adding new fields to a UserModel object without imposing the complexity of relying on an embedded SQL database. 

  166. 

  167. ### Usernames

  168. Usernames must be unique and are case-insensitive.  

  169. Whitespace is illegal.

  170. 

  171. ### Passwords

  172. User passwords are CASE-SENSITIVE and may be *plain*, *md5*, or *combined-md5* formatted (see `gitblit.properties` -> *realm.passwordStorage*).

  173. 

  174. ### User Roles

  175. There are four actual *roles* in Gitblit:

  176. 

  177. - *#admin*, which grants administrative powers to that user for all repositories, users, and teams

  178. - *#notfederated*, which prevents an account from being pulled by another Gitblit instance

  179. - *#create*, which allows the user the power to create personal repositories

  180. - *#fork*, which allows the user to create a personal fork of an existing Gitblit-hosted repository

  181. 

  182. ### Personal Repositories & Forks

  183. 

  184. Personal Repositories and Forks are related but are controlled individually.

  185. 

  186. #### Creating a Personal Repository

  187. A user may be granted the power to create personal repositories by specifying the *#create* role through the web ui or through the RPC mechanism via the Gitblit Manager.  Personal repositories are exactly like common/shared repositories except that the owner has a few additional administrative powers for that repository, like rename and delete.

  188. 

  189. #### Creating a Fork

  190. A user may also be granted the power to fork an existing repository hosted on your Gitblit server to their own personal clone by specifying the *#fork* role through the web ui or via the Gitblit Manager.

  191. 

  192. Forks are mostly likely personal repositories or common/shared repositories except for two important differences:

  193. 

  194. 1. Forks inherit a view/clone access list from the origin repository.  

  195. i.e. if Team A has clone access to the origin repository, then by default Team A also has clone access to the fork.  This is to facilitate collaboration.

  196. 2. Forks are always listed in the fork network, regardless of any access restriction set on the fork.  

  197. In other words, if you fork *RepoA.git* to *~me/RepoA.git* and then set the access restriction of *~me/RepoA.git* to *Authenticated View, Clone, & Push* your fork will still be listed in the fork network for *RepoA.git*.

  198. 

  199. If you really must have an invisible fork, the clone it locally, create a new personal repository for your invisible fork, and push it back to that personal repository.

  200.