Finer-grained repository access permissions (issue 36)
Implemented discrete repository access permissions to replace the
really primitive course-grained permissions used to this point. This
implementation allows for finer-grained access control, but still
falls short of integrated, branch-based permissions sought by some.
Access permissions follow the conventions established by Gitosis and
Gitolite so they should feel immediately comfortable to experienced
users. This permissions infrastructure is complete and works exactly as
expected. Unfortunately, there is no ui in this commit to change
permissions, that will be forthcoming. In the meantime, Gitblit
hot-reloads users.conf so the permissions can be manipulated at runtime
with a text editor.
The following per-repository permissions are now supported:
- V (view in web ui, RSS feeds, download zip)
- R (clone)
- RW (clone and push)
- RWC (clone and push with ref creation)
- RWD (clone and push with ref creation, deletion)
- RW+ (clone and push with ref creation, deletion, rewind)
And a users.conf entry looks something like this:
[user "hannibal"]
password = bossman
repository = RWD:topsecret.git
11 vuotta sitten Finer-grained repository access permissions (issue 36)
Implemented discrete repository access permissions to replace the
really primitive course-grained permissions used to this point. This
implementation allows for finer-grained access control, but still
falls short of integrated, branch-based permissions sought by some.
Access permissions follow the conventions established by Gitosis and
Gitolite so they should feel immediately comfortable to experienced
users. This permissions infrastructure is complete and works exactly as
expected. Unfortunately, there is no ui in this commit to change
permissions, that will be forthcoming. In the meantime, Gitblit
hot-reloads users.conf so the permissions can be manipulated at runtime
with a text editor.
The following per-repository permissions are now supported:
- V (view in web ui, RSS feeds, download zip)
- R (clone)
- RW (clone and push)
- RWC (clone and push with ref creation)
- RWD (clone and push with ref creation, deletion)
- RW+ (clone and push with ref creation, deletion, rewind)
And a users.conf entry looks something like this:
[user "hannibal"]
password = bossman
repository = RWD:topsecret.git
11 vuotta sitten |
1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283 |
- ## Standard Features (GO/WAR)
- - Integrated JGit http/https SmartHTTP servlet
- - Integrated JGit git protocol daemon
- - Integrated Mina SSHD daemon
- - Optional feature to allow users to create personal repositories
- - Optional feature to fork a repository to a personal repository
- - Optional feature to create a repository on push
- - Optional feature to automatically fetch ref updates for repository mirrors
- - Optional Issue Tracker and Pull-Request-like mechanism
- - Four *per-repository* access restriction configurations with a Read-Only control flag
- - ![anonymous](blank.png) *Anonymous View, Clone & Push*
- - ![push](lock_go_16x16.png) *Authenticated Push*
- - ![clone](lock_pull_16x16.png) *Authenticated Clone & Push*
- - ![view](shield_16x16.png) *Authenticated View, Clone & Push*
- - ![freeze](cold_16x16.png) Freeze repository (i.e. deny push, make read-only)
- - Six *per-user/team* repository access permissions
- - **V** (view in web ui, RSS feeds, download zip)
- - **R** (clone)
- - **RW** (clone and push)
- - **RWC** (clone and push with ref creation)
- - **RWD** (clone and push with ref creation, deletion)
- - **RW+** (clone and push with ref creation, deletion, rewind)
- - Menu driven native platform clone links for all popular Git clients
- - Garbage Collection service
- - Ability to federate with one or more other Gitblit instances
- - RSS/JSON RPC interface
- - An evolving plugin infrastructure
- - Java/Swing Gitblit Manager tool
- - Responsive web UI that subtracts elements to be usable on phones, tablets, and desktop browsers
- - Groovy pre- and post- push hook scripts, per-repository or globally for all repositories
- - Rich Push email notifications *(via sendmail.groovy push script)*
- - Rich Ticket email notifications
- - Lucene indexing of specified repository branches
- - Administrators may create, edit, rename, or delete repositories through the web UI or RPC interface
- - Administrators may create, edit, rename, or delete users through the web UI or RPC interface
- - Administrators may create, edit, rename, or delete teams through the web UI or RPC interface
- - Repository Owners may edit repositories through the web UI
- - Administrators and Repository Owners may set the default branch through the web UI or RPC interface
- - LDAP authentication and optional LDAP-controlled Team memberships
- - Redmine authentication
- - Salesforce.com authentication
- - Windows authentication
- - PAM authentication
- - Gravatar integration
- - Git-notes display support
- - Submodule support
- - User-tracked reflog for pushes, tags, etc.
- - Fanout PubSub notifications service for self-hosted [Sparkleshare](http://sparkleshare.org) use
- - gh-pages display support (Jekyll is not supported)
- - Branch metrics
- - HEAD and Branch RSS feeds
- - Blame annotations view
- - Dates can optionally be displayed using the browser's reported timezone
- - Display of Author and Committer email addresses can be disabled
- - Case-insensitive searching of commit messages, authors, or committers
- - Dynamic zip downloads feature
- - Docs page which enumerates all Markdown files within a repository
- - Markdown, Confluence, Textile, Twiki, Tracwiki, & Mediawiki markup rendering support
- - Syntax highlighting for popular source code types
- - Customizable regular expression substitution for commit messages (i.e. bug or code review link integration)
- - Single text file for users configuration
- - Translations
- - English
- - Japanese
- - Spanish
- - Polish
- - Korean
- - Brazilian Portuguese
- - Dutch
- - Simplified Chinese (zh_CN)
- - French
-
- ## Gitblit GO Features
- - Out-of-the-box integrated stack requiring minimal configuration
- - Automatic generation of ssl certificate for https communications
- - Integrated GUI tool to facilitate x509 PKI including ssl and client certificate generation, client certificate revocation, and client certificate distribution
- - Single text file for configuring server and gitblit
- - A Windows service installation script and configuration tool
-
- ## Limitations
- - Built-in access controls are not branch-based, they are repository-based.
-
- [jgit]: http://eclipse.org/jgit "Eclipse JGit Site"
|