Finer-grained repository access permissions (issue 36)
Implemented discrete repository access permissions to replace the
really primitive course-grained permissions used to this point. This
implementation allows for finer-grained access control, but still
falls short of integrated, branch-based permissions sought by some.
Access permissions follow the conventions established by Gitosis and
Gitolite so they should feel immediately comfortable to experienced
users. This permissions infrastructure is complete and works exactly as
expected. Unfortunately, there is no ui in this commit to change
permissions, that will be forthcoming. In the meantime, Gitblit
hot-reloads users.conf so the permissions can be manipulated at runtime
with a text editor.
The following per-repository permissions are now supported:
- V (view in web ui, RSS feeds, download zip)
- R (clone)
- RW (clone and push)
- RWC (clone and push with ref creation)
- RWD (clone and push with ref creation, deletion)
- RW+ (clone and push with ref creation, deletion, rewind)
And a users.conf entry looks something like this:
[user "hannibal"]
password = bossman
repository = RWD:topsecret.git
11 роки тому Finer-grained repository access permissions (issue 36)
Implemented discrete repository access permissions to replace the
really primitive course-grained permissions used to this point. This
implementation allows for finer-grained access control, but still
falls short of integrated, branch-based permissions sought by some.
Access permissions follow the conventions established by Gitosis and
Gitolite so they should feel immediately comfortable to experienced
users. This permissions infrastructure is complete and works exactly as
expected. Unfortunately, there is no ui in this commit to change
permissions, that will be forthcoming. In the meantime, Gitblit
hot-reloads users.conf so the permissions can be manipulated at runtime
with a text editor.
The following per-repository permissions are now supported:
- V (view in web ui, RSS feeds, download zip)
- R (clone)
- RW (clone and push)
- RWC (clone and push with ref creation)
- RWD (clone and push with ref creation, deletion)
- RW+ (clone and push with ref creation, deletion, rewind)
And a users.conf entry looks something like this:
[user "hannibal"]
password = bossman
repository = RWD:topsecret.git
11 роки тому |
12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182 |
- ## Standard Features (GO/WAR)
- - JGit http/https SmartHTTP servlet
- - JGit git protocol daemon
- - Menu driven native platform clone links for all popular Git clients
- - Browser and git client authentication
- - Four *per-repository* access restriction configurations with a Read-Only control flag
- - ![anonymous](blank.png) *Anonymous View, Clone & Push*
- - ![push](lock_go_16x16.png) *Authenticated Push*
- - ![clone](lock_pull_16x16.png) *Authenticated Clone & Push*
- - ![view](shield_16x16.png) *Authenticated View, Clone & Push*
- - ![freeze](cold_16x16.png) Freeze repository (i.e. deny push, make read-only)
- - Six *per-user/team* repository access permissions
- - **V** (view in web ui, RSS feeds, download zip)
- - **R** (clone)
- - **RW** (clone and push)
- - **RWC** (clone and push with ref creation)
- - **RWD** (clone and push with ref creation, deletion)
- - **RW+** (clone and push with ref creation, deletion, rewind)
- - Optional feature to allow users to create personal repositories
- - Optional feature to fork a repository to a personal repository
- - Optional feature to create a repository on push
- - *Experimental* built-in Garbage Collection
- - Ability to federate with one or more other Gitblit instances
- - RSS/JSON RPC interface
- - Java/Swing Gitblit Manager tool
- - Gitweb inspired web UI
- - Responsive web UI that subtracts elements to be usable on phones, tablets, and desktop browsers
- - Groovy pre- and post- push hook scripts, per-repository or globally for all repositories
- - Email push notifications *(via sendmail.groovy push script)*
- - Lucene indexing of specified repository branches
- - Administrators may create, edit, rename, or delete repositories through the web UI or RPC interface
- - Administrators may create, edit, rename, or delete users through the web UI or RPC interface
- - Administrators may create, edit, rename, or delete teams through the web UI or RPC interface
- - Repository Owners may edit repositories through the web UI
- - Administrators and Repository Owners may set the default branch through the web UI or RPC interface
- - LDAP authentication and optional LDAP-controlled Team memberships
- - Redmine authentication
- - Salesforce.com authentication
- - Windows authentication
- - Gravatar integration
- - Git-notes display support
- - Submodule support
- - User-tracked reflog for pushes, tags, etc.
- - Fanout PubSub notifications service for self-hosted [Sparkleshare](http://sparkleshare.org) use
- - gh-pages display support (Jekyll is not supported)
- - Branch metrics (uses Google Charts)
- - HEAD and Branch RSS feeds
- - Blame annotations view
- - Dates can optionally be displayed using the browser's reported timezone
- - Display of Author and Committer email addresses can be disabled
- - Case-insensitive searching of commit messages, authors, or committers
- - Dynamic zip downloads feature
- - Markdown file view support
- - Syntax highlighting for popular source code types
- - Customizable regular expression substitution for commit messages (i.e. bug or code review link integration)
- - Single text file for users configuration
- - Optional utility pages
- - ![docs](book_16x16.png) Docs page which enumerates all Markdown files within a repository
- - ![tickets](bug_16x16.png) **readonly and deprecated** Ticgit ticket pages *(based on last MIT release bf57b032 2009-01-27)*
- - Translations
- - English
- - Japanese
- - Spanish
- - Polish
- - Korean
- - Brazilian Portuguese
- - Dutch
- - Chinese (zh_CN)
-
- ## Gitblit GO Features
- - Out-of-the-box integrated stack requiring minimal configuration
- - Automatic generation of ssl certificate for https communications
- - Integrated GUI tool to facilitate x509 PKI including ssl and client certificate generation, client certificate revocation, and client certificate distribution
- - Single text file for configuring server and gitblit
- - A Windows service installation script and configuration tool
- - Built-in AJP connector for Apache httpd
-
- ## Limitations
- - HTTP/HTTPS/GIT are the only supported Git protocols
- - Built-in access controls are not path-based, they are repository-based.
-
- [jgit]: http://eclipse.org/jgit "Eclipse JGit Site"
|