add collaboration feature to gitprep-shell ・ 5f39a6f ・ Gitprep

+28 -13

script/gitprep-shell

@@ -15,8 +15,8 @@ my $debug = 0;
 my $project_re = qr/[a-zA-Z0-9_\-\.]+$/;
 
 # User
-my $user = shift;
-die "User not specifed" unless defined $user;
+my $session_user = shift;
+die "User not specifed" unless defined $session_user;
 
 # Application
 my $app = Gitprep->new;
@@ -30,7 +30,7 @@ my $dbi = $app->dbi;
 # SSH connection
 my $ssh_connection = $ENV{SSH_CONNECTION};
 warn "ssh_connection: $ssh_connection" if $debug;
-die "who the *heck* are you?" unless defined $ssh_connection;
+die "who the *heck* are you?\n" unless defined $ssh_connection;
 
 # SSH original command
 my $ssh_original_command = $ENV{SSH_ORIGINAL_COMMAND} || '';
@@ -47,18 +47,33 @@ $ssh_original_command_tmp =~ s/[\n\r]+/<<newline>>/g;
 die "I don't like newlines in the command: $ssh_original_command\n"
   if $ssh_original_command ne $ssh_original_command_tmp;
 
-my ($verb, $user_url, $project) = parse_ssh_original_command($ssh_original_command);
-die "User don't match" if $user ne $user_url;
+# Project
+my ($verb, $user, $project) = parse_ssh_original_command($ssh_original_command);
 sanity($project);
 
+# Can access
+my $can_access;
+if ($session_user eq $user) {
+  $can_access = 1;
+}
+else {
+  my $row = $app->dbi->model('collaboration')->select(
+    id => [$user, $project, $session_user]
+  )->one;
+  
+  $can_access = $row ? 1 : 0;
+}
+die qq|User "$session_user" can't access repository "$user/$project.git"\n|
+  unless $can_access; 
+
+# Command
 my $rep_home = $git->rep_home;
 my $repository = "'$rep_home/$user/$project.git'";
 my @git_shell_cmd = ("git", "shell", "-c", "$verb $repository");
 warn "@git_shell_cmd" if $debug;
-
 unless ($debug) {
   system(@git_shell_cmd) == 0
-    or die "Can't execute command: @git_shell_cmd" ;
+    or die "Can't execute command: @git_shell_cmd\n" ;
 }
 
 sub parse_ssh_original_command {
@@ -67,22 +82,22 @@ sub parse_ssh_original_command {
   $ssh_original_command ||= '';
 
   my $git_commands = "git-upload-pack|git-receive-pack|git-upload-archive";
-  if ($ssh_original_command =~ m(^($git_commands) '.*/([a-zA-Z_]+)/([^\/]+?)\.git'$)) {
+  if ($ssh_original_command =~ m(^($git_commands) '.*/([a-zA-Z1-9_]+)/([^\/]+?)\.git'$)) {
     my ($verb, $user, $project) = ($1, $2, $3);
     warn "User:$user, Project:$project" if $debug;
-    die "invalid repo name: '$project'" if $project !~ $project_re;
+    die "invalid repo name: '$project'\n" if $project !~ $project_re;
     return ($verb, $user, $project);
   }
   else {
-    die "Invalid command: $ssh_original_command";
+    die "Invalid command: $ssh_original_command\n";
   }
 }
 
 sub sanity {
   my $project = shift;
-  die "'$project' contains bad characters" if $project !~ $project_re;
-  die "'$project' ends with a '/'"         if $project =~ m(/$);
-  die "'$project' contains '..'"           if $project =~ m(\.\.);
+  die "'$project' contains bad characters\n" if $project !~ $project_re;
+  die "'$project' ends with a '/'\n"         if $project =~ m(/$);
+  die "'$project' contains '..'\n"           if $project =~ m(\.\.);
 }
 
 =head1 NAME

...	...	@@ -15,8 +15,8 @@ my $debug = 0;
15	15	my $project_re = qr/[a-zA-Z0-9_\-\.]+$/;
16	16
17	17	# User
18		-my $user = shift;
19		-die "User not specifed" unless defined $user;
	18	+my $session_user = shift;
	19	+die "User not specifed" unless defined $session_user;
20	20
21	21	# Application
22	22	my $app = Gitprep->new;
...	...	@@ -30,7 +30,7 @@ my $dbi = $app->dbi;
30	30	# SSH connection
31	31	my $ssh_connection = $ENV{SSH_CONNECTION};
32	32	warn "ssh_connection: $ssh_connection" if $debug;
33		-die "who the heck are you?" unless defined $ssh_connection;
	33	+die "who the heck are you?\n" unless defined $ssh_connection;
34	34
35	35	# SSH original command
36	36	my $ssh_original_command = $ENV{SSH_ORIGINAL_COMMAND} \|\| '';
...	...	@@ -47,18 +47,33 @@ $ssh_original_command_tmp =~ s/[\n\r]+/<<newline>>/g;
47	47	die "I don't like newlines in the command: $ssh_original_command\n"
48	48	if $ssh_original_command ne $ssh_original_command_tmp;
49	49
50		-my ($verb, $user_url, $project) = parse_ssh_original_command($ssh_original_command);
51		-die "User don't match" if $user ne $user_url;
	50	+# Project
	51	+my ($verb, $user, $project) = parse_ssh_original_command($ssh_original_command);
52	52	sanity($project);
53	53
	54	+# Can access
	55	+my $can_access;
	56	+if ($session_user eq $user) {
	57	+ $can_access = 1;
	58	+}
	59	+else {
	60	+ my $row = $app->dbi->model('collaboration')->select(
	61	+ id => [$user, $project, $session_user]
	62	+ )->one;
	63	+
	64	+ $can_access = $row ? 1 : 0;
	65	+}
	66	+die qq\|User "$session_user" can't access repository "$user/$project.git"\n\|
	67	+ unless $can_access;
	68	+
	69	+# Command
54	70	my $rep_home = $git->rep_home;
55	71	my $repository = "'$rep_home/$user/$project.git'";
56	72	my @git_shell_cmd = ("git", "shell", "-c", "$verb $repository");
57	73	warn "@git_shell_cmd" if $debug;
58		-
59	74	unless ($debug) {
60	75	system(@git_shell_cmd) == 0
61		- or die "Can't execute command: @git_shell_cmd" ;
	76	+ or die "Can't execute command: @git_shell_cmd\n" ;
62	77	}
63	78
64	79	sub parse_ssh_original_command {
...	...	@@ -67,22 +82,22 @@ sub parse_ssh_original_command {
67	82	$ssh_original_command \|\|= '';
68	83
69	84	my $git_commands = "git-upload-pack\|git-receive-pack\|git-upload-archive";
70		- if ($ssh_original_command =~ m(^($git_commands) '.*/([a-zA-Z_]+)/([^\/]+?)\.git'$)) {
	85	+ if ($ssh_original_command =~ m(^($git_commands) '.*/([a-zA-Z1-9_]+)/([^\/]+?)\.git'$)) {
71	86	my ($verb, $user, $project) = ($1, $2, $3);
72	87	warn "User:$user, Project:$project" if $debug;
73		- die "invalid repo name: '$project'" if $project !~ $project_re;
	88	+ die "invalid repo name: '$project'\n" if $project !~ $project_re;
74	89	return ($verb, $user, $project);
75	90	}
76	91	else {
77		- die "Invalid command: $ssh_original_command";
	92	+ die "Invalid command: $ssh_original_command\n";
78	93	}
79	94	}
80	95
81	96	sub sanity {
82	97	my $project = shift;
83		- die "'$project' contains bad characters" if $project !~ $project_re;
84		- die "'$project' ends with a '/'" if $project =~ m(/$);
85		- die "'$project' contains '..'" if $project =~ m(\.\.);
	98	+ die "'$project' contains bad characters\n" if $project !~ $project_re;
	99	+ die "'$project' ends with a '/'\n" if $project =~ m(/$);
	100	+ die "'$project' contains '..'\n" if $project =~ m(\.\.);
86	101	}
87	102
88	103	=head1 NAME