本文介绍了凹凸棒石限制进入分支机构的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我的服务器上有GITOLITE,我想配置对存储库的访问.我想限制某些用户对某些分支的访问.我尝试了很多变种来配置gitolite.conf文件,但没有找到解决方案来限制对某些分支的访问权限.

I have GITOLITE on my server and I want to configure access to my repository. I want to restrict access to some branches for some users. I try a lot of variants how to configure gitolite.conf file and I didn't find solution how to restrict acces to some branches.

1)

@developers1 = user1
@developers2 = user2

repo dbatest 
   RW+    = @developers1
   R test = @developers2
   - test = @developers2
   RW+    = @developers2

当user2执行命令时:git push origin test:推入成功在gitolite日志中,我有以下几行:

When user2 executed command: git push origin test: push succeedIn gitolite log I had this lines:

http    ARGV=user2  SOC=git-receive-pack 'dbatest'  FROM=10.65.184.239
6453    pre_git dbatest user2   W   any refs/.*
6453    system,git,http-backend
6453    END

2)

@developers1 = user1
@developers2 = user2

repo dbatest 
   RW+    = @developers1
   - test = @developers2
   RW+    = @developers2

当user2执行命令时:git push origin test:推送成功在gitolite日志中,我有以下几行:

When user2 executed command: git push origin test: push succeedIn gitolite log I had this lines:

http    ARGV=user2  SOC=git-receive-pack 'dbatest'  FROM=10.65.184.239
6457    pre_git dbatest user2   W   any refs/.*
6457        system,git,http-backend
6457    END

3)

@developers1 = user1
@developers2 = user2

repo dbatest 
   RW+    = @developers1
   R test = @developers2
   - test = @developers2
   RW+    = @developers2
   option deny-rules = 1

当user2执行命令:git push origin test:推送被拒绝,他看到此消息:

When user2 executed command: git push origin test: push denied and he saw this message:

fatal: remote error: FATAL: W any dbatest user2 DENIED by refs/heads/test
(or you mis-spelled the reponame)

在乙醇钠盐日志中,我有这个:

And in gitolite log i had this:

8161    http    ARGV=user2  SOC=git-receive-pack 'dbatest'  FROM=10.65.184.239
8161    die W any dbatest user2 DENIED by refs/heads/test<<newline>>(or you mis-spelled the reponame)

这看起来不错,但是当他尝试将某些内容推入master分支时,他有这样的想法.

It's look like good, but when he try to push something into the master branch he had this meesage to.

我尝试在我的gitolite配置文件中混合使用这些行,但是它们对我不起作用.

I tryed mix this lines in my gitolite config file but they didn't work for me.

如果有人可以帮助我,我会很高兴.我想限制某些开发人员对某些分支的写访问权限.我无法创建其他存储库,我必须在一个主存储库上使用限制策略.

I will be happy if someone can help me with it. I want to restrict write access to some branches for some developers. I cann't create additional repository I must to use restrict policy on one main repository.

非常感谢!

推荐答案

如果我查看官方文档:

repo foo bar

    RW+                     =   alice @teamleads
    -   master              =   dilbert @devteam
    -   refs/tags/v[0-9]    =   dilbert @devteam
    RW+ dev/                =   dilbert @devteam
    RW                      =   dilbert @devteam
    R                       =   @managers
they can do anything to branches whose names start with "dev/"
**they can create or fast-forward push, but not rewind or delete, any branch except `master`**

所以看起来不错:

- test  = @developers2
   RW+  = @developers2

不过,乙醇钠有两种检查方法:

However gitolite has two checks:

  • 当引用未知时(在这种情况下,将忽略- test)一个,
  • 一个裁判是众所周知的.
  • one when the ref is unknown (in which case - test is ignored),
  • one for the ref is known.

在您的情况下,应该知道ref(测试),并且应用拒绝规则.

In your case, the ref (test) should be known and the deny rule apply.

您可以通过以下方法跟踪特定规则的逻辑来进行更多调试:

You can debug more by tracing the logic of your specific rules with:

gitolite access -s dbatest user2 W test

OP Sufelfay 确认限制访问分支机构/29840269#comment47820830_29840269> 它适用于3.5.3,而不适用于3.6.x .

这篇关于凹凸棒石限制进入分支机构的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!