Plugin to use gitolite's ACLs for CGIT/Apache httpd?

278 views Asked by At

We use gitolite's ACL mechanism to control who has access to different repositories. We also use CGIT with Apache httpd to allow browsing of readable repositories.

We'd like to also use the gitolite ACLs in the Apache httpd access control system.

Is there an Apache httpd authn/authz module that provides this functionality?

Thanks!

1

There are 1 answers

0
VonC On

I have integrated CGit and gitolite a while ago with this cgi Perl script, calling gitolite: cgit/cgit.pl.tpl.
(don't mind the @H@, those are template placeholder that are supposed to be valued later in order to produce the actual Perl script)

The idea is to benefit from the authentication done by Apache:

my $remote_user=$ENV{"REMOTE_USER"};

And to use that user when calling Gitolite to check if the access to a repo can be granted, calling the actual cgit.cgi C procedure if the access is granted:

use Gitolite::Rc;
use Gitolite::Common;
use Gitolite::Conf::Load;

(my $repo)=($path_info =~ /\/([^\/]+)/);
  my $perm = "R";
  if ($repo ne "") {
  my $aperm = access( $repo, $user, 'R', 'any' );
  # my ($aperm, $creator) = &repo_rights($repo);
    $perm=$aperm;
  }
  if ($perm !~ /DENIED/) {
    system("@H@/cgit/cgit.cgi");
  }
  else {
    print "Content-type: text/html\n\n";
    print "<html>\n";
    print "<body>\n";
    print " <h1>HTTP Status 403 - Access is denied</h1>\n";
    print " You don't have access to repo <b>$repo</b> as <b>$user</b>\n";
    print "</body>\n";
    print "</html>\n";
  }