gitolite.rb 5.05 KB
Newer Older
1 2 3 4
require 'gitolite'
require 'timeout'
require 'fileutils'

5
# TODO: refactor & cleanup 
6
module Gitlab
7 8 9
  class Gitolite
    class AccessDenied < StandardError; end

10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27
    def set_key key_id, key_content, projects
      self.configure do |c|
        c.update_keys(key_id, key_content)
        c.update_project(project.path, projects)
      end
    end

    def remove_key key_id, projects
      self.configure do |c|
        c.delete_key(key_id)
        c.update_project(project.path, projects)
      end
    end

    def update_repository project
      self.configure do |c|
        c.update_project(project.path, project)
      end
28 29
    end

30 31 32 33 34 35
    alias_method :create_repository, :update_repository

    def remove_repository project
      self.configure do |c|
        c.destroy_project(project)
      end
36 37
    end

38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54
    def url_to_repo path
      Gitlab.config.ssh_path + "#{path}.git"
    end

    def initialize
      # create tmp dir
      @local_dir = File.join(Rails.root, 'tmp',"gitlabhq-gitolite-#{Time.now.to_i}")
    end

    def enable_automerge
      self.configure do |git|
        git.admin_all_repo
      end
    end

    private

55 56
    def pull
      # create tmp dir
57
      @local_dir = File.join(Rails.root, 'tmp',"gitlabhq-gitolite-#{Time.now.to_i}")
58 59
      Dir.mkdir @local_dir

60
      `git clone #{self.class.admin_uri} #{@local_dir}/gitolite`
61 62 63 64 65 66 67 68 69 70 71 72 73
    end

    def push
      Dir.chdir(File.join(@local_dir, "gitolite"))
      `git add -A`
      `git commit -am "Gitlab"`
      `git push`
      Dir.chdir(Rails.root)

      FileUtils.rm_rf(@local_dir)
    end

    def configure
randx's avatar
randx committed
74
      Timeout::timeout(30) do
75
        File.open(File.join(Rails.root, 'tmp', "gitlabhq-gitolite.lock"), "w+") do |f|
76 77 78 79 80 81 82 83 84 85 86
          begin 
            f.flock(File::LOCK_EX)
            pull
            yield(self)
            push
          ensure
            f.flock(File::LOCK_UN)
          end
        end
      end
    rescue Exception => ex
87
      Gitlab::Logger.error(ex.message)
88 89 90 91
      raise Gitolite::AccessDenied.new("gitolite timeout")
    end

    def destroy_project(project)
92
      FileUtils.rm_rf(project.path_to_repo)
93

94 95 96 97 98 99
      ga_repo = ::Gitolite::GitoliteAdmin.new(File.join(@local_dir,'gitolite'))
      conf = ga_repo.config
      conf.rm_repo(project.path)
      ga_repo.save
    end

100
    #update or create
101 102 103 104 105 106 107 108 109 110
    def update_keys(user, key)
      File.open(File.join(@local_dir, 'gitolite/keydir',"#{user}.pub"), 'w') {|f| f.write(key.gsub(/\n/,'')) }
    end

    def delete_key(user)
      File.unlink(File.join(@local_dir, 'gitolite/keydir',"#{user}.pub"))
      `cd #{File.join(@local_dir,'gitolite')} ; git rm keydir/#{user}.pub`
    end

    # update or create
111
    def update_project(repo_name, project)
112 113
      ga_repo = ::Gitolite::GitoliteAdmin.new(File.join(@local_dir,'gitolite'))
      conf = ga_repo.config
114
      repo = update_project_config(project, conf)
115
      conf.add_repo(repo, true)
116
      
117 118
      ga_repo.save
    end
119 120 121 122 123 124 125 126

    # Updates many projects and uses project.path as the repo path
    # An order of magnitude faster than update_project
    def update_projects(projects)
      ga_repo = ::Gitolite::GitoliteAdmin.new(File.join(@local_dir,'gitolite'))
      conf = ga_repo.config

      projects.each do |project|
127
        repo = update_project_config(project, conf)
128 129 130 131 132 133
        conf.add_repo(repo, true)
      end

      ga_repo.save
    end

134 135 136 137 138 139 140 141 142 143 144 145 146
    def update_project_config(project, conf)
      repo_name = project.path

      repo = if conf.has_repo?(repo_name)
               conf.get_repo(repo_name)
             else 
               ::Gitolite::Config::Repo.new(repo_name)
             end

      name_readers = project.repository_readers
      name_writers = project.repository_writers
      name_masters = project.repository_masters

147
      pr_br = project.protected_branches.map(&:name).join("$ ")
148 149 150 151 152

      repo.clean_permissions

      # Deny access to protected branches for writers
      unless name_writers.blank? || pr_br.blank?
153
        repo.add_permission("-", pr_br.strip + "$ ", name_writers)
154 155 156 157 158 159 160 161 162 163 164
      end

      # Add read permissions
      repo.add_permission("R", "", name_readers) unless name_readers.blank?

      # Add write permissions
      repo.add_permission("RW+", "", name_writers) unless name_writers.blank?
      repo.add_permission("RW+", "", name_masters) unless name_masters.blank?

      repo
    end
165 166 167 168 169 170 171 172 173 174 175 176 177

    def admin_all_repo
      ga_repo = ::Gitolite::GitoliteAdmin.new(File.join(@local_dir,'gitolite'))
      conf = ga_repo.config
      owner_name = ""

      # Read gitolite-admin user
      #
      begin 
        repo = conf.get_repo("gitolite-admin")
        owner_name = repo.permissions[0]["RW+"][""][0]
        raise StandardError if owner_name.blank?
      rescue => ex
Robert Speicher's avatar
Robert Speicher committed
178
        puts "Can't determine gitolite-admin owner".red
179 180 181 182 183 184 185 186 187 188 189 190 191 192 193
        raise StandardError
      end

      # @ALL repos premission for gitolite owner
      repo_name = "@all"
      repo = if conf.has_repo?(repo_name)
               conf.get_repo(repo_name)
             else 
               ::Gitolite::Config::Repo.new(repo_name)
             end

      repo.add_permission("RW+", "", owner_name)
      conf.add_repo(repo, true)
      ga_repo.save
    end
194 195
  end
end