Search code examples
gitolite

Same permissions for multiple repositories


I have 2 git repos that have permissions looking similar to this:

repo    myrepo
    RW+     = admin
    RW user1$       = user1
    RW user2$       = user2
    RW user3$       = user3
    RW user4$       = user4

with the number of users being rather high (~100 at the moment) and growing. In order to avoid to maintain the permissions for both lists I was wondering if some sort of inheritance between repos or a looping over users would be possible (I tried to search the http://gitolite.com/gitolite/#documentation and stackoverflow)

So is it possible to do something similar to configure that repo2 has the same permissions as repo1 and/or do the permissions per user/branch in a loop?


Solution

  • At least, the first thing to consider would be the notion of group of users: you can use one group in both repo, and update the user list for that group once.

    See group definition

    @developers     =   user1 user2 user3
    
    repo    myrepo
        RW+     = admin
        RW      = @developer
    
    repo    myrepo2
        RW+     = admin
        RW      = @developer
    

    After that, to really scale, you could define that group in order to get its content automatically from a user referential like LDAP.

    GROUPLIST_PGM           =>  '/home/git/bin/ldap-query-groups',
    

    You would then no longer have to modify the gitolite-admin repo at all.


    what I need is that everyone in the group gets their own branch (with branch name == user name).

    That is called "personal" branches in Gitolite:

    "personal" branches are great for environments where developers need to share work but can't directly pull from each other (usually due to either a networking or authentication related reason, both common in corporate setups).

    Personal branches exist in a namespace of their own. The syntax is:

    RW+ personal/USER/  =   @userlist
    

    where the "personal" can be anything you like (but cannot be empty), and the "/USER/" part is necessary (including both slashes).

    A user "alice" (if she's in the userlist) can then push any branches inside personal/alice/ (i.e., she can push personal/alice/foo and personal/alice/bar, but NOT personal/alice).