Rework Gitolite Wrappers/Handlers

Author: root

Diff for: app/models/concerns/gitolitable.rb

@@ -1,10 +1,12 @@
 module Gitolitable
   extend ActiveSupport::Concern
   include Gitolitable::Cache
+  include Gitolitable::Config
   include Gitolitable::Features
   include Gitolitable::Notifications
   include Gitolitable::Paths
   include Gitolitable::Permissions
   include Gitolitable::Urls
+  include Gitolitable::Users
   include Gitolitable::Validations
 end

Diff for: app/models/concerns/gitolitable/config.rb

@@ -0,0 +1,64 @@
+module Gitolitable
+  module Config
+    extend ActiveSupport::Concern
+
+    def gitolite_config
+      repo_conf = {}
+
+      # This is needed for all Redmine repositories
+      repo_conf['redminegitolite.projectid']     = project.identifier.to_s
+      repo_conf['redminegitolite.repositoryid']  = identifier || ''
+      repo_conf['redminegitolite.repositorykey'] = gitolite_hook_key
+
+      if project.active?
+
+        repo_conf['http.uploadpack']  = clonable_via_http?.to_s
+        repo_conf['http.receivepack'] = pushable_via_http?.to_s
+
+        if git_notification_available?
+          repo_conf['multimailhook.enabled']     = 'true'
+          repo_conf['multimailhook.mailinglist'] = mailing_list.join(', ')
+          repo_conf['multimailhook.from']        = sender_address
+          repo_conf['multimailhook.emailPrefix'] = email_prefix
+        else
+          repo_conf['multimailhook.enabled'] = 'false'
+        end
+
+        git_config_keys.each do |git|
+          repo_conf[git.key] = git.value
+        end if git_config_keys.any?
+
+      else
+        # Disable repository
+        repo_conf['http.uploadpack']       = 'false'
+        repo_conf['http.receivepack']      = 'false'
+        repo_conf['multimailhook.enabled'] = 'false'
+      end
+
+      repo_conf
+    end
+
+
+    def build_gitolite_permissions(old_perms = {})
+      permissions_builder.build(self, gitolite_users, old_perms)
+    end
+
+
+    def backup_gitolite_permissions(gitolite_repo_conf)
+      PermissionsBuilder::Base.get_permissions(gitolite_repo_conf)
+    end
+
+
+    private
+
+
+      def permissions_builder
+        if protected_branches_available?
+          PermissionsBuilder::ProtectedBranches
+        else
+          PermissionsBuilder::Standard
+        end
+      end
+
+  end
+end

Diff for: app/models/concerns/gitolitable/users.rb

@@ -0,0 +1,71 @@
+module Gitolitable
+  module Users
+    extend ActiveSupport::Concern
+
+    def gitolite_users
+      data = {}
+
+      if project.active?
+        # Add project users
+        data[:rewind_users]   = rewind_users
+        data[:write_users]    = write_users
+        data[:read_users]     = read_users
+        data[:developer_team] = developer_team
+        data[:all_read]       = all_read
+
+        # Add Řepository Deployment keys
+        deployment_credentials.active.each do |cred|
+          if cred.perm == 'RW+'
+            data[:rewind_users] << cred.gitolite_public_key.owner
+          elsif cred.perm == 'R'
+            data[:read_users] << cred.gitolite_public_key.owner
+          end
+        end
+
+        # Add other users
+        data[:read_users] << 'DUMMY_REDMINE_KEY' if read_users.empty? && write_users.empty? && rewind_users.empty?
+        data[:read_users] << 'gitweb' if git_web_available?
+        data[:read_users] << 'daemon' if git_daemon_available?
+
+      elsif project.archived?
+        data[:read_users] = ['REDMINE_ARCHIVED_PROJECT']
+      else
+        data[:read_users] = all_read
+        data[:read_users] << 'REDMINE_CLOSED_PROJECT'
+      end
+
+      data
+    end
+
+
+    def users
+      project.member_principals.map(&:user).compact.uniq
+    end
+
+
+    def rewind_users
+      @rewind_users ||= users.select { |u| u.allowed_to?(:manage_repository, project) }.map { |u| u.gitolite_identifier }.sort
+    end
+
+
+    def write_users
+      @write_users ||= users.select { |u| u.allowed_to?(:commit_access, project) }.map { |u| u.gitolite_identifier }.sort - rewind_users
+    end
+
+
+    def read_users
+      @read_users ||= users.select { |u| u.allowed_to?(:view_changesets, project) }.map { |u| u.gitolite_identifier }.sort - rewind_users - write_users
+    end
+
+
+    def developer_team
+      @developer_team ||= (rewind_users + write_users).sort
+    end
+
+
+    def all_read
+      @all_read ||= (rewind_users + write_users + read_users).sort
+    end
+
+  end
+end

Diff for: app/models/gitolite_public_key.rb

@@ -123,6 +123,21 @@ def location
   end
 
 
+  def type
+    key.split(' ')[0]
+  end
+
+
+  def blob
+    key.split(' ')[1]
+  end
+
+
+  def email
+    key.split(' ')[2]
+  end
+
+
   private
 
 

Diff for: app/services/gitolite_accessor.rb

@@ -16,9 +16,15 @@ def destroy_ssh_key(ssh_key, opts = {})
     end
 
 
-    def resync_ssh_keys
+    def resync_ssh_keys(opts = {})
       logger.info("Forced resync of all ssh keys...")
-      resync_gitolite(:resync_all_ssh_keys, 'all')
+      resync_gitolite(:resync_ssh_keys, 'all', opts)
+    end
+
+
+    def regenerate_ssh_keys(opts = {})
+      logger.info("Forced regenerate of all ssh keys...")
+      RegenerateSshKeys.new(opts).call
     end
 
 

Diff for: app/services/permissions_builder/base.rb

@@ -0,0 +1,112 @@
+module PermissionsBuilder
+  class Base
+
+    SKIP_USERS = ['gitweb', 'daemon', 'DUMMY_REDMINE_KEY', 'REDMINE_ARCHIVED_PROJECT', 'REDMINE_CLOSED_PROJECT']
+
+    attr_reader :repository
+    attr_reader :gitolite_users
+    attr_reader :old_permissions
+    attr_reader :project
+
+
+    def initialize(repository, gitolite_users, old_permissions = {})
+      @repository      = repository
+      @gitolite_users  = gitolite_users
+      @old_permissions = old_permissions
+      @project         = repository.project
+    end
+
+
+    class << self
+
+      def build(repository, gitolite_users, old_permissions = {})
+        new(repository, gitolite_users, old_permissions).build
+      end
+
+
+      def get_permissions(repo_conf)
+        current_permissions = repo_conf.permissions[0]
+        old_permissions = {}
+
+        current_permissions.each do |perm, branch_settings|
+          old_permissions[perm] = {}
+
+          branch_settings.each do |branch, user_list|
+            next if user_list.empty?
+
+            new_user_list = []
+
+            user_list.each do |user|
+              ## We assume here that ':gitolite_config_file' is different than 'gitolite.conf'
+              ## like 'redmine.conf' with 'include "redmine.conf"' in 'gitolite.conf'.
+              ## This way, we know that all repos in this file are managed by Redmine so we
+              ## don't need to backup users
+              next if gitolite_identifier_prefix == ''
+
+              # ignore these users
+              next if SKIP_USERS.include?(user)
+
+              # backup users that are not Redmine users
+              new_user_list.push(user) if !user.include?(gitolite_identifier_prefix)
+            end
+
+            old_permissions[perm][branch] = new_user_list if new_user_list.any?
+          end
+        end
+
+        old_permissions
+      end
+
+
+      def gitolite_identifier_prefix
+        RedmineGitHosting::Config.gitolite_identifier_prefix
+      end
+
+    end
+
+
+    def build
+      raise NotImplementedError
+    end
+
+
+    private
+
+
+      def merge_permissions(current_permissions, old_permissions)
+        merge_permissions = {}
+        merge_permissions['RW+'] = {}
+        merge_permissions['RW'] = {}
+        merge_permissions['R'] = {}
+
+        current_permissions.each do |perm, branch_settings|
+          branch_settings.each do |branch, user_list|
+            if user_list.any?
+              if !merge_permissions[perm].has_key?(branch)
+                merge_permissions[perm][branch] = []
+              end
+              merge_permissions[perm][branch] += user_list
+            end
+          end
+        end
+
+        old_permissions.each do |perm, branch_settings|
+          branch_settings.each do |branch, user_list|
+            if user_list.any?
+              if !merge_permissions[perm].has_key?(branch)
+                merge_permissions[perm][branch] = []
+              end
+              merge_permissions[perm][branch] += user_list
+            end
+          end
+        end
+
+        merge_permissions.each do |perm, branch_settings|
+          merge_permissions.delete(perm) if merge_permissions[perm].empty?
+        end
+
+        merge_permissions
+      end
+
+  end
+end

Diff for: app/services/permissions_builder/protected_branches.rb

@@ -0,0 +1,37 @@
+module PermissionsBuilder
+  class ProtectedBranches < Standard
+
+
+    def build
+      puts YAML::dump(gitolite_users)
+
+      # Build permissions
+      build_permissions
+
+      # Build protected branches permissions
+      build_protected_branch_permissions
+
+      # Return them
+      [merge_permissions(permissions, old_permissions)]
+    end
+
+
+    def build_protected_branch_permissions
+      ## http://gitolite.com/gitolite/rules.html
+      ## The refex field is ignored for read check.
+      ## (Git does not support distinguishing one ref from another for access control during read operations).
+
+      repository.protected_branches.each do |branch|
+        case branch.permissions
+        when 'RW+'
+          @permissions['RW+'][branch.path] = branch.allowed_users unless branch.allowed_users.empty?
+        when 'RW'
+          @permissions['RW'][branch.path] = branch.allowed_users unless branch.allowed_users.empty?
+        end
+      end
+
+      @permissions['RW+']['personal/USER/'] = gitolite_users[:developer_team] unless gitolite_users[:developer_team].empty?
+    end
+
+  end
+end

Diff for: app/services/permissions_builder/standard.rb

@@ -0,0 +1,32 @@
+module PermissionsBuilder
+  class Standard < Base
+
+    attr_reader :permissions
+
+
+    def initialize(*args)
+      super
+      @permissions        = {}
+      @permissions['RW+'] = {}
+      @permissions['RW']  = {}
+      @permissions['R']   = {}
+    end
+
+
+    def build
+      # Build permissions
+      build_permissions
+
+      # Return them
+      [merge_permissions(permissions, old_permissions)]
+    end
+
+
+    def build_permissions
+      @permissions['RW+'][''] = gitolite_users[:rewind_users] unless gitolite_users[:rewind_users].empty?
+      @permissions['RW']['']  = gitolite_users[:write_users]  unless gitolite_users[:write_users].empty?
+      @permissions['R']['']   = gitolite_users[:read_users]   unless gitolite_users[:read_users].empty?
+    end
+
+  end
+end

Diff for: app/use_cases/apply_settings.rb

@@ -134,7 +134,7 @@ def do_resync_ssh_keys
 
 
     def do_regenerate_ssh_keys
-      RegenerateSshKeys.new.call if regenerate_ssh_keys
+      GitoliteAccessor.regenerate_ssh_keys if regenerate_ssh_keys
     end