Add redmine groups to gitolite configuration

[tomzx]

It appears that groups defined in redmine are not imported in the gitolite config. It would probably be nice to have support for that so that things such as giving group permissions on protected branches can be done.

My current use case: I want to give READ permissions to developers (or @ALL) on the develop/master branches, while giving RW+ permissions to lead developers on those branches.

[n-rodriguez]

It appears that groups defined in redmine are not imported in the gitolite config. It would probably be nice to have support for that so that things

Yes and it's normal. This won't be implemented. It would add too much complexity.

My current use case: I want to give READ permissions to developers (or @ALL) on the develop/master branches, while giving RW+ permissions to lead developers on those branches.

See here

[tomzx]

I don't think #389 is exactly what I'm looking for. It's related to force pushing, while in my case I want to prevent @ALL from having RW permission.

Is there any plan to support having a "per group" set of permissions or will we have to define permissions on a per refex/user basis? (if you add a new user to a project, you need to add them to the project under various group AND then add them to the specific protected branches rules under the repository settings)

[n-rodriguez]

Hi! Sorry for the delay.

I don't think #389 is exactly what I'm looking for. It's related to force pushing, while in my case I want to prevent @ALL from having RW permission.

Actually it's quite the same thing : protected branches. (http://gitolite.com/gitolite/conf.html#rules)

I worked on a group based implementation : 2912c1d

With this new implementation you can add both users and groups on each protected branch (refex).
When you add a group, group's users are automatically added to the protected branch so you can do some exclusion latter.
When you add a user in a group, all the protected branches linked to this group are updated.
The same happens when you remove a user from a group.

[hameno]

Great! :)

[n-rodriguez]

[n-rodriguez]

In Gitolite conf :

repo    test/efzfezfzefze
  RW+   .*                       = redmine_admin_1 redmine_developer1_3 redmine_developer3_6 redmine_developer4_11
  -     master                   = redmine_admin_1 redmine_developer1_3 redmine_developer3_6 redmine_developer4_11
  -     refs/tags/v[0-9]         = redmine_developer2_4
  config redminegitolite.projectid = test
  config redminegitolite.repositoryid = efzfezfzefze
  config redminegitolite.repositorykey = 5MdUmqBkKAwvB9Ee2OScVZ6tArWy3TSEMxvG3GWdSvDbN8xSqNmiKKg7qI0Vd9x
  config http.uploadpack = true
  config http.receivepack = true
  config multimailhook.enabled = false

[n-rodriguez]

The last 3 lines are not in Gitolite conf because there's no users declared.
This mimic the example from Gitolite doc.

[n-rodriguez]

Note there's some limitations : when protected branches are enabled, plugin assumes that it has full control on repository configuration. In other words : manual modifications won't be saved or handled in any ways.

[n-rodriguez]

Another limitation : it only works with SSH. And actually this is normal as rules checking is done by Gitolite. When pushing over HTTP these checks are not done. We only check if user has commit permission.

Actually it can work with the last patch I've made on Grack server :) 0c53fda