Add more complicated access restrictions (repository, branches, tags)

[gitblit]

Originally reported on Google Code with ID 36

There is an server side system for git - gitolite, but it uses ssh protocol in it's
work. The great feature of gitolite is flexible access control configuration - it allows
enable/disable access to branches and so on.

It will be useful to prevent delete operation on branches to make them protected as
master-branch. Or only owner of the branch can delete it and so on.

Such policies make sense when a group of developers works on the same project and each
developer has it's own branch for some feature of the target application - they prevents
write access of others to my branches.

Of cause, I can use repository clone and prevent cloning of my repository until I finish
my work, but branches are especially for this purpose and allow to see and use my work
for others by merging it to their branches.

Just think about it!

Reported by 2sh2ka on 2012-01-06 18:30:33

[gitblit]

Agreed.  A proof-of-concept blockpush mechanism exists in my master branch.  After the
next release I am going to play with implementing gitosis/gitolite-like functionality
possibly re-using gitosis/gitolite configuration files.

Reported by James.Moger on 2012-01-06 18:42:18

[gitblit]

That would be big news !!!! 

Best regards

Reported by eguervos on 2012-01-30 20:35:31

[gitblit]

James,

Do you have any updates on this?

Thanks,

Drew

Reported by Drew.Kutcharian on 2012-04-28 20:33:40

[gitblit]

Not currently.  I keep meaning to find the time to implement something, but so far no
luck.  What needs do you have?  That could help me pin down a spec rather than "remake
gitolite".

Reported by James.Moger on 2012-04-28 23:32:01

[gitblit]

Restricting pushes to a branch. For example only a certain user/group can push commits
to a certain branch.

Use case: Everyone can push to master but only the team lead can push to production
after peer review.

Reported by Drew.Kutcharian on 2012-04-29 00:10:54

[gitblit]

You could do this today with the protect-refs.groovy hook script.
https://github.com/gitblit/gitblit/blob/master/groovy/protect-refs.groovy

Reported by James.Moger on 2012-04-29 20:10:54

[gitblit]

Thanks James. protect-refs.groovy should be good for now, but I think it'd be nicer
to eventually have this functionality in the UI too.

Reported by Drew.Kutcharian on 2012-04-30 16:51:15

[gitblit]

We have a requirement to allow authenticated read-only access for some users. Specifically,
having some users that are able to log in to the UI (or use a git client) to view the
contents, logs, etc of a specific repo, but not be able to push any changes there.

Reported by peterloron on 2012-09-10 23:58:11

[gitblit]

For the time-being you can use a pre-receive hook to block any pushes.

Reported by James.Moger on 2012-09-11 11:59:08

[gitblit]

Hi James,

You wrote:
After the next release I am going to play with implementing gitosis/gitolite-like functionality
possibly re-using gitosis/gitolite configuration files.

It's great! But gitosis' configuration is too poor - use gitolite.
The great example of restrictions configuration is svnserve configuration file. Gitolite's
configuration file format is just as SVN's one - they have required flexibility.

With best regards, Mikhail

Reported by 2sh2ka on 2012-09-17 19:18:28

[gitblit]

access rules
http://sitaramc.github.com/gitolite/rules.html

R, for read only
RW, for push existing ref or create new ref
RW+, for "push -f" or ref deletion allowed (i.e., destroy information)
- (the minus sign), to deny access.

access rules for branches 
http://sitaramc.github.com/gitolite/refex.html

Reported by marcomsousa on 2012-09-20 21:59:49