diff options
author | Joey Hess <joey@kodama.kitenet.net> | 2008-10-22 20:52:34 -0400 |
---|---|---|
committer | Joey Hess <joey@kodama.kitenet.net> | 2008-10-22 20:52:34 -0400 |
commit | 094af3d113f375f7faf2abf283615582a9977a65 (patch) | |
tree | dcd6a3b7f2195be55d2493f1f5a469fd0b4afb4c /doc | |
parent | 9fc126ada6aafe57609c0741d299056588cffc82 (diff) |
initial support for git repos with untrusted committers
Still need to wire up the calls to check_* , but it's cold out here and my
hands are going numb, so enough for now.
Diffstat (limited to 'doc')
-rw-r--r-- | doc/plugins/write.mdwn | 9 | ||||
-rw-r--r-- | doc/rcs/details.mdwn | 3 | ||||
-rw-r--r-- | doc/rcs/git.mdwn | 27 |
3 files changed, 39 insertions, 0 deletions
diff --git a/doc/plugins/write.mdwn b/doc/plugins/write.mdwn index 0d244e1f5..5a5db6be0 100644 --- a/doc/plugins/write.mdwn +++ b/doc/plugins/write.mdwn @@ -820,6 +820,15 @@ it up in the history. It's ok if this is not implemented, and throws an error. +#### `rcs_test_receive()` + +This is used to test if changes pushed into the RCS should be accepted. +Ikiwiki will be running as a pre-receive hook (or equivilant) and should +examine the incoming changes, decide if they are allowed, and communicate +that to the RCS. + +This is optional, and doesn't make sense for all RCSs. + ### PageSpec plugins It's also possible to write plugins that add new functions to diff --git a/doc/rcs/details.mdwn b/doc/rcs/details.mdwn index e62f3ef49..089221cab 100644 --- a/doc/rcs/details.mdwn +++ b/doc/rcs/details.mdwn @@ -280,6 +280,9 @@ Here is a how a commit from a remote repository works: * git-commit in the remote repository * git-push, pushes the commit to the master repo on the server +* (Optionally, the master repo's pre-receive hook runs, and checks that the + update only modifies files that the pushing user is allowed to update. + If not, it aborts the receive.) * the master repo's post-update hook notices this update, and runs ikiwiki * ikiwiki notices the modifies page source, and compiles it diff --git a/doc/rcs/git.mdwn b/doc/rcs/git.mdwn index b210af825..2a6feecf5 100644 --- a/doc/rcs/git.mdwn +++ b/doc/rcs/git.mdwn @@ -100,6 +100,33 @@ repository, should only be writable by the wiki's admin, and *not* by the group. Take care that ikiwiki uses a umask that does not cause files in the srcdir to become group writable. (umask 022 will work.) +## git repository with untrusted committers + +By default, anyone who can commit to the git repository can modify any file +on the wiki however they like. A `pre-receive` hook can be set up to limit +incoming commits from untrusted users. Then the same limits that are placed +on edits via the web will be in effect for commits to git for the users. +They will not be allowed to edit locked pages, they will only be able to +delete pages that the [[plugins/remove]] configuration allows them to +remove, and they will only be allowed to add non-page attachments that the +[[plugins/attachment]] configuration allows. + +To enable this, you need to set up the git repository to have multiple +committers. Trusted committers, including the user that ikiwiki runs as, +will not have their commits checked by the `pre-receive` hook. Untrusted +committers will have their commits checked. The configuration settings to +enable are `git_test_receive_wrapper`, which enables generation of a +`pre-receive` hook, and `git_untrusted_committers`, which is a list of +usernames of the untrusted committers. + +Note that when the `pre-receive` hook is checking incoming changes, it +ignores the git authorship information, and uses the username of the unix +user who made the commit. Then tests including the `locked_pages` [[PageSpec]] +are checked to see if that user can edit the pages in the commit. + +You can even set up an anonymous user, to allow anyone to push +changes in via git rather than using the web interface. + ## Optionally using a local wiki to preview changes When working on the "working clones" to add content to your wiki, |