summaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
authorJoey Hess <joey@kodama.kitenet.net>2008-10-22 20:52:34 -0400
committerJoey Hess <joey@kodama.kitenet.net>2008-10-22 20:52:34 -0400
commit094af3d113f375f7faf2abf283615582a9977a65 (patch)
treedcd6a3b7f2195be55d2493f1f5a469fd0b4afb4c /doc
parent9fc126ada6aafe57609c0741d299056588cffc82 (diff)
initial support for git repos with untrusted committers
Still need to wire up the calls to check_* , but it's cold out here and my hands are going numb, so enough for now.
Diffstat (limited to 'doc')
-rw-r--r--doc/plugins/write.mdwn9
-rw-r--r--doc/rcs/details.mdwn3
-rw-r--r--doc/rcs/git.mdwn27
3 files changed, 39 insertions, 0 deletions
diff --git a/doc/plugins/write.mdwn b/doc/plugins/write.mdwn
index 0d244e1f5..5a5db6be0 100644
--- a/doc/plugins/write.mdwn
+++ b/doc/plugins/write.mdwn
@@ -820,6 +820,15 @@ it up in the history.
It's ok if this is not implemented, and throws an error.
+#### `rcs_test_receive()`
+
+This is used to test if changes pushed into the RCS should be accepted.
+Ikiwiki will be running as a pre-receive hook (or equivilant) and should
+examine the incoming changes, decide if they are allowed, and communicate
+that to the RCS.
+
+This is optional, and doesn't make sense for all RCSs.
+
### PageSpec plugins
It's also possible to write plugins that add new functions to
diff --git a/doc/rcs/details.mdwn b/doc/rcs/details.mdwn
index e62f3ef49..089221cab 100644
--- a/doc/rcs/details.mdwn
+++ b/doc/rcs/details.mdwn
@@ -280,6 +280,9 @@ Here is a how a commit from a remote repository works:
* git-commit in the remote repository
* git-push, pushes the commit to the master repo on the server
+* (Optionally, the master repo's pre-receive hook runs, and checks that the
+ update only modifies files that the pushing user is allowed to update.
+ If not, it aborts the receive.)
* the master repo's post-update hook notices this update, and runs ikiwiki
* ikiwiki notices the modifies page source, and compiles it
diff --git a/doc/rcs/git.mdwn b/doc/rcs/git.mdwn
index b210af825..2a6feecf5 100644
--- a/doc/rcs/git.mdwn
+++ b/doc/rcs/git.mdwn
@@ -100,6 +100,33 @@ repository, should only be writable by the wiki's admin, and *not* by the
group. Take care that ikiwiki uses a umask that does not cause files in
the srcdir to become group writable. (umask 022 will work.)
+## git repository with untrusted committers
+
+By default, anyone who can commit to the git repository can modify any file
+on the wiki however they like. A `pre-receive` hook can be set up to limit
+incoming commits from untrusted users. Then the same limits that are placed
+on edits via the web will be in effect for commits to git for the users.
+They will not be allowed to edit locked pages, they will only be able to
+delete pages that the [[plugins/remove]] configuration allows them to
+remove, and they will only be allowed to add non-page attachments that the
+[[plugins/attachment]] configuration allows.
+
+To enable this, you need to set up the git repository to have multiple
+committers. Trusted committers, including the user that ikiwiki runs as,
+will not have their commits checked by the `pre-receive` hook. Untrusted
+committers will have their commits checked. The configuration settings to
+enable are `git_test_receive_wrapper`, which enables generation of a
+`pre-receive` hook, and `git_untrusted_committers`, which is a list of
+usernames of the untrusted committers.
+
+Note that when the `pre-receive` hook is checking incoming changes, it
+ignores the git authorship information, and uses the username of the unix
+user who made the commit. Then tests including the `locked_pages` [[PageSpec]]
+are checked to see if that user can edit the pages in the commit.
+
+You can even set up an anonymous user, to allow anyone to push
+changes in via git rather than using the web interface.
+
## Optionally using a local wiki to preview changes
When working on the "working clones" to add content to your wiki,