From 170ebe663bdca9bde394291fcb65ab59485c681a Mon Sep 17 00:00:00 2001 From: intrigeri Date: Mon, 20 Oct 2008 18:40:30 -0400 Subject: added link to another idea --- doc/todo/applydiff_plugin.mdwn | 2 ++ 1 file changed, 2 insertions(+) (limited to 'doc/todo/applydiff_plugin.mdwn') diff --git a/doc/todo/applydiff_plugin.mdwn b/doc/todo/applydiff_plugin.mdwn index d3eb9793b..fd0783c2b 100644 --- a/doc/todo/applydiff_plugin.mdwn +++ b/doc/todo/applydiff_plugin.mdwn @@ -54,3 +54,5 @@ modify only *one* page may be easier. Implementation ============== + +Also see [[joey]]'s idea on [[users/xma/discussion]], to allow (filtered) anonymous push to this wiki's repository. -- cgit v1.2.3 From dbf8358d6805fd81925dde1fd9ff3f10dc99fb77 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Mon, 20 Oct 2008 20:16:30 -0400 Subject: bit of a design for how a post-receive hook could work --- doc/todo/applydiff_plugin.mdwn | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) (limited to 'doc/todo/applydiff_plugin.mdwn') diff --git a/doc/todo/applydiff_plugin.mdwn b/doc/todo/applydiff_plugin.mdwn index fd0783c2b..b8ddcd6ce 100644 --- a/doc/todo/applydiff_plugin.mdwn +++ b/doc/todo/applydiff_plugin.mdwn @@ -56,3 +56,40 @@ Implementation ============== Also see [[joey]]'s idea on [[users/xma/discussion]], to allow (filtered) anonymous push to this wiki's repository. + +> Ideally the filtering should apply the same constraints on what's pushed +> as are applied to web edits. So locked pages can't be changed, etc. +> +> That could be accomplished by making the git pre-receive hook be a +> ikiwiki wrapper. A new `git_receive_wrapper` config setting could cause +> the wrapper to be generated, with `$config{receive}` set to true. +> +> When run that way, ikiwiki would call `rcs_receive`. In the case of git, +> that would look at the received changes as fed into the hook on stdin, +> and use `parse_diff_tree` to get a list of the files changed. Then it +> could determine if the changes were allowed. +> +> To do that, it should perhaps first look at what unix user received the +> commit. That could be mapped directly to an ikiwiki user. This would +> typically be an unprivelidged user, but you might also want to set up +> separate users who have fewer limits on what they can push. OTOH, I'm not +> sure how to get this info in an ikiwiki wrapper.. the real and effective +> gid are already trampled. So maybe leave this out and always treat it as +> an anonymous edit from a non-logged in user? +> +> Then it seems like it would want to call `check_canedit` to test if an +> edit to each changed page is allowed. Might also want to call +> `check_canattach` and `check_canremove` if the attach and remove plugins +> are enabled. All three expect to be passed a CGI and a CGI::Session +> object, which is a bit problimatic here. So dummy the objects up? (To call +> `check_canattach` the changed attachment would need to be extracted to a +> temp file for it to check..) +> +> If a change is disallowed, it would print out what was disallowed, and +> exit nonzero. I think that git then discards the pushed objects (or maybe +> they remain in the database until `git-gc` .. if so, that could be used +> to DOS by uploading junk, so need to check this point). +> +> Also, I've not verified that the objects have been recieved already when +> whe pre-receive hook is called. Although the docs seem to say that is the +> case. --[[Joey]] -- cgit v1.2.3 From d66fc7acf17a094759fcea32617fa441e629ae37 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Tue, 21 Oct 2008 12:18:22 -0400 Subject: updated with new thoughts on user checking --- doc/todo/applydiff_plugin.mdwn | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) (limited to 'doc/todo/applydiff_plugin.mdwn') diff --git a/doc/todo/applydiff_plugin.mdwn b/doc/todo/applydiff_plugin.mdwn index b8ddcd6ce..3439196f2 100644 --- a/doc/todo/applydiff_plugin.mdwn +++ b/doc/todo/applydiff_plugin.mdwn @@ -69,13 +69,15 @@ Also see [[joey]]'s idea on [[users/xma/discussion]], to allow (filtered) anonym > and use `parse_diff_tree` to get a list of the files changed. Then it > could determine if the changes were allowed. > -> To do that, it should perhaps first look at what unix user received the +> To do that, it should first look at what unix user received the > commit. That could be mapped directly to an ikiwiki user. This would -> typically be an unprivelidged user, but you might also want to set up -> separate users who have fewer limits on what they can push. OTOH, I'm not -> sure how to get this info in an ikiwiki wrapper.. the real and effective -> gid are already trampled. So maybe leave this out and always treat it as -> an anonymous edit from a non-logged in user? +> typically be an unprivelidged user (that was set up just to allow +> anonymous pushes), but you might also want to set up +> separate users who have fewer limits on what they can push. And, of +> course, pushes from the main user, who owns the wiki, would not be +> checked at all. So, let's say `$config{usermap}` is a hash, something +> like `{usera => "wikiusera", userb => "wikiuserb"}`, and pushes from +> users not in the hash are not checked. > > Then it seems like it would want to call `check_canedit` to test if an > edit to each changed page is allowed. Might also want to call -- cgit v1.2.3 From 0fde74b012781b41b3b1c844006062bcb1ae49ca Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Thu, 23 Oct 2008 18:16:55 -0400 Subject: update --- doc/todo/applydiff_plugin.mdwn | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'doc/todo/applydiff_plugin.mdwn') diff --git a/doc/todo/applydiff_plugin.mdwn b/doc/todo/applydiff_plugin.mdwn index 3439196f2..5f6333691 100644 --- a/doc/todo/applydiff_plugin.mdwn +++ b/doc/todo/applydiff_plugin.mdwn @@ -95,3 +95,8 @@ Also see [[joey]]'s idea on [[users/xma/discussion]], to allow (filtered) anonym > Also, I've not verified that the objects have been recieved already when > whe pre-receive hook is called. Although the docs seem to say that is the > case. --[[Joey]] + +>> Update: The git pre-receive hook stuff is written, and seems to work. +>> I think it makes more sense than using diffs, and so think this todo +>> could probably be closed. +>> --[[Joey]] -- cgit v1.2.3 From 7a89dbb8225b00ec7f1ee559f2b8daad8e0ae404 Mon Sep 17 00:00:00 2001 From: intrigeri Date: Fri, 24 Oct 2008 12:50:05 -0400 Subject: thanks, closing wishlist --- doc/todo/applydiff_plugin.mdwn | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'doc/todo/applydiff_plugin.mdwn') diff --git a/doc/todo/applydiff_plugin.mdwn b/doc/todo/applydiff_plugin.mdwn index 5f6333691..feb68a808 100644 --- a/doc/todo/applydiff_plugin.mdwn +++ b/doc/todo/applydiff_plugin.mdwn @@ -1,4 +1,4 @@ -[[!tag wishlist]] +[[!tag wishlist done]] [[!toc ]] @@ -100,3 +100,9 @@ Also see [[joey]]'s idea on [[users/xma/discussion]], to allow (filtered) anonym >> I think it makes more sense than using diffs, and so think this todo >> could probably be closed. >> --[[Joey]] + +>>> I agree, closing this. I really prefer this solution to the one I was +>>> initially proposing. +>>> Is this pre-receive hook already enabled on ikiwiki.info? +>>> If not, do you plan to enable it at some point? +>>> --[[intrigeri]] -- cgit v1.2.3 From 52856b307b6451076f82aa7f8f3d70f5ca162dda Mon Sep 17 00:00:00 2001 From: intrigeri Date: Fri, 24 Oct 2008 17:16:52 -0400 Subject: I was answered --- doc/todo/applydiff_plugin.mdwn | 2 ++ 1 file changed, 2 insertions(+) (limited to 'doc/todo/applydiff_plugin.mdwn') diff --git a/doc/todo/applydiff_plugin.mdwn b/doc/todo/applydiff_plugin.mdwn index feb68a808..d26b0dfe9 100644 --- a/doc/todo/applydiff_plugin.mdwn +++ b/doc/todo/applydiff_plugin.mdwn @@ -106,3 +106,5 @@ Also see [[joey]]'s idea on [[users/xma/discussion]], to allow (filtered) anonym >>> Is this pre-receive hook already enabled on ikiwiki.info? >>> If not, do you plan to enable it at some point? >>> --[[intrigeri]] + +>>>> [[news/git_push_to_this_wiki]] gave me the answer. Well done! --[[intrigeri]] -- cgit v1.2.3