From 4669eab596c8d90de0cf9f9d359ad8dd8f48edb5 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Thu, 23 Oct 2008 16:29:50 -0400 Subject: more work on untrusted committers Wired up check_canedit and check_canremove, still need to deal with check_canattach, and test. --- doc/plugins/write.mdwn | 24 ++++++++++++++++++------ doc/rcs/git.mdwn | 2 +- 2 files changed, 19 insertions(+), 7 deletions(-) (limited to 'doc') diff --git a/doc/plugins/write.mdwn b/doc/plugins/write.mdwn index 5a5db6be0..9f096e4f7 100644 --- a/doc/plugins/write.mdwn +++ b/doc/plugins/write.mdwn @@ -820,14 +820,26 @@ it up in the history. It's ok if this is not implemented, and throws an error. -#### `rcs_test_receive()` +#### `rcs_receive()` -This is used to test if changes pushed into the RCS should be accepted. -Ikiwiki will be running as a pre-receive hook (or equivilant) and should -examine the incoming changes, decide if they are allowed, and communicate -that to the RCS. +This is called when ikiwiki is running as a pre-receive hook (or +equivilant), and is testing if changes pushed into the RCS from an +untrusted user should be accepted. This is optional, and doesn't make +sense to implement for all RCSs. -This is optional, and doesn't make sense for all RCSs. +It should examine the incoming changes, and do any sanity +checks that are appropriate for the RCS to limit changes to safe file adds, +removes, and renames. If something bad is found, it should exit +nonzero, to abort the push. Otherwise, it should return a list of +files that were changed, in the form: + + { + file => # name of file that was changed + action => # either "add", "change", or "remove" + } + +The list will then be checked to make sure that each change is one that +is allowed to be made via the web interface. ### PageSpec plugins diff --git a/doc/rcs/git.mdwn b/doc/rcs/git.mdwn index 2a6feecf5..6ba0da894 100644 --- a/doc/rcs/git.mdwn +++ b/doc/rcs/git.mdwn @@ -116,7 +116,7 @@ committers. Trusted committers, including the user that ikiwiki runs as, will not have their commits checked by the `pre-receive` hook. Untrusted committers will have their commits checked. The configuration settings to enable are `git_test_receive_wrapper`, which enables generation of a -`pre-receive` hook, and `git_untrusted_committers`, which is a list of +`pre-receive` hook, and `untrusted_committers`, which is a list of usernames of the untrusted committers. Note that when the `pre-receive` hook is checking incoming changes, it -- cgit v1.2.3