diff options
| -rwxr-xr-x | usr/local/sbin/addaccess | 34 | ||||
| -rwxr-xr-x | usr/local/sbin/rmaccess | 34 | ||||
| -rw-r--r-- | usr/src/libpiny/lib/Piny/Group.pm | 24 | ||||
| -rw-r--r-- | usr/src/libpiny/lib/Piny/Repo.pm | 47 | ||||
| -rw-r--r-- | usr/src/libpiny/lib/Piny/User.pm | 29 |
5 files changed, 111 insertions, 57 deletions
diff --git a/usr/local/sbin/addaccess b/usr/local/sbin/addaccess index b1b2916..e2817ca 100755 --- a/usr/local/sbin/addaccess +++ b/usr/local/sbin/addaccess @@ -3,37 +3,17 @@ use strict; use warnings; -my( $reponame, $uid, $gitowner); +use Piny; -if ( ( ! scalar $ARGV[1] ) or ( scalar $ARGV[2] ) ) { # must have exactly two arguments - print( "Usage: addaccess USER REPONAME\n" ); - exit( 1 ); -} elsif ( ( $ARGV[0] !~ /^[a-zA-Z0-9_.][a-zA-Z0-9_.-]+$/ ) or ( $ARGV[1] !~ /^[a-z0-9][a-z0-9-]+$/ ) ) { # Extra paranoid sanity checking - print( "Usage: addaccess USER REPONAME\n" ); - print( " USER must consist only of letters, digits, underscores, periods, and dashes, and not start with a dash.\n" ); - print( " REPONAME must consist only of lower case letters (a-z), digits (0-9), and minus (-) signs.\n" ); - print( " REPONAME must be at least two characters long and must start with an alphanumeric character.\n" ); - exit( 1 ); -} else { - $reponame = $ARGV[1]; -}; - -open (PASSWD, '/etc/passwd'); -while(<PASSWD>) { - if( $_ =~ /^$ENV{SUDO_USER}:.+?:(.+?):/ ) { $uid = $1; }; # grabbing uid. -}; -close(PASSWD); +my $env = Piny::Environment->new( ); -unless( -d "/srv/git/$reponame.git" ) { - print( "/srv/git/$reponame.git doesn't exist!\n" ); - exit( 2 ); -}; +my ( $reponame, @users ) = @ARGV; -$gitowner = (stat( "/srv/git/$reponame.git" ))[4]; # grab owner uid of repository +my $repo = Piny::Repo->new( $reponame ); -if( ( $gitowner != $uid ) and ( $gitowner != 65534 ) ) { - print( "$reponame is not owned by you!\n" ); +if ( $repo->user->uid != $env->user->uid ) { + print "You are not the owner of that repo!\n"; exit( 3 ); }; -system( "/usr/sbin/adduser $ARGV[0] git-$reponame" ); +$repo->add_access( @users ); diff --git a/usr/local/sbin/rmaccess b/usr/local/sbin/rmaccess index 06b4f07..86b2dd0 100755 --- a/usr/local/sbin/rmaccess +++ b/usr/local/sbin/rmaccess @@ -3,37 +3,17 @@ use strict; use warnings; -my( $reponame, $uid, $gitowner); +use Piny; -if ( ( ! scalar $ARGV[1] ) or ( scalar $ARGV[2] ) ) { # must have exactly two arguments - print( "Usage: rmaccess USER REPONAME\n" ); - exit( 1 ); -} elsif ( ( $ARGV[0] !~ /^[a-zA-Z0-9_.][a-zA-Z0-9_.-]+$/ ) or ( $ARGV[1] !~ /^[a-z0-9][a-z0-9-]+$/ ) ) { # Extra paranoid sanity checking - print( "Usage: rmaccess USER REPONAME\n" ); - print( " USER must consist only of letters, digits, underscores, periods, and dashes, and not start with a dash.\n"); - print( " REPONAME must consist only of lower case letters (a-z), digits (0-9), and minus (-) signs.\n" ); - print( " REPONAME must be at least two characters long and must start with an alphanumeric character.\n" ); - exit( 1 ); -} else { - $reponame = $ARGV[1]; -}; - -open (PASSWD, '/etc/passwd'); -while(<PASSWD>) { - if( $_ =~ /^$ENV{SUDO_USER}:.+?:(.+?):/ ) { $uid = $1; }; # grabbing uid. -}; -close(PASSWD); +my $env = Piny::Environment->new( ); -unless( -d "/srv/git/$reponame.git" ) { - print( "/srv/git/$reponame.git doesn't exist!\n" ); - exit( 2 ); -}; +my ( $reponame, @users ) = @ARGV; -$gitowner = (stat( "/srv/git/$reponame.git" ))[4]; # grab owner uid of repository +my $repo = Piny::Repo->new( $reponame ); -if( ( $gitowner != $uid ) and ( $gitowner != 65534 ) ) { - print( "$reponame is not owned by you!\n" ); +if ( $repo->user->uid != $env->user->uid ) { + print "You are not the owner of that repo!\n"; exit( 3 ); }; -system( "/usr/sbin/deluser $ARGV[0] git-$reponame" ); +$repo->remove_access( @users ); diff --git a/usr/src/libpiny/lib/Piny/Group.pm b/usr/src/libpiny/lib/Piny/Group.pm index 4b957a7..c1df42d 100644 --- a/usr/src/libpiny/lib/Piny/Group.pm +++ b/usr/src/libpiny/lib/Piny/Group.pm @@ -35,6 +35,30 @@ has 'members' => , init_arg => undef ); +# Public methods + +sub add_member { + my ( $s, @users ) = @_; + + foreach my $user ( @users ) { + system( "adduser", $user->username( ), $s->groupname( ) ); + $user->clear_groups( ); + }; + + $s->clear_members( ); +}; + +sub remove_member { + my ( $s, @users ) = @_; + + foreach my $user ( @users ) { + system( "deluser", $user->username( ), $s->groupname( ) ); + $user->clear_groups( ); + }; + + $s->clear_members( ); +}; + # Builder methods # If constructed with just one argument, then diff --git a/usr/src/libpiny/lib/Piny/Repo.pm b/usr/src/libpiny/lib/Piny/Repo.pm index 4783960..6dcabca 100644 --- a/usr/src/libpiny/lib/Piny/Repo.pm +++ b/usr/src/libpiny/lib/Piny/Repo.pm @@ -4,20 +4,43 @@ package Piny::Repo; use Moose; +use Moose::Util::TypeConstraints; use File::Find qw( find ); +use Piny::Group; use Piny::User; +# Types + +subtype 'Reponame' + => as 'Str' + => where { $_ =~ /^[a-zA-Z0-9][a-zA-Z0-9_.-]*$/ } + => message { 'That name is not in the correct format for a piny repo.' } + ; + +subtype 'SimpleText' + => as 'Str' + => where { $_ =~ /^[\x{0020}-\x{FDCF}\x{FDF0}-\x{FFFD}]{1,80}$/ } + => message { 'That description is not in the correct format for a piny repo.' } + ; + # Attributes has 'name' => ( is => 'rw' - , isa => 'Str' + , isa => 'Reponame' , trigger => \&_rename_repo , required => 1 ); +has 'group' => + ( is => 'ro' + , isa => 'Piny::Group' + , lazy_build => 1 + , init_arg => undef + ); + has 'path' => ( is => 'ro' , isa => 'Str' @@ -27,7 +50,7 @@ has 'path' => has 'description' => ( is => 'rw' - , isa => 'Str' + , isa => 'SimpleText' , trigger => \&_set_description , lazy_build => 1 , init_arg => undef @@ -62,6 +85,20 @@ has 'globally_writable' => , init_arg => undef ); +# Public methods + +sub add_access { + my ( $s, @users ) = @_; + + $s->group( )->add_member( @users ); +}; + +sub remove_access { + my ( $s, @users ) = @_; + + $s->group( )->remove_member( @users ); +}; + # Triggers sub _rename_repo { @@ -108,6 +145,12 @@ around BUILDARGS => sub { }; }; +sub _build_group { + my ( $s ) = @_; + + return Piny::Group->new( groupname => "git-" . $s->name( ) ); +}; + sub _build_path { my ( $s ) = @_; diff --git a/usr/src/libpiny/lib/Piny/User.pm b/usr/src/libpiny/lib/Piny/User.pm index 53e310b..e4b865c 100644 --- a/usr/src/libpiny/lib/Piny/User.pm +++ b/usr/src/libpiny/lib/Piny/User.pm @@ -4,10 +4,19 @@ package Piny::User; use Moose; +use Moose::Util::TypeConstraints; use Piny::Email; use Piny::Group; +# Types + +subtype 'Username' + => as 'Str' + => where { $_ =~ /^(?!(git|ikiwiki)-)[[a-zA-Z0-9][a-zA-Z0-9_.-]*$/ } + => message { 'That username is not in the correct format for a piny user.' } + ; + # Attributes has 'uid' => @@ -18,7 +27,7 @@ has 'uid' => has 'username' => ( is => 'ro' - , isa => 'Str' + , isa => 'Username' , lazy_build => 1 ); @@ -50,6 +59,24 @@ has 'groups' => , init_arg => undef ); +# Public methods + +sub add_group { + my ( $s, @groups ) = @_; + + foreach my $group ( @groups ) { + $group->add_member( $s ); + }; +}; + +sub remove_group { + my ( $s, @groups ) = @_; + + foreach my $group ( @groups ) { + $group->remove_member( $s ); + }; +}; + # Builder methods # If constructed with just one argument, then |