From mboxrd@z Thu Jan  1 00:00:00 1970
From: valentin.haenel at gmx.de (Valentin Haenel)
Date: Thu, 1 Nov 2012 11:40:32 +0100
Subject: [PATCHv4 0/2] Authorize viewing a repository
In-Reply-To: <1351709440-29185-1-git-send-email-valentin.haenel@gmx.de>
References: <1350378927-10834-1-git-send-email-valentin.haenel@gmx.de>
 <1351709440-29185-1-git-send-email-valentin.haenel@gmx.de>
Message-ID: <20121101104032.GF31961@kudu.in-berlin.de>

* Valentin Haenel <valentin.haenel at gmx.de> [2012-10-31]:
> This is the fourth iteration of the patches to invoke an external helper for
> authorizing viewing of repositories. The significant changes are that now, no
> book-keeping of the REMOTE_USER or equivalent environment variable is done
> within cgit and the authorization helper must instead obtain this from the
> environment. Also, the authorization helper is no longer invoked via 'system',
> but instead using a 'fork/exec/wait' construct. Lastly, the external helper is
> no longer given any arguments, but must get the repository to authorize for,
> from the environment.  To this end, the same "CGIT_*" environment variables
> that are available to the filters are handed over. The cgit man page entry for
> the authorization helper has been updated to describe the environment available
> to the helper and the expected exit code.

One idea I had last night, was to rename 'authorization-helper' into
'authorization-filter'. Although it doesn't take anything on stdin and
returns nothing on stdout, the fact that it has the set of "CGIT_*" env
vars available does make it somewhat like a filter.

Opinions?

V-