Authz question

Authz question

[mricon]

Hi, all:

Before I go look in the code, can someone tell me if the authentication
support in cgit hides the repositories to which the user has no access,
or just prevents accessing the actual content?

E.g. if user alice has no access to bobsrepo.git, will "bobsrepo.git"
still show up in the global index for her? If so, is there any mechanism
in place to hide it?

Best,
-- 
Konstantin Ryabitsev
Senior Systems Administrator
Linux Foundation Collab Projects
Montr?al, Qu?bec

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 713 bytes
Desc: OpenPGP digital signature
URL: <http://lists.zx2c4.com/pipermail/cgit/attachments/20140602/ac8456b1/attachment.asc>

Authz question

[Jason]

On Mon, Jun 2, 2014 at 11:18 PM, Konstantin Ryabitsev <mricon at kernel.org> wrote:
> Before I go look in the code, can someone tell me if the authentication
> support in cgit hides the repositories to which the user has no access,
> or just prevents accessing the actual content?

Just the actual content, but not the listing in the global index.

>
>  is there any mechanism
> in place to hide it?

Not at the moment. If you're going to deploy this feature on
kernel.org, though, I'd be happy to write support for it. What's your
use case?

Authz question

[mricon]

On 02/06/14 05:34 PM, Jason A. Donenfeld wrote:
>> Before I go look in the code, can someone tell me if the authentication
>> > support in cgit hides the repositories to which the user has no access,
>> > or just prevents accessing the actual content?
> Just the actual content, but not the listing in the global index.

That's what I figured from reading the sample authentication filter.

>> >  is there any mechanism
>> > in place to hide it?
> Not at the moment. If you're going to deploy this feature on
> kernel.org, though, I'd be happy to write support for it. What's your
> use case?

It's not for kernel.org -- we don't have a reason to run read-restricted
AuthZ stuff there. It's for another LF project that wants to be able to
do private repositories with a web frontend. It's not a critical
requirement for them to restrict repo listing, but it's certainly a
nice-to-have.

Best,
-- 
Konstantin Ryabitsev
Senior Systems Administrator
Linux Foundation Collab Projects
Montr?al, Qu?bec

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 713 bytes
Desc: OpenPGP digital signature
URL: <http://lists.zx2c4.com/pipermail/cgit/attachments/20140602/654c37a5/attachment.asc>

Authz question

[mricon]

On 02/06/14 05:34 PM, Jason A. Donenfeld wrote:
>> >  is there any mechanism
>> > in place to hide it?
> Not at the moment. If you're going to deploy this feature on
> kernel.org, though, I'd be happy to write support for it. What's your
> use case?

Jason:

It seems that the easiest way to do this would be to add an
"index-filter" that will accept a list of repositories and return a
culled list of repositories that cgit will actually display. This has
uses beyond just auth-filter -- for example, someone may choose to
always hide a repository (e.g. a repository called "gitolite-admin"
should never really be displayed, or repository with "confidential" in
description, etc).

Best,
-- 
Konstantin Ryabitsev
Senior Systems Administrator
Linux Foundation Collab Projects
Montr?al, Qu?bec

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 538 bytes
Desc: OpenPGP digital signature
URL: <http://lists.zx2c4.com/pipermail/cgit/attachments/20140606/64d4e045/attachment.asc>