[gentoo-commits] proj/gitolite-gentoo:upstream commit in: src/, doc/, conf/

[gentoo-commits] proj/gitolite-gentoo:upstream commit in: src/, doc/, conf/

[Christian Ruppert]

commit:     27081ad1c1f923487c571b9ecc4ef4cf3ced2b94
Author:     Sitaram Chamarty <sitaram <AT> atc <DOT> tcs <DOT> com>
AuthorDate: Sat Jan  1 14:18:18 2011 +0000
Commit:     Christian Ruppert <idl0r <AT> gentoo <DOT> org>
CommitDate: Sun Jan  2 04:51:39 2011 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/gitolite-gentoo.git;a=commit;h=27081ad1

new rc var: GL_ALL_READ_ALL

---
 conf/example.gitolite.rc |    4 +++-
 doc/gitolite.rc.mkd      |    7 +++++++
 src/gl-auth-command      |    9 +++++++--
 3 files changed, 17 insertions(+), 3 deletions(-)

diff --git a/conf/example.gitolite.rc b/conf/example.gitolite.rc
index 8626be1..9ee7840 100644
--- a/conf/example.gitolite.rc
+++ b/conf/example.gitolite.rc
@@ -33,8 +33,10 @@ $GL_BIG_CONFIG = 0;
 $GL_NO_DAEMON_NO_GITWEB = 0;
 
 # ------------------------------------------------------------------------------
-# VARIABLES WITH A SECURITY IMPACT
+# VARIABLES WITH A SECURITY IMPACT.  READ DOC WELL BEFORE CHANGING THESE.
+# http://github.com/sitaramc/gitolite/blob/pu/doc/gitolite.rc.mkd#_variables_with_a_security_impact
 # ------------------------------------------------------------------------------
+# $GL_ALL_READ_ALL = 0;
 $GIT_PATH="";
 $GL_GITCONFIG_KEYS = "";
 # $GL_GITCONFIG_WILD = 0;

diff --git a/doc/gitolite.rc.mkd b/doc/gitolite.rc.mkd
index ecf5758..e354ff0 100644
--- a/doc/gitolite.rc.mkd
+++ b/doc/gitolite.rc.mkd
@@ -96,6 +96,13 @@ test suite, my actual production use, my time, and sometimes (LDAP comes to
 mind) even my skill or resources available to me, and that therefore I depend
 on feedback from my users to find or fix issues.
 
+  * `$GL_ALL_READ_ALL`, boolean, default undef
+
+    Eliminates the access control check for read access.  Makes things much
+    (**much**!) faster when you have 10,000 projects and the compiled conf
+    file is more than 20MB in size!  **Double check with your boss or have a
+    new job lined up before setting this on!**
+
   * `$GIT_PATH`, string, default empty
 
     If git on your server is on a standard path (that is `ssh git@server git

diff --git a/src/gl-auth-command b/src/gl-auth-command
index 46cea7d..1ebacb5 100755
--- a/src/gl-auth-command
+++ b/src/gl-auth-command
@@ -32,7 +32,7 @@ use warnings;
 # ----------------------------------------------------------------------------
 
 # these are set by the "rc" file
-our ($GL_LOGT, $GL_CONF_COMPILED, $REPO_BASE, $GIT_PATH, $REPO_UMASK, $GL_ADMINDIR, $RSYNC_BASE, $HTPASSWD_FILE, $GL_WILDREPOS, $GL_WILDREPOS_DEFPERMS, $GL_ADC_PATH, $SVNSERVE, $PROJECTS_LIST, $GL_SLAVE_MODE, $GL_PERFLOGT);
+our ($GL_LOGT, $GL_CONF_COMPILED, $REPO_BASE, $GIT_PATH, $REPO_UMASK, $GL_ADMINDIR, $RSYNC_BASE, $HTPASSWD_FILE, $GL_WILDREPOS, $GL_WILDREPOS_DEFPERMS, $GL_ADC_PATH, $SVNSERVE, $PROJECTS_LIST, $GL_SLAVE_MODE, $GL_PERFLOGT, $GL_ALL_READ_ALL);
 # and these are set by gitolite.pm
 our ($R_COMMANDS, $W_COMMANDS, $REPONAME_PATT, $REPOPATT_PATT, $ADC_CMD_ARGS_PATT);
 our %repos;
@@ -227,7 +227,12 @@ $ENV{GL_REPO}=$repo;
 #       first level permissions check
 # ----------------------------------------------------------------------------
 
-my ($perm, $creator, $wild) = &repo_rights($repo);
+my ($perm, $creator, $wild);
+if ( $GL_ALL_READ_ALL and $verb =~ $R_COMMANDS and -d "$ENV{GL_REPO_BASE_ABS}/$repo.git") {
+    $perm = 'R';
+} else {
+    ($perm, $creator, $wild) = &repo_rights($repo);
+}
 if ($perm =~ /C/) {
     # it was missing, and you have create perms
     wrap_chdir("$ENV{GL_REPO_BASE_ABS}");