Gitolite permissions: How use the “-” thing?

2019-06-01 04:06发布

问题:

I'm trying to set up my Gitolite permissions but I'm not really sure how to use the - thing.

Situation: I have two groups; @gatekeepers and @devs. I want both groups to be able to work in all remote branches except the master branch. They are supposed to be able to pull the master branch though.

So far I have this, but I'm positive that it doesn't work:

repo foo
    - master = @devs @gatekeepers
    RW+     = @devs @gatekeepers

If I understand it correctly, this disallow the groups from doing anything at all (reading or writing) to the master branch.

What is the way to do this properly?

回答1:

For the stated purpose (which IIUC is disallow push to master), the original code in the question is fine; it does indeed prevent push to master to both groups mentioned.

Adding the deny-rules option makes it so no one can even clone.

Recap: the deny-rules option makes it so that deny rules are honored for the pre-git access check also. This means, (as the doc says), refexes are ignored -- in fact you don't even know what ref will be pushed, even if it is a push operation.