ejucovy  committed 4f6bc5d

Don't let users disable the trac system user's permissions on the gitolite-admin repository

  • Participants
  • Parent commits 1aef27f
  • Branches default

Comments (0)

Files changed (1)

File trac_gitolite/

+import getpass
 import json
 import pkg_resources
     gitolite_admin_ssh_path = Option('trac-gitolite', 'admin_ssh_path',
+    gitolite_admin_real_reponame = Option('trac-gitolite', 'admin_real_reponame',
+                                          default="gitolite-admin")
+    gitolite_admin_system_user = Option('trac-gitolite', 'admin_system_user',
+                                        default="trac")
     def get_users(self):
         repo = self.env.get_repository(reponame=self.gitolite_admin_reponame)
         for child in node.get_entries():
             name = child.get_name()
             assert name.endswith(".pub"), "Node %s" % name
-            yield name[:-4]
+            name = name[:-4]
+            yield name
     def read_config(self):
         repo = self.env.get_repository(reponame=self.gitolite_admin_reponame)
                 if user not in perms[repo][perm]:
+            system_user_perms = perms.get(self.gitolite_admin_real_reponame, {}).get(self.gitolite_admin_system_user, [])
+            if 'R' not in system_user_perms or 'W' not in system_user_perms:
+                add_warning(req, _('Read and write permissions on the gitolite admin repo must not be revoked for user %s -- otherwise this plugin will no longer work!' % self.gitolite_admin_system_user))
+                req.redirect(req.href.admin(category, page))
             utils.save_file(self.gitolite_admin_ssh_path, 'conf/gitolite.conf', 
                             _('Updating repository permissions'))