我想要实现的是,@dev组可以自己创建回购,在dev/分支上执行任何操作,但只能推送到自己的回购master分支,并且只读取其他开发人员master分支。
我在gitolite.conf中设置了我的规则:
@projects = projects/..*
repo @projects
C = @devs
- master$ = @devs
RW+ master$ = CREATOR
RW+ = @admin TRUSTED
RW+ dev/ = @devs
RW = @devs
当我检查特定开发者的访问权限时,我希望他能够阅读master,结果是否已被拒绝?
gitolite access -s projects/a1 [dev-member] R master
legend:
d => skipped deny rule due to ref unknown or 'any',
r => skipped due to refex not matching,
p => skipped due to perm (W, +, etc) not matching,
D => explicitly denied,
A => explicitly allowed,
F => denied due to fallthru (no rules matched)
p gitolite.conf:37 C = @devs
D gitolite.conf:39 - master$ = @devs
R refs/heads/master projects/a1 [dev-member] DENIED by refs/heads/master$
对于我来说,这个回购的创建者也是如此,所以我甚至无法阅读我自己的master分支。我该如何解决这个问题?
更令人困惑的是以下案例:
鉴于branquito位于@admin组中。
gitolite access -s projects/a1 branquito W master
legend:
...
p gitolite.conf:37 C = @devs
D gitolite.conf:38 - master$ = @devs
W refs/heads/master projects/a1 branquito DENIED by refs/heads/master$
但是:
gitolite access -s projects/a1 @admin W master
legend:
...
A gitolite.conf:40 RW+ = @admin TRUSTED
refs/.*