--- a/access/access.go Wed Apr 12 23:51:38 2023 -0500
+++ b/access/access.go Wed Apr 12 23:57:06 2023 -0500
@@ -125,3 +125,7 @@
func CanInit(user, repo string) bool {
return check(user, repo, "init")
+func CanRemove(user, repo string) bool { + return check(user, repo, "remove") --- a/access/repositories.go Wed Apr 12 23:51:38 2023 -0500
+++ b/access/repositories.go Wed Apr 12 23:57:06 2023 -0500
@@ -7,6 +7,11 @@
+func IsExistingRepo(repo string) bool { + _, ok := repositories[repo] func IsInExistingRepo(repo string) bool {
for existingRepo := range repositories {
--- a/hg/parser.go Wed Apr 12 23:51:38 2023 -0500
+++ b/hg/parser.go Wed Apr 12 23:57:06 2023 -0500
@@ -15,6 +15,10 @@
+ Repo string `kong:"arg"` func ParseCommandArguments(cmd string) (string, CommandArguments, error) {
--- a/setup/resources/policy.csv.template Wed Apr 12 23:51:38 2023 -0500
+++ b/setup/resources/policy.csv.template Wed Apr 12 23:57:06 2023 -0500
@@ -24,6 +24,10 @@
# give users in the admins group the ability to create repositories everywhere.
p, admins, /*, init, allow
+# give users in the admins group the ability to remove repositories. +# The admin repository /hgkeeper cannot be removed. +#p, admins, /*, remove, allow # deny authenticated, but not explicitly defined users read access to the
p, public, {{.AdminRepo}}, read, deny
@@ -53,5 +57,8 @@
# give the write action read permission
+# give the remove action read permission # give the init action write permission (which has read)
--- a/ssh/commands/commands.go Wed Apr 12 23:51:38 2023 -0500
+++ b/ssh/commands/commands.go Wed Apr 12 23:57:06 2023 -0500
@@ -23,6 +23,8 @@
return NewServe(reposPath, values.Hg.Repo), nil
return NewInit(reposPath, values.Hg.Init.Repo), nil
+ return NewRemove(reposPath, values.Rm.Repo), nil return nil, fmt.Errorf("unknown command %s", cmd)