Fix up the setup command and document all the things
--- a/setup/command.go Tue Sep 10 02:22:13 2019 -0500
+++ b/setup/command.go Tue Sep 10 21:18:34 2019 -0500
@@ -47,8 +47,15 @@
// we're copying a regular file now, so figure out the paths so we can
- // create them if necessary.- absname := filepath.Join(path, name)+ // create them if necessary. We have to special case dothg because + // using .hg causes issues + if strings.HasPrefix(name, "/dothg/") { + absname = filepath.Join(path, ".hg", name[7:]) + absname = filepath.Join(path, name) dirname := filepath.Dir(absname)
// if we don't have the directory create it
@@ -71,7 +78,7 @@
- if !strings.HasPrefix(rel, ".hg/") {+ if !strings.HasPrefix(rel, fmt.Sprintf(".hg%c", filepath.Separator)) { filenames = append(filenames, rel)
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/setup/resources/README.md Tue Sep 10 21:18:34 2019 -0500
@@ -0,0 +1,11 @@
+This repository is used to manage keys for hgkeeper. This is done by +organizing ssh public keys in the keys directory. +Files in the keys directory should be named after the user the belong to and +contain the ssh public keys for that user. The name of the file is used in +access.yaml as the users/group name. --- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/setup/resources/dothg/hgrc Tue Sep 10 21:18:34 2019 -0500
@@ -0,0 +1,8 @@
+# this file was created by hgkeeper, do not modify +changegroup.aaba = hg update -C default > /dev/null +changegroup.aaca = hg purge --all > /dev/null --- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/setup/resources/model.conf Tue Sep 10 21:18:34 2019 -0500
@@ -0,0 +1,25 @@
+# This is a https://casbin.org model for implementing role based access control. +# This model is nearly identical to the `RBAC with deny-override` define on +# https://casbin.org/en/editor, but has the addition of falling back to a +# "public" user/subject in the matcher if the requested role does not match +# In theory you should be able to swap this model out with another one that fits +# your needs (remembering to update your policy.csv as well), but this has not +e = some(where (p.eft == allow)) && !some(where (p.eft == deny)) +m = (g(r.sub, p.sub) || p.sub == "public") && keyMatch(r.obj, p.obj) && access(r.act, p.act) --- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/setup/resources/policy.csv Tue Sep 10 21:18:34 2019 -0500
@@ -0,0 +1,46 @@
+# This is the default hgkeeper access policy. If you have not yet read +# README.md in this directory, please read it first. +# This file contains the access policies as well as groups for all access +# The format of each policy is: +# p, user/group, pathspec, permission, effect +# * p is required to define that this is a policy. +# * user/group is the name of the user or group that this policy is affecting. +# * pathspec is glob like pattern of repositories to affect. +# * permission is one of read, write, or init. If a user has write access, they +# also have read access. Likewise, init access grants read and write access +# * effect is one of allow or deny. +# More than one policy can match, but if any of the matching policies is a deny, +# then the deny is honored and the user is denied permission. +# allow all authenticated users to read everything +p, public, /*, read, allow +# give users in the admins group the ability to create repositories everywhere. +p, admins, /*, init, allow +# deny authenticated, but not explicitly defined users read access to the +p, public, /hgkeeper, read, deny +# The format of a group is as follows: +# * g is required to define that this is a group. +# * user is the username that is being added to the group. +# * group is the name of the group. +# To add your user to the admins group you would replace my-username with your +# username in the following example: +# g, my-username, admins
