| 1 |
2102
|
Luisehahne
|
#!/bin/sh
|
| 2 |
|
|
|
| 3 |
|
|
# START-COMMIT HOOK
|
| 4 |
|
|
#
|
| 5 |
|
|
# The start-commit hook is invoked immediately after a Subversion txn is
|
| 6 |
|
|
# created and populated with initial revprops in the process of doing a
|
| 7 |
|
|
# commit. Subversion runs this hook by invoking a program (script,
|
| 8 |
|
|
# executable, binary, etc.) named 'start-commit' (for which this file
|
| 9 |
|
|
# is a template) with the following ordered arguments:
|
| 10 |
|
|
#
|
| 11 |
|
|
# [1] REPOS-PATH (the path to this repository)
|
| 12 |
|
|
# [2] USER (the authenticated user attempting to commit)
|
| 13 |
|
|
# [3] CAPABILITIES (a colon-separated list of capabilities reported
|
| 14 |
|
|
# by the client; see note below)
|
| 15 |
|
|
# [4] TXN-NAME (the name of the commit txn just created)
|
| 16 |
|
|
#
|
| 17 |
|
|
# Note: The CAPABILITIES parameter is new in Subversion 1.5, and 1.5
|
| 18 |
|
|
# clients will typically report at least the "mergeinfo" capability.
|
| 19 |
|
|
# If there are other capabilities, then the list is colon-separated,
|
| 20 |
|
|
# e.g.: "mergeinfo:some-other-capability" (the order is undefined).
|
| 21 |
|
|
#
|
| 22 |
|
|
# Note: The TXN-NAME parameter is new in Subversion 1.8. Prior to version
|
| 23 |
|
|
# 1.8, the start-commit hook was invoked before the commit txn was even
|
| 24 |
|
|
# created, so the ability to inspect the commit txn and its metadata from
|
| 25 |
|
|
# within the start-commit hook was not possible.
|
| 26 |
|
|
#
|
| 27 |
|
|
# The list is self-reported by the client. Therefore, you should not
|
| 28 |
|
|
# make security assumptions based on the capabilities list, nor should
|
| 29 |
|
|
# you assume that clients reliably report every capability they have.
|
| 30 |
|
|
#
|
| 31 |
|
|
# The working directory for this hook program's invocation is undefined,
|
| 32 |
|
|
# so the program should set one explicitly if it cares.
|
| 33 |
|
|
#
|
| 34 |
|
|
# If the hook program exits with success, the commit continues; but
|
| 35 |
|
|
# if it exits with failure (non-zero), the commit is stopped before
|
| 36 |
|
|
# a Subversion txn is created, and STDERR is returned to the client.
|
| 37 |
|
|
#
|
| 38 |
|
|
# On a Unix system, the normal procedure is to have 'start-commit'
|
| 39 |
|
|
# invoke other programs to do the real work, though it may do the
|
| 40 |
|
|
# work itself too.
|
| 41 |
|
|
#
|
| 42 |
|
|
# Note that 'start-commit' must be executable by the user(s) who will
|
| 43 |
|
|
# invoke it (typically the user httpd runs as), and that user must
|
| 44 |
|
|
# have filesystem-level permission to access the repository.
|
| 45 |
|
|
#
|
| 46 |
|
|
# On a Windows system, you should name the hook program
|
| 47 |
|
|
# 'start-commit.bat' or 'start-commit.exe',
|
| 48 |
|
|
# but the basic idea is the same.
|
| 49 |
|
|
#
|
| 50 |
|
|
# The hook program typically does not inherit the environment of
|
| 51 |
|
|
# its parent process. For example, a common problem is for the
|
| 52 |
|
|
# PATH environment variable to not be set to its usual value, so
|
| 53 |
|
|
# that subprograms fail to launch unless invoked via absolute path.
|
| 54 |
|
|
# If you're having unexpected problems with a hook program, the
|
| 55 |
|
|
# culprit may be unusual (or missing) environment variables.
|
| 56 |
|
|
#
|
| 57 |
|
|
# Here is an example hook script, for a Unix /bin/sh interpreter.
|
| 58 |
|
|
# For more examples and pre-written hooks, see those in
|
| 59 |
|
|
# the Subversion repository at
|
| 60 |
|
|
# http://svn.apache.org/repos/asf/subversion/trunk/tools/hook-scripts/ and
|
| 61 |
|
|
# http://svn.apache.org/repos/asf/subversion/trunk/contrib/hook-scripts/
|
| 62 |
|
|
|
| 63 |
|
|
|
| 64 |
|
|
REPOS="$1"
|
| 65 |
|
|
USER="$2"
|
| 66 |
|
|
|
| 67 |
|
|
commit-allower.pl --repository "$REPOS" --user "$USER" || exit 1
|
| 68 |
|
|
special-auth-check.py --user "$USER" --auth-level 3 || exit 1
|
| 69 |
|
|
|
| 70 |
|
|
# All checks passed, so allow the commit.
|
| 71 |
|
|
exit 0
|