search: move permissions handling to InboxWritable

[public-inbox.git] / lib / PublicInbox / InboxWritable.pm

diff --git a/lib/PublicInbox/InboxWritable.pm b/lib/PublicInbox/InboxWritable.pm
index 82834f08abbb9b2295329ac077f72a2ffc16c924..92b9016e73401f23f6d68ad268251e5af94ebdae 100644 (file)
--- a/lib/PublicInbox/InboxWritable.pm
+++ b/lib/PublicInbox/InboxWritable.pm
@@ -10,6 +10,14 @@ use PublicInbox::Import;
 use PublicInbox::Filter::Base;
 *REJECT = *PublicInbox::Filter::Base::REJECT;
 
+use constant {
+       PERM_UMASK => 0,
+       OLD_PERM_GROUP => 1,
+       OLD_PERM_EVERYBODY => 2,
+       PERM_GROUP => 0660,
+       PERM_EVERYBODY => 0664,
+};
+
 sub new {
        my ($class, $ibx) = @_;
        bless $ibx, $class;
@@ -157,4 +165,67 @@ sub import_mbox {
        $im->done;
 }
 
+sub _read_git_config_perm {
+       my ($self) = @_;
+       my @cmd = qw(config);
+       if (($self->{version} ||= 1) == 2) {
+               push @cmd, "--file=$self->{mainrepo}/all.git/config";
+       }
+       chomp(my $perm = $self->git->qx(@cmd, 'core.sharedRepository'));
+       $perm;
+}
+
+sub _git_config_perm {
+       my $self = shift;
+       my $perm = scalar @_ ? $_[0] : _read_git_config_perm($self);
+       return PERM_GROUP if (!defined($perm) || $perm eq '');
+       return PERM_UMASK if ($perm eq 'umask');
+       return PERM_GROUP if ($perm eq 'group');
+       if ($perm =~ /\A(?:all|world|everybody)\z/) {
+               return PERM_EVERYBODY;
+       }
+       return PERM_GROUP if ($perm =~ /\A(?:true|yes|on|1)\z/);
+       return PERM_UMASK if ($perm =~ /\A(?:false|no|off|0)\z/);
+
+       my $i = oct($perm);
+       return PERM_UMASK if ($i == PERM_UMASK);
+       return PERM_GROUP if ($i == OLD_PERM_GROUP);
+       return PERM_EVERYBODY if ($i == OLD_PERM_EVERYBODY);
+
+       if (($i & 0600) != 0600) {
+               die "core.sharedRepository mode invalid: ".
+                   sprintf('%.3o', $i) . "\nOwner must have permissions\n";
+       }
+       ($i & 0666);
+}
+
+sub _umask_for {
+       my ($perm) = @_; # _git_config_perm return value
+       my $rv = $perm;
+       return umask if $rv == 0;
+
+       # set +x bit if +r or +w were set
+       $rv |= 0100 if ($rv & 0600);
+       $rv |= 0010 if ($rv & 0060);
+       $rv |= 0001 if ($rv & 0006);
+       (~$rv & 0777);
+}
+
+sub with_umask {
+       my ($self, $cb) = @_;
+       my $old = umask $self->{umask};
+       my $rv = eval { $cb->() };
+       my $err = $@;
+       umask $old;
+       die $err if $err;
+       $rv;
+}
+
+sub umask_prepare {
+       my ($self) = @_;
+       my $perm = _git_config_perm($self);
+       my $umask = _umask_for($perm);
+       $self->{umask} = $umask;
+}
+
 1;