ponymail-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From s...@apache.org
Subject [incubator-ponymail] branch master updated: Add sample committer-only list auth
Date Thu, 18 Apr 2019 15:37:49 GMT
This is an automated email from the ASF dual-hosted git repository.

sebb pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-ponymail.git


The following commit(s) were added to refs/heads/master by this push:
     new bf4ce84  Add sample committer-only list auth
bf4ce84 is described below

commit bf4ce84681bd2adb48930b6b0405948229eac74d
Author: Sebb <sebb@apache.org>
AuthorDate: Thu Apr 18 16:37:43 2019 +0100

    Add sample committer-only list auth
---
 aaa_examples/aaa_with_ldap.lua | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/aaa_examples/aaa_with_ldap.lua b/aaa_examples/aaa_with_ldap.lua
index 2cff365..aa90308 100644
--- a/aaa_examples/aaa_with_ldap.lua
+++ b/aaa_examples/aaa_with_ldap.lua
@@ -47,6 +47,21 @@ local function isMember(uid)
     return nil ~= data:match("dn: cn=member,ou=groups,dc=apache,dc=org")
 end
 
+-- Is $uid a committer of the ASF?
+local function isCommitter(uid)
+    -- Check for valid chars. Important since the uid is passed to the shell.
+    if not uid:match("^[-a-z0-9_.]+$") then
+        return false
+    end
+    local ldapdata = io.popen(([[ldapsearch -x -LLL -b ou=people,dc=apache,dc=org '(uid=%s)'
dn]]):format(uid))
+    -- This returns a string starting with 'dn: uid=uid,ou=people,dc=apache,dc=org' or the
empty string.
+    local data = ldapdata:read("*a")
+    return nil ~= data:match(("dn: uid=%s,ou=people,dc=apache,dc=org"):format(uid))
+end
+
+-- additional top-level lists (*.apache.org) to which committers are entitled
+local LISTS = {"committers", "list2"} -- etc
+
 -- Get a list of domains the user has private email access to (or wildcard if org member)
 local function getRights(r, usr)
     local uid = usr.credentials.uid
@@ -65,10 +80,17 @@ local function getRights(r, usr)
         table.insert(rights, "*")
     -- otherwise, get PMC list and construct array
     else
+        -- Add the PMC lists
         local list = getPMCs(uid)
         for k, v in pairs(list) do
             table.insert(rights, v .. ".apache.org")
         end
+        -- Add the lists for all committers
+        if isCommitter(uid) then
+            for k, v in ipairs(LISTS) do
+                table.insert(rights, v .. ".apache.org")
+            end
+        end
     end
     r:ivm_set(USER_KEY, JSON.encode(rights))
     return rights


Mime
View raw message