[31] | 1 | #!/bin/sh |
---|
| 2 | |
---|
| 3 | # START-COMMIT HOOK |
---|
| 4 | # |
---|
| 5 | # The start-commit hook is invoked before a Subversion txn is created |
---|
| 6 | # in the process of doing a commit. Subversion runs this hook |
---|
| 7 | # by invoking a program (script, executable, binary, etc.) named |
---|
| 8 | # 'start-commit' (for which this file is a template) |
---|
| 9 | # with the following ordered arguments: |
---|
| 10 | # |
---|
| 11 | # [1] REPOS-PATH (the path to this repository) |
---|
| 12 | # [2] USER (the authenticated user attempting to commit) |
---|
| 13 | # [3] CAPABILITIES (a colon-separated list of capabilities reported |
---|
| 14 | # by the client; see note below) |
---|
| 15 | # |
---|
| 16 | # Note: The CAPABILITIES parameter is new in Subversion 1.5, and 1.5 |
---|
| 17 | # clients will typically report at least the "mergeinfo" capability. |
---|
| 18 | # If there are other capabilities, then the list is colon-separated, |
---|
| 19 | # e.g.: "mergeinfo:some-other-capability" (the order is undefined). |
---|
| 20 | # |
---|
| 21 | # The list is self-reported by the client. Therefore, you should not |
---|
| 22 | # make security assumptions based on the capabilities list, nor should |
---|
| 23 | # you assume that clients reliably report every capability they have. |
---|
| 24 | # |
---|
| 25 | # The working directory for this hook program's invocation is undefined, |
---|
| 26 | # so the program should set one explicitly if it cares. |
---|
| 27 | # |
---|
| 28 | # If the hook program exits with success, the commit continues; but |
---|
| 29 | # if it exits with failure (non-zero), the commit is stopped before |
---|
| 30 | # a Subversion txn is created, and STDERR is returned to the client. |
---|
| 31 | # |
---|
| 32 | # On a Unix system, the normal procedure is to have 'start-commit' |
---|
| 33 | # invoke other programs to do the real work, though it may do the |
---|
| 34 | # work itself too. |
---|
| 35 | # |
---|
| 36 | # Note that 'start-commit' must be executable by the user(s) who will |
---|
| 37 | # invoke it (typically the user httpd runs as), and that user must |
---|
| 38 | # have filesystem-level permission to access the repository. |
---|
| 39 | # |
---|
| 40 | # On a Windows system, you should name the hook program |
---|
| 41 | # 'start-commit.bat' or 'start-commit.exe', |
---|
| 42 | # but the basic idea is the same. |
---|
| 43 | # |
---|
| 44 | # The hook program typically does not inherit the environment of |
---|
| 45 | # its parent process. For example, a common problem is for the |
---|
| 46 | # PATH environment variable to not be set to its usual value, so |
---|
| 47 | # that subprograms fail to launch unless invoked via absolute path. |
---|
| 48 | # If you're having unexpected problems with a hook program, the |
---|
| 49 | # culprit may be unusual (or missing) environment variables. |
---|
| 50 | # |
---|
| 51 | # Here is an example hook script, for a Unix /bin/sh interpreter. |
---|
| 52 | # For more examples and pre-written hooks, see those in |
---|
| 53 | # the Subversion repository at |
---|
| 54 | # http://svn.collab.net/repos/svn/trunk/tools/hook-scripts/ and |
---|
| 55 | # http://svn.collab.net/repos/svn/trunk/contrib/hook-scripts/ |
---|
| 56 | |
---|
| 57 | |
---|
| 58 | REPOS="$1" |
---|
| 59 | USER="$2" |
---|
| 60 | |
---|
| 61 | commit-allower.pl --repository "$REPOS" --user "$USER" || exit 1 |
---|
| 62 | special-auth-check.py --user "$USER" --auth-level 3 || exit 1 |
---|
| 63 | |
---|
| 64 | # All checks passed, so allow the commit. |
---|
| 65 | exit 0 |
---|