On Thu, Aug 4, 2022 at 12:31 AM Sun Chao via GitGitGadget
<gitgitgadget@xxxxxxxxx> wrote:
>
> Gerrit is implemented by JGit and is known as a centralized workflow system
> which supports reference-level access control for repository. If we choose
> to work in centralized workflow like what Gerrit provided, reference-level
> access control is needed and is possible if we add a reference advertise
> filter hook just like what Gerrit did.
>
> This hook would be invoked by 'git-receive-pack' and 'git-upload-pack'
> during the reference discovery phase and the commit fetching phase, each
> reference and will be filtered by this hook. Git server can put
> reference-level control process to this hook and the git client does not
> need to change or known about that.
>From the document you provided in patch 3/3, the hook returns not only
names of the references, but also OIDs. Since the oid of reference
should be provided as-is during the advertising phase, it is
sufficient for the hook to just return the visible reference names.
How about:
1. Implement a batch version of "ref_is_hidden()", such as
"refs_batch_hidden()", to turn on or turn off the hidden bit
for all references.
2. If there is an external hook, such as "hide-refs", call it instead
of the config variables such as "transfer.hideRefs" to filter refs
based on ACL and operations (read and write).
--
Jiang Xin
