> On Aug 10, 2022, at 09:06, Jiang Xin <worldhello.net@xxxxxxxxx> wrote: > > On Thu, Aug 4, 2022 at 12:31 AM Sun Chao via GitGitGadget > <gitgitgadget@xxxxxxxxx> wrote: >> >> Gerrit is implemented by JGit and is known as a centralized workflow system >> which supports reference-level access control for repository. If we choose >> to work in centralized workflow like what Gerrit provided, reference-level >> access control is needed and is possible if we add a reference advertise >> filter hook just like what Gerrit did. >> >> This hook would be invoked by 'git-receive-pack' and 'git-upload-pack' >> during the reference discovery phase and the commit fetching phase, each >> reference and will be filtered by this hook. Git server can put >> reference-level control process to this hook and the git client does not >> need to change or known about that. > > From the document you provided in patch 3/3, the hook returns not only > names of the references, but also OIDs. Since the oid of reference > should be provided as-is during the advertising phase, it is > sufficient for the hook to just return the visible reference names. > > How about: > 1. Implement a batch version of "ref_is_hidden()", such as > "refs_batch_hidden()", to turn on or turn off the hidden bit > for all references. > > 2. If there is an external hook, such as "hide-refs", call it instead > of the config variables such as "transfer.hideRefs" to filter refs > based on ACL and operations (read and write). > > -- > Jiang Xin > Thanks a lot, Jiang Xin. Your suggestion is right, for protocol V1 we do not need to filter the OIDs, and there should be a configuration to turn on/off the hidden bit, I will try to add such kind of configuration, maybe "transfer.hideRefs" is a good choice. And after received Junio's reply I also did tests for V2, I find that even I hide all the refs (by "git config transfer.hiderefs refs/" in upstream) the client can still fetch specific object by it’s object id, here is the trace log: ``` ............................. trace: built-in: git fetch origin 5585e358b2a240ca8ed65a00008dbc865a1381c1 ............................. packet: fetch< version 2 ............................. packet: fetch< agent=git/2.37.1.288.gef002b009d ............................. packet: fetch> command=ls-refs # the server does not advertise any refs ............................. packet: fetch< 0000 ............................. packet: fetch> command=fetch # the client send the want command with object oid ............................. packet: fetch> want 5585e358b2a240ca8ed65a00008dbc865a1381c1 ............................. packet: fetch> done ............................. packet: fetch> 0000 ............................. packet: fetch< packfile # the client received the packfile contains the objects ............................. >From file:///local/upstream.git * branch 5585e358b2a240ca8ed65a00008dbc865a1381c1 -> FETCH_HEAD ``` Protocol V2 does not limit the request to the advertised refs, and if we want to hide some refs, we need to hide the objects only reachable from them (for V2), but it truly has performance issue for some huge repository.