0

I am trying to add a second pre-commit script and it seems not to be catching when I place it in the hook.

The first script basically locks a file from being editing. The second script look at a path and compares a string value to a file that is being committed and if it matches then it will error. 

#!/bin/sh
REPOS="$1"
TXN="$2"
GREP=/bin/grep
SED=/bin/sed
AWK=/usr/bin/awk
SVNLOOK=/usr/bin/svnlook
AUTHOR=`$SVNLOOK author -t "$TXN" "$REPOS"`

if [ "$AUTHOR" == "testuser" ]; then
exit 0
fi
if [ "$AUTHOR" == "" ]; then
exit 0
fi

CHANGED=`$SVNLOOK changed -t "$TXN" "$REPOS" | $GREP "^[U|A]" | $AWK '{print $2}'`
COMPARE=`$SVNLOOK diff -t "$TXN" "$REPOS"`
#Operation 001 Beginning
#Restrict users from commiting against testfile
for PATH in $CHANGED
do

if [[ "$PATH" == *path/to/file/testfile.txt ]]; then

    #allow testuser to have universal commit permissions in this path.
    if [ "$AUTHOR" == "testuser" ]; then
        exit 0
    else
        #User is trying to modify testfile.txt
         echo "Only testuser can edit testfile.txt." 1>&2
         exit 1
    fi
fi

done
#Operation 001 Completed

#Operation 002 Beginning
#Restrict commits based on string found in file
for PATH in $COMPARE
do

if [[ "$PATH" == *path/to/look/at/only/* ]]; then

$SVNLOOK diff -t "$TXN" "$REPOS" | egrep 'string1|string2|string3' > /dev/null && { echo "Cannot commit using string1, string2 or string3 in files trying to commit" 1>&2; exit 1; }
else exit 0;

fi
done
#Operation 002 Completed

It keeps successfully committing the file even though the string is present. Any ideas why it wouldn't be catching it?

John Evans
  • 3
  • 1
  • What do you mean *second* hook? You can use only *one* pre-commit hook. – uzsolt May 31 '18 at 08:36
  • Sorry my writing is poor. I have one hook but want to add a second script in addition to the one that is already in the hook and verified working. – John Evans May 31 '18 at 12:38
  • Oh, understand :) – uzsolt May 31 '18 at 13:31
  • What is your `/bin/sh`? The `[[` is a bashism, so maybe doesn't work with `/bin/sh`. And doesn't good idea to use `PATH` variable as a temporary variable (in for loops). And IMHO the `*path/to/file/testfile.txt` doesn't work as you expect. – uzsolt May 31 '18 at 13:39

1 Answers1

0

Your first test:

if [ "$AUTHOR" == "testuser" ]; then
exit 0
fi

It causes an abort (with zero exit value) if the AUTHOR is testuser!

So your second test:

 if [ "$AUTHOR" == "testuser" ]; then
        exit 0
 else
        #User is trying to modify testfile.txt
         echo "Only testuser can edit testfile.txt." 1>&2
         exit 1
 fi

It's unnecessary because at this point the AUTHOR isn't testuser!

And maybe would better instead of your for-loop:

if $SVNLOOK changed -t "$TXN" "$REPOS" | $GREP "^[U|A]" | $AWK '{print $2}' | grep -q 'path/to/file/testfile.txt'; then
  echo "Only testuser can edit testfile.txt." 1>&2
  exit 1
fi

The if [[ "$PATH" == *path/to/file/testfile.txt ]]; then test doesn't work because this test doesn't understand shell variables (and would better enclose between quotation marks because of *).

And I would replace the

for PATH in $COMPARE
do

if [[ "$PATH" == *path/to/look/at/only/* ]]; then

part to 

if echo ${COMPARE} | grep -q "path/to/look/at/only"; then
uzsolt
  • 5,832
  • 2
  • 20
  • 32
  • Thank you for the help. I'm going to play around with it and see if i can get it to flag the string values now if they edit a file in that location. thank you! – John Evans May 31 '18 at 14:57
  • Yes! Thank you. Just a brief test but it seems to be working. I will have to do more extensive testing but I got it for the most part. Thank you so much. if echo ${COMPARE} | grep -q "path/to/file"; then if echo ${COMPARE} | egrep "string1"; then echo "file contains string1" 1>&2 exit 1 else exit 0 fi fi – John Evans May 31 '18 at 15:10