access: fallthru in VREFs needs fixing

Björn Kautler pointed out that for VREFs suffering fallthru, the
interpretation of the result of access would be wrong.

Initially, I was reluctant to make that adjustment here.  The 'access'
command is meant to be just a shell entry point for the access()
function, nothing more, so bringing in adjustments that occur elsewhere
in gitolite would not be right.

But it makes automated testing for VREF rules more difficult (and VREFs
are already hard enough for most people to understand), so I caved.

Hopefully this won't turn into a slippery slope...

1 files changed, 4 insertions, 1 deletions

diff --git a/src/commands/access b/src/commands/access
index d354f4d..7d4a5b9 100755
--- a/src/commands/access
+++ b/src/commands/access
@@ -61,6 +61,9 @@ if ( $repo ne '%' and $user ne '%' ) {
 
     show($ret) if $s;
 
+    # adjust for fallthru in VREFs
+    $ret =~ s/DENIED by fallthru/allowed by fallthru/ if $ref =~ m(^VREF/);
+
     if ( $ret =~ /DENIED/ ) {
         print "$ret\n" unless $q;
         exit 1;
@@ -104,7 +107,7 @@ sub show {
     p => skipped due to perm (W, +, etc) not matching,
     D => explicitly denied,
     A => explicitly allowed,
-    F => denied due to fallthru (no rules matched)
+    F => fallthru; access denied for normal refs, allowed for VREFs
 
 ";