是否可以通过高级访问控制来实现GIT工作流程?
[英]Is it possbile to achive GIT Workflow with advanced access control?
问题描述
I am in progress of searching efficient way to use GIT work-flow with advanced access permissions. 
我正在寻找一种有效的方式来使用具有高级访问权限的GIT工作流程。 The work flow is this: http://nvie.com/posts/a-successful-git-branching-model/ but simpler alternative can be taken in order to understand the actual requirement which is described in the next paragraph. 工作流程如下: http : //nvie.com/posts/a-successful-git-branching-model/,但是可以采用更简单的替代方法来理解实际需求,这将在下一段中描述。
What seems I need is to configure each developer with file/directory permissions (may not include "list" permission but only read and write if no "read" permission means that the DEV will not see the file/directory at all). 我似乎需要为每个开发人员配置文件/目录权限(可能不包括“列表”权限,但只有在没有“读取”权限的情况下才进行读写,这意味着DEV根本看不到文件/目录)。 That way I will be able to share enough but limited part of software with a developer. 这样,我将能够与开发人员共享足够但有限的软件部分。 The second important thing is that he should still be able to send pull requests for merge but only with the source addition and/or modification in the allowed directories/files. 第二个重要的事情是,他应该仍然能够发送合并请求,但仅允许在允许的目录/文件中添加和/或修改源代码。
To aggregate the question: is there any way to use given GIT Workflow with the ability to share partially the repository and still use the full potential of GIT repository. 总结一下这个问题:有没有办法使用给定的GIT工作流,使其能够部分共享存储库并仍然充分利用GIT存储库的全部潜力。 Git modules and subtree is not efficient and seems for another use-cases because they will sacrifice the repository power. Git模块和子树效率不高,似乎在另一个用例中,因为它们会牺牲存储库的功能。
1 个解决方案
解决方案1
1 2017-08-29 17:20:30
There is no support for directory-level permissions in git. git中不支持目录级权限。 Access is generally controlled by something outside git (filesystem ACLs, web server authentication, permissions managed by GitHub, GitLab, TFS, Bitbucket, ...) but even at that, a commit is a more or less atomic unit and I've never heard of any git host that will try to provide access control within a commit. 访问通常是由git之外的东西(文件系统ACL,Web服务器身份验证,由GitHub,GitLab,TFS,Bitbucket等管理的权限)控制的,但是即便如此,提交还是一个或多或少的原子单位,我从来没有听说有任何git主机将尝试在提交中提供访问控制。
If you want different users to have access to different parts of the project, the only solution I can think of is to use multiple repos. 如果您希望不同的用户有权访问项目的不同部分,那么我能想到的唯一解决方案就是使用多个存储库。
If you can divide that along directory lines, you might be able to set something up with subtrees or submodules so that you can have your "full access" repo pull everything together automatically. 如果可以沿目录行将其划分,则可能可以使用子树或子模块进行设置,以便可以让“完全访问”存储库自动将所有内容组合在一起。 That won't be seamless, but you can probably make something work. 那不是无缝的,但是您可能可以使某些事情起作用。
If that kind of division isn't feasible, then the problem is much bigger. 如果这种划分不可行,那么问题就更大了。 In this scenario, Version X of the full project is necessarily a separate commit vs. Version X of the subset of files available to the developer. 在这种情况下,完整项目的版本X必须是单独的提交,而开发人员可以使用的文件子集的版本X是。 Your "full access" repo can keep both sets of commits, but syncing changes between the two is still a very significant exercise. 您的“完全访问权限”存储库可以保留两组提交,但是同步两者之间的更改仍然是一项非常重要的工作。
You can impose whatever kind of controls you want on pushes back into your repository (using hooks); 您可以强加任何想要将其推回存储库中的控件(使用钩子)。 but if the rule is that the developer can't see or even be aware of some files, it's simply not something you'll do easily with git. 但是如果规则是开发人员看不到甚至不知道某些文件,那么使用git并不是一件容易的事情。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.