#!/bin/sh

# This script allows you to have only one 'darcs' unix account and add several
# virtual darcs users with read-only or read-write permisson. First ask for an
# ssh public key and when adding it to authorized_keys, use the following
# format:
#
# command="darcs-shell username" <original key>
#
# Access is governed by this file. Use the following format (do not forget the
# trailing slash):
# 
# user1:/path/to/repo/:rw
# user2:/path/to/repo2/:r

access='/usr/local/darcs/access'

# Written by CSÉCSY László <boobaa () frugalware ! org>
# Based on http://git.frugalware.org/repos/vmexam/git/git-shell2
#
# This is free software; you can redistribute it and/or modify it under the
# terms of the GNU General Public License as published by the Free Software
# Foundation, either version 2 of the License, or (at your option) any later
# version.

# This script is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
# more details.

# You should have received a copy of the GNU General Public License along with
# this program. If not, see <http://www.gnu.org/licenses/>.

user=$(echo ${BASH_ARGV[0]} | cut -d' ' -f2)

if [ "x" = "x${user}" ]; then
    echo "No user supplied in authorized_keys" | logger -t darcs-shell
    exit 1
fi

if [ "x${SSH_ORIGINAL_COMMAND}" = "x" ]; then
    echo "SSH_ORIGINAL_COMMAND must be given" | logger -t darcs-shell
    exit 1
fi

if [ ! -f ${access} ]; then
    echo "Access control file ${access} does not exist!" | logger -t darcs-shell
    exit 1
fi

command=$(echo ${SSH_ORIGINAL_COMMAND} | cut -d' ' -f2)

acctype=''
if [ "x${command}" == "xtransfer-mode" ]; then
    acctype='r[^w]*'
    repo=$(echo ${SSH_ORIGINAL_COMMAND} | cut -d' ' -f4)
elif [ "x${command}" == "xapply" ]; then
    acctype='rw'
    repo=$(echo ${SSH_ORIGINAL_COMMAND} | cut -d' ' -f5 | cut -d\' -f2)/
    command="${command} --all"
else
    echo "Unknown command" | logger -t darcs-shell
    exit 1
fi

# Uncomment this to have extra debug info.
#echo "user: ${user} command: ${command} repo: ${repo} access: ${acctype}" | logger -t darcs-shell

if ! grep "${user}:${repo}:${acctype}" ${access} > /dev/null; then
    echo "No access granted for user ${user} to repository ${repo}" | logger -t darcs-shell
    exit 1
fi

if [ ! -d ${repo} ]; then
    echo "No such repository hosted" | logger -t darcs-shell
    exit 1
fi

darcs ${command} --repodir ${repo}