From 83e407b07fe6dd2523e7e2b5fb838257e36dff2b Mon Sep 17 00:00:00 2001
From: Kevin Lyda <kevin@ie.suberic.net>
Date: Thu, 2 Feb 2017 19:17:50 +0000
Subject: [PATCH] First pass at supporting templates in permissions.

This allows permissions to have `{user}` variables in them. This
would be useful for applications that use the `force-command`
permission for example:

force-command="/bin/gitolite-shell {user}"
---
 server/signer/signer.go | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/server/signer/signer.go b/server/signer/signer.go
index 2a15849d..00eab608 100644
--- a/server/signer/signer.go
+++ b/server/signer/signer.go
@@ -10,6 +10,7 @@ import (
 	"go4.org/wkfs"
 	_ "go4.org/wkfs/gcs" // Register "/gcs/" as a wkfs.
 
+	"github.com/delicb/gstring"
 	"github.com/nsheridan/cashier/lib"
 	"github.com/nsheridan/cashier/server/config"
 	"github.com/nsheridan/cashier/server/store"
@@ -38,7 +39,8 @@ type KeySigner struct {
 func (s *KeySigner) setPermissions(cert *ssh.Certificate) {
 	cert.CriticalOptions = make(map[string]string)
 	cert.Extensions = make(map[string]string)
-	for _, perm := range s.permissions {
+	for _, p := range s.permissions {
+		perm := gstring.Sprintm(p, map[string]interface{}{"user": cert.ValidPrincipals[0]})
 		if strings.Contains(perm, "=") {
 			opt := strings.Split(perm, "=")
 			cert.CriticalOptions[strings.TrimSpace(opt[0])] = strings.TrimSpace(opt[1])
-- 
GitLab