--- /dev/null
+# Add this to the bottom of your /etc/gitweb.conf file.
+# When the web server can provide an authenticated remote_user, this function
+# will ensure that user sees only those git repositories for which they have
+# read permission according to {git_root}/.gitacls.
+
+$username = $cgi->remote_user;
+$export_auth_hook = sub {
+ chomp($root = `grep git_root /etc/repo_shell.conf 2>/dev/null`);
+ $root =~ s|^[^=]*=\s*(.*)$|\1|;
+ $root =~ s|^(.*)/$|\1|;
+ $_[0] =~ s|^$root/(.*)|\1|;
+ return `repo_shell -t "$username" "$_[0]"` =~ /r/;
+};