##// END OF EJS Templates
acl: improve undefined group error handling
acl: improve undefined group error handling

File last commit:

r11140:1f26cf0a default
r11140:1f26cf0a default
Show More
acl.py
250 lines | 8.2 KiB | text/x-python | PythonLexer
Vadim Gelfer
add acl extension, to limit who can push to subdirs of central repo.
r2344 # acl.py - changeset access control for mercurial
#
# Copyright 2006 Vadim Gelfer <vadim.gelfer@gmail.com>
#
Martin Geisler
updated license to be explicit about GPL version 2
r8225 # This software may be used and distributed according to the terms of the
Matt Mackall
Update license to GPLv2+
r10263 # GNU General Public License version 2 or any later version.
Dirkjan Ochtman
help: add/fix docstrings for a bunch of extensions
r8873
Dirkjan Ochtman
extensions: change descriptions for hook-providing extensions...
r8935 '''hooks for controlling repository access
Dirkjan Ochtman
help: add/fix docstrings for a bunch of extensions
r8873
Martin Geisler
acl: more consistent docstring
r11095 This hook makes it possible to allow or deny write access to given
branches and paths of a repository when receiving incoming changesets
via pretxnchangegroup and pretxncommit.
Martin Geisler
acl: wrap docstrings at 70 characters
r9250
The authorization is matched based on the local user name on the
system where the hook runs, and not the committer of the original
changeset (since the latter is merely informative).
Dirkjan Ochtman
help: add/fix docstrings for a bunch of extensions
r8873
Martin Geisler
acl: wrap docstrings at 70 characters
r9250 The acl hook is best used along with a restricted shell like hgsh,
Martin Geisler
acl: more consistent docstring
r11095 preventing authenticating users from doing anything other than pushing
or pulling. The hook is not safe to use if users have interactive
shell access, as they can then disable the hook. Nor is it safe if
remote users share an account, because then there is no way to
distinguish them.
Dirkjan Ochtman
help: add/fix docstrings for a bunch of extensions
r8873
Elifarley Callado Coelho Cruz
acl: add support for branch-based access control
r11092 The order in which access checks are performed is:
Martin Geisler
acl: fix reST syntax
r11094
1) Deny list for branches (section ``acl.deny.branches``)
2) Allow list for branches (section ``acl.allow.branches``)
3) Deny list for paths (section ``acl.deny``)
4) Allow list for paths (section ``acl.allow``)
Elifarley Callado Coelho Cruz
acl: updated doc string to reflect recent changes
r11042
Elifarley Callado Coelho Cruz
acl: add support for branch-based access control
r11092 The allow and deny sections take key-value pairs.
Martin Geisler
acl: fix reST syntax
r11094 Branch-based Access Control
---------------------------
Elifarley Callado Coelho Cruz
acl: add support for branch-based access control
r11092
Martin Geisler
acl: more consistent docstring
r11095 Use the ``acl.deny.branches`` and ``acl.allow.branches`` sections to
have branch-based access control. Keys in these sections can be
either:
Martin Geisler
acl: fix ReST syntax in docstring
r11057
Martin Geisler
acl: more consistent docstring
r11095 - a branch name, or
- an asterisk, to match any branch;
Elifarley Callado Coelho Cruz
acl: add support for branch-based access control
r11092
The corresponding values can be either:
Martin Geisler
acl: fix reST syntax
r11094
Martin Geisler
acl: more consistent docstring
r11095 - a comma-separated list containing users and groups, or
- an asterisk, to match anyone;
Elifarley Callado Coelho Cruz
acl: updated doc string to reflect recent changes
r11042
Martin Geisler
acl: fix reST syntax
r11094 Path-based Access Control
-------------------------
Elifarley Callado Coelho Cruz
acl: add support for branch-based access control
r11092
Martin Geisler
acl: more consistent docstring
r11095 Use the ``acl.deny`` and ``acl.allow`` sections to have path-based
access control. Keys in these sections accept a subtree pattern (with
a glob syntax by default). The corresponding values follow the same
syntax as the other sections above.
Elifarley Callado Coelho Cruz
acl: add support for branch-based access control
r11092
Martin Geisler
acl: fix reST syntax
r11094 Groups
------
Elifarley Callado Coelho Cruz
acl: add support for branch-based access control
r11092
Martin Geisler
acl: more consistent docstring
r11095 Group names must be prefixed with an ``@`` symbol. Specifying a group
name has the same effect as specifying all the users in that group.
Dirkjan Ochtman
help: add/fix docstrings for a bunch of extensions
r8873
Elifarley Callado Coelho Cruz
acl: update docstring to describe section [acl.groups]
r11115 You can define group members in the ``acl.groups`` section.
If a group name is not defined there, and Mercurial is running under
a Unix-like system, the list of users will be taken from the OS.
Otherwise, an exception will be raised.
Martin Geisler
acl: fix reST syntax
r11094 Example Configuration
---------------------
::
Dirkjan Ochtman
help: add/fix docstrings for a bunch of extensions
r8873
[hooks]
Elifarley Callado Coelho Cruz
acl: updated doc string to reflect recent changes
r11042
Elifarley Callado Coelho Cruz
acl: add support for branch-based access control
r11092 # Use this if you want to check access restrictions at commit time
Elifarley Callado Coelho Cruz
acl: updated doc string to reflect recent changes
r11042 pretxncommit.acl = python:hgext.acl.hook
Martin Geisler
acl: more consistent docstring
r11095 # Use this if you want to check access restrictions for pull, push,
# bundle and serve.
Dirkjan Ochtman
help: add/fix docstrings for a bunch of extensions
r8873 pretxnchangegroup.acl = python:hgext.acl.hook
[acl]
Patrick Mezard
acl: clarify acl.sources, fix typo
r11131 # Allow or deny access for incoming changes only if their source is
# listed here, let them pass otherwise. Source is "serve" for all
# remote access (http or ssh), "push", "pull" or "bundle" when the
# related commands are run locally.
# Default: serve
Cédric Duval
acl: help improvements...
r8893 sources = serve
Dirkjan Ochtman
help: add/fix docstrings for a bunch of extensions
r8873
Elifarley Callado Coelho Cruz
acl: add support for branch-based access control
r11092 [acl.deny.branches]
# Everyone is denied to the frozen branch:
frozen-branch = *
# A bad user is denied on all branches:
* = bad-user
[acl.allow.branches]
# A few users are allowed on branch-a:
branch-a = user-1, user-2, user-3
# Only one user is allowed on branch-b:
branch-b = user-1
# The super user is allowed on any branch:
* = super-user
# Everyone is allowed on branch-for-tests:
branch-for-tests = *
Elifarley Callado Coelho Cruz
acl: updated doc string to reflect recent changes
r11042 [acl.deny]
Martin Geisler
acl: more consistent docstring
r11095 # This list is checked first. If a match is found, acl.allow is not
# checked. All users are granted access if acl.deny is not present.
# Format for both lists: glob pattern = user, ..., @group, ...
Elifarley Callado Coelho Cruz
acl: updated doc string to reflect recent changes
r11042
# To match everyone, use an asterisk for the user:
# my/glob/pattern = *
# user6 will not have write access to any file:
** = user6
# Group "hg-denied" will not have write access to any file:
** = @hg-denied
Martin Geisler
acl: more consistent docstring
r11095 # Nobody will be able to change "DONT-TOUCH-THIS.txt", despite
# everyone being able to change all other files. See below.
Elifarley Callado Coelho Cruz
acl: updated doc string to reflect recent changes
r11042 src/main/resources/DONT-TOUCH-THIS.txt = *
Dirkjan Ochtman
help: add/fix docstrings for a bunch of extensions
r8873
[acl.allow]
Patrick Mezard
acl: clarify acl.sources, fix typo
r11131 # if acl.allow is not present, all users are allowed by default
Elifarley Callado Coelho Cruz
acl: updated doc string to reflect recent changes
r11042 # empty acl.allow = no users allowed
Martin Geisler
acl: more consistent docstring
r11095 # User "doc_writer" has write access to any file under the "docs"
# folder:
Dirkjan Ochtman
help: add/fix docstrings for a bunch of extensions
r8873 docs/** = doc_writer
Elifarley Callado Coelho Cruz
acl: updated doc string to reflect recent changes
r11042
Martin Geisler
acl: more consistent docstring
r11095 # User "jack" and group "designers" have write access to any file
# under the "images" folder:
Elifarley Callado Coelho Cruz
acl: updated doc string to reflect recent changes
r11042 images/** = jack, @designers
Martin Geisler
acl: more consistent docstring
r11095 # Everyone (except for "user6" - see acl.deny above) will have write
# access to any file under the "resources" folder (except for 1
# file. See acl.deny):
Elifarley Callado Coelho Cruz
acl: updated doc string to reflect recent changes
r11042 src/main/resources/** = *
Dirkjan Ochtman
help: add/fix docstrings for a bunch of extensions
r8873 .hgtags = release_engineer
'''
Vadim Gelfer
add acl extension, to limit who can push to subdirs of central repo.
r2344
Matt Mackall
Simplify i18n imports
r3891 from mercurial.i18n import _
Matt Mackall
match: change all users of util.matcher to match.match
r8566 from mercurial import util, match
Patrick Mezard
acl: grp module is not available on windows
r11138 import getpass, urllib
Elifarley Callado Coelho Cruz
acl: add support for OS-level groups using @group syntax
r11041
Elifarley Callado Coelho Cruz
acl: support for group definitions in section [acl.groups], which take precedence over OS-level groups
r11114 def _getusers(ui, group):
# First, try to use group definition from section [acl.groups]
hgrcusers = ui.configlist('acl.groups', group)
if hgrcusers:
return hgrcusers
ui.debug('acl: "%s" not defined in [acl.groups]\n' % group)
# If no users found in group definition, get users from OS-level group
Patrick Mezard
acl: improve undefined group error handling
r11140 try:
return util.groupmembers(group)
except KeyError:
raise util.Abort(_("group '%s' is undefined") % group)
Elifarley Callado Coelho Cruz
acl: add support for OS-level groups using @group syntax
r11041
Elifarley Callado Coelho Cruz
acl: support for group definitions in section [acl.groups], which take precedence over OS-level groups
r11114 def _usermatch(ui, user, usersorgroups):
Elifarley Callado Coelho Cruz
acl: add support for OS-level groups using @group syntax
r11041
if usersorgroups == '*':
return True
for ug in usersorgroups.replace(',', ' ').split():
Elifarley Callado Coelho Cruz
acl: support for group definitions in section [acl.groups], which take precedence over OS-level groups
r11114 if user == ug or ug.find('@') == 0 and user in _getusers(ui, ug[1:]):
Elifarley Callado Coelho Cruz
acl: add support for OS-level groups using @group syntax
r11041 return True
return False
Vadim Gelfer
add acl extension, to limit who can push to subdirs of central repo.
r2344
Matt Mackall
acl: refactoring...
r6766 def buildmatch(ui, repo, user, key):
'''return tuple of (match function, list enabled).'''
if not ui.has_section(key):
Martin Geisler
do not attempt to translate ui.debug output
r9467 ui.debug('acl: %s not enabled\n' % key)
Matt Mackall
acl: refactoring...
r6766 return None
Vadim Gelfer
add acl extension, to limit who can push to subdirs of central repo.
r2344
Matt Mackall
acl: refactoring...
r6766 pats = [pat for pat, users in ui.configitems(key)
Elifarley Callado Coelho Cruz
acl: support for group definitions in section [acl.groups], which take precedence over OS-level groups
r11114 if _usermatch(ui, user, users)]
Martin Geisler
do not attempt to translate ui.debug output
r9467 ui.debug('acl: %s enabled, %d entries for user %s\n' %
Matt Mackall
acl: refactoring...
r6766 (key, len(pats), user))
Elifarley Callado Coelho Cruz
acl: add support for branch-based access control
r11092
if not repo:
if pats:
return lambda b: '*' in pats or b in pats
return lambda b: False
Matt Mackall
acl: refactoring...
r6766 if pats:
Matt Mackall
match: add some default args
r8567 return match.match(repo.root, '', pats)
Matt Mackall
match: remove match.never...
r8682 return match.exact(repo.root, '', [])
Matt Mackall
match: change all users of util.matcher to match.match
r8566
Vadim Gelfer
add acl extension, to limit who can push to subdirs of central repo.
r2344
def hook(ui, repo, hooktype, node=None, source=None, **kwargs):
Elifarley Callado Coelho Cruz
Added support for 'pretxncommit', so that one can call the ACL hook at...
r10955 if hooktype not in ['pretxnchangegroup', 'pretxncommit']:
Vadim Gelfer
add acl extension, to limit who can push to subdirs of central repo.
r2344 raise util.Abort(_('config error - hook type "%s" cannot stop '
Elifarley Callado Coelho Cruz
Added support for 'pretxncommit', so that one can call the ACL hook at...
r10955 'incoming changesets nor commits') % hooktype)
if (hooktype == 'pretxnchangegroup' and
source not in ui.config('acl', 'sources', 'serve').split()):
Martin Geisler
do not attempt to translate ui.debug output
r9467 ui.debug('acl: changes have source "%s" - skipping\n' % source)
Vadim Gelfer
add acl extension, to limit who can push to subdirs of central repo.
r2344 return
Henrik Stuart
acl: support for getting authenticated user from web server (issue298)...
r8846 user = None
if source == 'serve' and 'url' in kwargs:
url = kwargs['url'].split(':')
if url[0] == 'remote' and url[1].startswith('http'):
Henrik Stuart
acl: read correct index into url for username (issue298)...
r9018 user = urllib.unquote(url[3])
Henrik Stuart
acl: support for getting authenticated user from web server (issue298)...
r8846
if user is None:
user = getpass.getuser()
Matt Mackall
acl: refactoring...
r6766 cfg = ui.config('acl', 'config')
if cfg:
Elifarley Callado Coelho Cruz
acl: support for group definitions in section [acl.groups], which take precedence over OS-level groups
r11114 ui.readconfig(cfg, sections = ['acl.groups', 'acl.allow.branches',
Elifarley Callado Coelho Cruz
acl: add support for branch-based access control
r11092 'acl.deny.branches', 'acl.allow', 'acl.deny'])
allowbranches = buildmatch(ui, None, user, 'acl.allow.branches')
denybranches = buildmatch(ui, None, user, 'acl.deny.branches')
Matt Mackall
acl: refactoring...
r6766 allow = buildmatch(ui, repo, user, 'acl.allow')
deny = buildmatch(ui, repo, user, 'acl.deny')
for rev in xrange(repo[node], len(repo)):
ctx = repo[rev]
Elifarley Callado Coelho Cruz
acl: add support for branch-based access control
r11092 branch = ctx.branch()
if denybranches and denybranches(branch):
raise util.Abort(_('acl: user "%s" denied on branch "%s"'
' (changeset "%s")')
% (user, branch, ctx))
if allowbranches and not allowbranches(branch):
raise util.Abort(_('acl: user "%s" not allowed on branch "%s"'
' (changeset "%s")')
% (user, branch, ctx))
ui.debug('acl: branch access granted: "%s" on branch "%s"\n'
% (ctx, branch))
Matt Mackall
acl: refactoring...
r6766 for f in ctx.files():
if deny and deny(f):
Martin Geisler
do not attempt to translate ui.debug output
r9467 ui.debug('acl: user %s denied on %s\n' % (user, f))
Matt Mackall
acl: refactoring...
r6766 raise util.Abort(_('acl: access denied for changeset %s') % ctx)
if allow and not allow(f):
Martin Geisler
do not attempt to translate ui.debug output
r9467 ui.debug('acl: user %s not allowed on %s\n' % (user, f))
Matt Mackall
acl: refactoring...
r6766 raise util.Abort(_('acl: access denied for changeset %s') % ctx)
Martin Geisler
do not attempt to translate ui.debug output
r9467 ui.debug('acl: allowing changeset %s\n' % ctx)