upstream/mercurial-mirror Files · hgext/acl.py

cvs: skip bad tags...

cvs: skip bad tags If the CVS repo somehow has a symbolic name that references a revision consisting of a single number (e.g. BAD_TAG: 1), convert will fail when attempting to find the branches, preventing the initial import from working. This patch skips those symbolic names--without warning.

Elifarley Callado Coelho Cruz - - Load All Authors

File last commit:

r10801:fcfe2e50 stable


                r10950:278d4570

stable

Download file

             acl.py
        
                    106 lines
            
             | 3.8 KiB
            
                | text/x-python
            
             |
                PythonLexer
            
             / hgext / acl.py
          
                    History
                
                 |
                  Source
                 | Raw
                 |Copy content
                 |Copy permalink

        Vadim Gelfer
    
add acl extension, to limit who can push to subdirs of central repo.

              r2344
            
      # acl.py - changeset access control for mercurial

      #

      # Copyright 2006 Vadim Gelfer <vadim.gelfer@gmail.com>

      #

        Martin Geisler
    
updated license to be explicit about GPL version 2

              r8225
            
      # This software may be used and distributed according to the terms of the

        Matt Mackall
    
Update license to GPLv2+

              r10263
            
      # GNU General Public License version 2 or any later version.

        Dirkjan Ochtman
    
help: add/fix docstrings for a bunch of extensions

              r8873
            
        Dirkjan Ochtman
    
extensions: change descriptions for hook-providing extensions...

              r8935
            
      '''hooks for controlling repository access

        Dirkjan Ochtman
    
help: add/fix docstrings for a bunch of extensions

              r8873
            
        Martin Geisler
    
acl: wrap docstrings at 70 characters

              r9250
            
      This hook makes it possible to allow or deny write access to portions

      of a repository when receiving incoming changesets.

      The authorization is matched based on the local user name on the

      system where the hook runs, and not the committer of the original

      changeset (since the latter is merely informative).

        Dirkjan Ochtman
    
help: add/fix docstrings for a bunch of extensions

              r8873
            
        Martin Geisler
    
acl: wrap docstrings at 70 characters

              r9250
            
      The acl hook is best used along with a restricted shell like hgsh,

      preventing authenticating users from doing anything other than

      pushing or pulling. The hook is not safe to use if users have

      interactive shell access, as they can then disable the hook.

      Nor is it safe if remote users share an account, because then there

      is no way to distinguish them.

        Dirkjan Ochtman
    
help: add/fix docstrings for a bunch of extensions

              r8873
            
        Martin Geisler
    
acl: use reST syntax for literal blocks

              r9201
            
      To use this hook, configure the acl extension in your hgrc like this::

        Dirkjan Ochtman
    
help: add/fix docstrings for a bunch of extensions

              r8873
            
        [extensions]

        Martin Geisler
    
hgext: enable extensions without "hgext." prefix in help texts

              r10112
            
        acl =

        Dirkjan Ochtman
    
help: add/fix docstrings for a bunch of extensions

              r8873
            
        [hooks]

        pretxnchangegroup.acl = python:hgext.acl.hook

        [acl]

        Cédric Duval
    
acl: help improvements...

              r8893
            
        # Check whether the source of incoming changes is in this list

        # ("serve" == ssh or http, "push", "pull", "bundle")

        sources = serve

        Dirkjan Ochtman
    
help: add/fix docstrings for a bunch of extensions

              r8873
            
        Martin Geisler
    
acl: wrap docstrings at 70 characters

              r9250
            
      The allow and deny sections take a subtree pattern as key (with a glob

      syntax by default), and a comma separated list of users as the

      corresponding value. The deny list is checked before the allow list

      is. ::

        Dirkjan Ochtman
    
help: add/fix docstrings for a bunch of extensions

              r8873
            
        [acl.allow]

        Cédric Duval
    
acl: help improvements...

              r8893
            
        # If acl.allow is not present, all users are allowed by default.

        # An empty acl.allow section means no users allowed.

        Dirkjan Ochtman
    
help: add/fix docstrings for a bunch of extensions

              r8873
            
        docs/** = doc_writer

        .hgtags = release_engineer

        [acl.deny]

        Cédric Duval
    
acl: help improvements...

              r8893
            
        # If acl.deny is not present, no users are refused by default.

        # An empty acl.deny section means all users allowed.

        Dirkjan Ochtman
    
help: add/fix docstrings for a bunch of extensions

              r8873
            
        glob pattern = user4, user5

         ** = user6

      '''

        Vadim Gelfer
    
add acl extension, to limit who can push to subdirs of central repo.

              r2344
            
        Matt Mackall
    
Simplify i18n imports

              r3891
            
      from mercurial.i18n import _

        Matt Mackall
    
match: change all users of util.matcher to match.match

              r8566
            
      from mercurial import util, match

        Henrik Stuart
    
acl: support for getting authenticated user from web server (issue298)...

              r8846
            
      import getpass, urllib

        Vadim Gelfer
    
add acl extension, to limit who can push to subdirs of central repo.

              r2344
            
        Matt Mackall
    
acl: refactoring...

              r6766
            
      def buildmatch(ui, repo, user, key):

          '''return tuple of (match function, list enabled).'''

          if not ui.has_section(key):

        Martin Geisler
    
do not attempt to translate ui.debug output

              r9467
            
              ui.debug('acl: %s not enabled\n' % key)

        Matt Mackall
    
acl: refactoring...

              r6766
            
              return None

        Vadim Gelfer
    
add acl extension, to limit who can push to subdirs of central repo.

              r2344
            
        Matt Mackall
    
acl: refactoring...

              r6766
            
          pats = [pat for pat, users in ui.configitems(key)

        Elifarley Callado Coelho Cruz
    
Added support for 'everybody ' (using an asterisk) in user list.

              r10801
            
                  if users == '*' or user in users.replace(',', ' ').split()]

        Martin Geisler
    
do not attempt to translate ui.debug output

              r9467
            
          ui.debug('acl: %s enabled, %d entries for user %s\n' %

        Matt Mackall
    
acl: refactoring...

              r6766
            
                   (key, len(pats), user))

          if pats:

        Matt Mackall
    
match: add some default args

              r8567
            
              return match.match(repo.root, '', pats)

        Matt Mackall
    
match: remove match.never...

              r8682
            
          return match.exact(repo.root, '', [])

        Matt Mackall
    
match: change all users of util.matcher to match.match

              r8566
            
        Vadim Gelfer
    
add acl extension, to limit who can push to subdirs of central repo.

              r2344
            
      def hook(ui, repo, hooktype, node=None, source=None, **kwargs):

          if hooktype != 'pretxnchangegroup':

              raise util.Abort(_('config error - hook type "%s" cannot stop '

                                 'incoming changesets') % hooktype)

        Matt Mackall
    
acl: refactoring...

              r6766
            
          if source not in ui.config('acl', 'sources', 'serve').split():

        Martin Geisler
    
do not attempt to translate ui.debug output

              r9467
            
              ui.debug('acl: changes have source "%s" - skipping\n' % source)

        Vadim Gelfer
    
add acl extension, to limit who can push to subdirs of central repo.

              r2344
            
              return

        Henrik Stuart
    
acl: support for getting authenticated user from web server (issue298)...

              r8846
            
          user = None

          if source == 'serve' and 'url' in kwargs:

              url = kwargs['url'].split(':')

              if url[0] == 'remote' and url[1].startswith('http'):

        Henrik Stuart
    
acl: read correct index into url for username (issue298)...

              r9018
            
                  user = urllib.unquote(url[3])

        Henrik Stuart
    
acl: support for getting authenticated user from web server (issue298)...

              r8846
            
          if user is None:

              user = getpass.getuser()

        Matt Mackall
    
acl: refactoring...

              r6766
            
          cfg = ui.config('acl', 'config')

          if cfg:

        Matt Mackall
    
ui: fold readsections into readconfig...

              r8142
            
              ui.readconfig(cfg, sections = ['acl.allow', 'acl.deny'])

        Matt Mackall
    
acl: refactoring...

              r6766
            
          allow = buildmatch(ui, repo, user, 'acl.allow')

          deny = buildmatch(ui, repo, user, 'acl.deny')

          for rev in xrange(repo[node], len(repo)):

              ctx = repo[rev]

              for f in ctx.files():

                  if deny and deny(f):

        Martin Geisler
    
do not attempt to translate ui.debug output

              r9467
            
                      ui.debug('acl: user %s denied on %s\n' % (user, f))

        Matt Mackall
    
acl: refactoring...

              r6766
            
                      raise util.Abort(_('acl: access denied for changeset %s') % ctx)

                  if allow and not allow(f):

        Martin Geisler
    
do not attempt to translate ui.debug output

              r9467
            
                      ui.debug('acl: user %s not allowed on %s\n' % (user, f))

        Matt Mackall
    
acl: refactoring...

              r6766
            
                      raise util.Abort(_('acl: access denied for changeset %s') % ctx)

        Martin Geisler
    
do not attempt to translate ui.debug output

              r9467
            
              ui.debug('acl: allowing changeset %s\n' % ctx)

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

Vadim Gelfer add acl extension, to limit who can push to subdirs of central repo.	r2344	# acl.py - changeset access control for mercurial
		#
		# Copyright 2006 Vadim Gelfer <vadim.gelfer@gmail.com>
		#
Martin Geisler updated license to be explicit about GPL version 2	r8225	# This software may be used and distributed according to the terms of the
Matt Mackall Update license to GPLv2+	r10263	# GNU General Public License version 2 or any later version.
Dirkjan Ochtman help: add/fix docstrings for a bunch of extensions	r8873
Dirkjan Ochtman extensions: change descriptions for hook-providing extensions...	r8935	'''hooks for controlling repository access
Dirkjan Ochtman help: add/fix docstrings for a bunch of extensions	r8873
Martin Geisler acl: wrap docstrings at 70 characters	r9250	This hook makes it possible to allow or deny write access to portions
		of a repository when receiving incoming changesets.

		The authorization is matched based on the local user name on the
		system where the hook runs, and not the committer of the original
		changeset (since the latter is merely informative).
Dirkjan Ochtman help: add/fix docstrings for a bunch of extensions	r8873
Martin Geisler acl: wrap docstrings at 70 characters	r9250	The acl hook is best used along with a restricted shell like hgsh,
		preventing authenticating users from doing anything other than
		pushing or pulling. The hook is not safe to use if users have
		interactive shell access, as they can then disable the hook.
		Nor is it safe if remote users share an account, because then there
		is no way to distinguish them.
Dirkjan Ochtman help: add/fix docstrings for a bunch of extensions	r8873
Martin Geisler acl: use reST syntax for literal blocks	r9201	To use this hook, configure the acl extension in your hgrc like this::
Dirkjan Ochtman help: add/fix docstrings for a bunch of extensions	r8873
		[extensions]
Martin Geisler hgext: enable extensions without "hgext." prefix in help texts	r10112	acl =
Dirkjan Ochtman help: add/fix docstrings for a bunch of extensions	r8873
		[hooks]
		pretxnchangegroup.acl = python:hgext.acl.hook

		[acl]
Cédric Duval acl: help improvements...	r8893	# Check whether the source of incoming changes is in this list
		# ("serve" == ssh or http, "push", "pull", "bundle")
		sources = serve
Dirkjan Ochtman help: add/fix docstrings for a bunch of extensions	r8873
Martin Geisler acl: wrap docstrings at 70 characters	r9250	The allow and deny sections take a subtree pattern as key (with a glob
		syntax by default), and a comma separated list of users as the
		corresponding value. The deny list is checked before the allow list
		is. ::
Dirkjan Ochtman help: add/fix docstrings for a bunch of extensions	r8873
		[acl.allow]
Cédric Duval acl: help improvements...	r8893	# If acl.allow is not present, all users are allowed by default.
		# An empty acl.allow section means no users allowed.
Dirkjan Ochtman help: add/fix docstrings for a bunch of extensions	r8873	docs/** = doc_writer
		.hgtags = release_engineer

		[acl.deny]
Cédric Duval acl: help improvements...	r8893	# If acl.deny is not present, no users are refused by default.
		# An empty acl.deny section means all users allowed.
Dirkjan Ochtman help: add/fix docstrings for a bunch of extensions	r8873	glob pattern = user4, user5
		** = user6
		'''
Vadim Gelfer add acl extension, to limit who can push to subdirs of central repo.	r2344
Matt Mackall Simplify i18n imports	r3891	from mercurial.i18n import _
Matt Mackall match: change all users of util.matcher to match.match	r8566	from mercurial import util, match
Henrik Stuart acl: support for getting authenticated user from web server (issue298)...	r8846	import getpass, urllib
Vadim Gelfer add acl extension, to limit who can push to subdirs of central repo.	r2344
Matt Mackall acl: refactoring...	r6766	def buildmatch(ui, repo, user, key):
		'''return tuple of (match function, list enabled).'''
		if not ui.has_section(key):
Martin Geisler do not attempt to translate ui.debug output	r9467	ui.debug('acl: %s not enabled\n' % key)
Matt Mackall acl: refactoring...	r6766	return None
Vadim Gelfer add acl extension, to limit who can push to subdirs of central repo.	r2344
Matt Mackall acl: refactoring...	r6766	pats = [pat for pat, users in ui.configitems(key)
Elifarley Callado Coelho Cruz Added support for 'everybody ' (using an asterisk) in user list.	r10801	if users == '*' or user in users.replace(',', ' ').split()]
Martin Geisler do not attempt to translate ui.debug output	r9467	ui.debug('acl: %s enabled, %d entries for user %s\n' %
Matt Mackall acl: refactoring...	r6766	(key, len(pats), user))
		if pats:
Matt Mackall match: add some default args	r8567	return match.match(repo.root, '', pats)
Matt Mackall match: remove match.never...	r8682	return match.exact(repo.root, '', [])
Matt Mackall match: change all users of util.matcher to match.match	r8566
Vadim Gelfer add acl extension, to limit who can push to subdirs of central repo.	r2344
		def hook(ui, repo, hooktype, node=None, source=None, **kwargs):
		if hooktype != 'pretxnchangegroup':
		raise util.Abort(_('config error - hook type "%s" cannot stop '
		'incoming changesets') % hooktype)
Matt Mackall acl: refactoring...	r6766	if source not in ui.config('acl', 'sources', 'serve').split():
Martin Geisler do not attempt to translate ui.debug output	r9467	ui.debug('acl: changes have source "%s" - skipping\n' % source)
Vadim Gelfer add acl extension, to limit who can push to subdirs of central repo.	r2344	return

Henrik Stuart acl: support for getting authenticated user from web server (issue298)...	r8846	user = None
		if source == 'serve' and 'url' in kwargs:
		url = kwargs['url'].split(':')
		if url[0] == 'remote' and url[1].startswith('http'):
Henrik Stuart acl: read correct index into url for username (issue298)...	r9018	user = urllib.unquote(url[3])
Henrik Stuart acl: support for getting authenticated user from web server (issue298)...	r8846
		if user is None:
		user = getpass.getuser()

Matt Mackall acl: refactoring...	r6766	cfg = ui.config('acl', 'config')
		if cfg:
Matt Mackall ui: fold readsections into readconfig...	r8142	ui.readconfig(cfg, sections = ['acl.allow', 'acl.deny'])
Matt Mackall acl: refactoring...	r6766	allow = buildmatch(ui, repo, user, 'acl.allow')
		deny = buildmatch(ui, repo, user, 'acl.deny')

		for rev in xrange(repo[node], len(repo)):
		ctx = repo[rev]
		for f in ctx.files():
		if deny and deny(f):
Martin Geisler do not attempt to translate ui.debug output	r9467	ui.debug('acl: user %s denied on %s\n' % (user, f))
Matt Mackall acl: refactoring...	r6766	raise util.Abort(_('acl: access denied for changeset %s') % ctx)
		if allow and not allow(f):
Martin Geisler do not attempt to translate ui.debug output	r9467	ui.debug('acl: user %s not allowed on %s\n' % (user, f))
Matt Mackall acl: refactoring...	r6766	raise util.Abort(_('acl: access denied for changeset %s') % ctx)
Martin Geisler do not attempt to translate ui.debug output	r9467	ui.debug('acl: allowing changeset %s\n' % ctx)