upstream/mercurial-mirror Files · hgext/acl.py

acl: add support for branch-based access control

Elifarley Callado Coelho Cruz - - Load All Authors

File last commit:

r11092:2dd91779 default


                r11092:2dd91779

default

Download file

             acl.py
        
                    224 lines
            
             | 7.4 KiB
            
                | text/x-python
            
             |
                PythonLexer
            
             / hgext / acl.py
          
                    History
                
                 |
                  Source
                 | Raw
                 |Copy content
                 |Copy permalink

        Vadim Gelfer
    
add acl extension, to limit who can push to subdirs of central repo.

              r2344
            
      # acl.py - changeset access control for mercurial

      #

      # Copyright 2006 Vadim Gelfer <vadim.gelfer@gmail.com>

      #

        Martin Geisler
    
updated license to be explicit about GPL version 2

              r8225
            
      # This software may be used and distributed according to the terms of the

        Matt Mackall
    
Update license to GPLv2+

              r10263
            
      # GNU General Public License version 2 or any later version.

        Dirkjan Ochtman
    
help: add/fix docstrings for a bunch of extensions

              r8873
            
        Dirkjan Ochtman
    
extensions: change descriptions for hook-providing extensions...

              r8935
            
      '''hooks for controlling repository access

        Dirkjan Ochtman
    
help: add/fix docstrings for a bunch of extensions

              r8873
            
        Elifarley Callado Coelho Cruz
    
acl: add support for branch-based access control

              r11092
            
      This hook makes it possible to allow or deny write access to given branches and

      paths of a repository when receiving incoming changesets via pretxnchangegroup

      and pretxncommit.

        Martin Geisler
    
acl: wrap docstrings at 70 characters

              r9250
            
      The authorization is matched based on the local user name on the

      system where the hook runs, and not the committer of the original

      changeset (since the latter is merely informative).

        Dirkjan Ochtman
    
help: add/fix docstrings for a bunch of extensions

              r8873
            
        Martin Geisler
    
acl: wrap docstrings at 70 characters

              r9250
            
      The acl hook is best used along with a restricted shell like hgsh,

      preventing authenticating users from doing anything other than

      pushing or pulling. The hook is not safe to use if users have

      interactive shell access, as they can then disable the hook.

      Nor is it safe if remote users share an account, because then there

      is no way to distinguish them.

        Dirkjan Ochtman
    
help: add/fix docstrings for a bunch of extensions

              r8873
            
        Elifarley Callado Coelho Cruz
    
acl: add support for branch-based access control

              r11092
            
      The order in which access checks are performed is:

      1) Deny  list for branches (section [acl.deny.branches])

      2) Allow list for branches (section [acl.allow.branches])

      3) Deny  list for paths    (section [acl.deny])

      4) Allow list for paths    (section [acl.allow])

        Elifarley Callado Coelho Cruz
    
acl: updated doc string to reflect recent changes

              r11042
            
        Elifarley Callado Coelho Cruz
    
acl: add support for branch-based access control

              r11092
            
      The allow and deny sections take key-value pairs.

      --- Branch-based Access Control ---

      Use the [acl.deny.branches] and [acl.allow.branches] sections to have

      branch-based access control.

        Martin Geisler
    
acl: fix ReST syntax in docstring

              r11057
            
        Elifarley Callado Coelho Cruz
    
acl: add support for branch-based access control

              r11092
            
      Keys in these sections can be either:

      1) a branch name

      2) an asterisk, to match any branch;

      The corresponding values can be either:

      1) a comma-separated list containing users and groups.

      2) an asterisk, to match anyone;

        Elifarley Callado Coelho Cruz
    
acl: updated doc string to reflect recent changes

              r11042
            
        Elifarley Callado Coelho Cruz
    
acl: add support for branch-based access control

              r11092
            
      --- Path-based Access Control ---

      Use the [acl.deny] and [acl.allow] sections to have path-based access control.

      Keys in these sections accept a subtree pattern (with a glob syntax by default).

      The corresponding values follow the same syntax as the other sections above.

      --- Groups ---

      Group names must be prefixed with an @ symbol.

        Elifarley Callado Coelho Cruz
    
acl: updated doc string to reflect recent changes

              r11042
            
      Specifying a group name has the same effect as specifying all the users in

      that group.

        Elifarley Callado Coelho Cruz
    
acl: add support for branch-based access control

              r11092
            
      The set of users for a group is taken from "grp.getgrnam"

      (see http://docs.python.org/library/grp.html#grp.getgrnam).

        Dirkjan Ochtman
    
help: add/fix docstrings for a bunch of extensions

              r8873
            
        Elifarley Callado Coelho Cruz
    
acl: add support for branch-based access control

              r11092
            
      --- Example Configuration ---

        Dirkjan Ochtman
    
help: add/fix docstrings for a bunch of extensions

              r8873
            
        [hooks]

        Elifarley Callado Coelho Cruz
    
acl: updated doc string to reflect recent changes

              r11042
            
        Elifarley Callado Coelho Cruz
    
acl: add support for branch-based access control

              r11092
            
        # Use this if you want to check access restrictions at commit time

        Elifarley Callado Coelho Cruz
    
acl: updated doc string to reflect recent changes

              r11042
            
        pretxncommit.acl = python:hgext.acl.hook

        # Use this if you want to check access restrictions for pull, push, bundle

        # and serve.

        Dirkjan Ochtman
    
help: add/fix docstrings for a bunch of extensions

              r8873
            
        pretxnchangegroup.acl = python:hgext.acl.hook

        [acl]

        Elifarley Callado Coelho Cruz
    
acl: add support for branch-based access control

              r11092
            
        # Check whether the source of incoming changes is in this list

        # ("serve" == ssh or http, "push", "pull", "bundle")

        Cédric Duval
    
acl: help improvements...

              r8893
            
        sources = serve

        Dirkjan Ochtman
    
help: add/fix docstrings for a bunch of extensions

              r8873
            
        Elifarley Callado Coelho Cruz
    
acl: add support for branch-based access control

              r11092
            
        [acl.deny.branches] 

        # Everyone is denied to the frozen branch: 

        frozen-branch = * 

        # A bad user is denied on all branches: 

        * = bad-user 

        [acl.allow.branches] 

        # A few users are allowed on branch-a: 

        branch-a = user-1, user-2, user-3 

        # Only one user is allowed on branch-b: 

        branch-b = user-1 

        # The super user is allowed on any branch: 

        * = super-user 

        # Everyone is allowed on branch-for-tests: 

        branch-for-tests = * 

        Elifarley Callado Coelho Cruz
    
acl: updated doc string to reflect recent changes

              r11042
            
        [acl.deny]

        Elifarley Callado Coelho Cruz
    
acl: add support for branch-based access control

              r11092
            
        # If a match is found, "acl.allow" will not be checked.

        # if acl.deny is not present, no users denied by default

        # empty acl.deny = all users allowed

        # Format for both lists: glob pattern = user4, user5, @group1

        Elifarley Callado Coelho Cruz
    
acl: updated doc string to reflect recent changes

              r11042
            
        # To match everyone, use an asterisk for the user:

        # my/glob/pattern = *

        # user6 will not have write access to any file:

        ** = user6

        # Group "hg-denied" will not have write access to any file:

        ** = @hg-denied

        # Nobody will be able to change "DONT-TOUCH-THIS.txt", despite everyone being

        # able to change all other files. See below.

        src/main/resources/DONT-TOUCH-THIS.txt = *

        Dirkjan Ochtman
    
help: add/fix docstrings for a bunch of extensions

              r8873
            
        [acl.allow]

        Elifarley Callado Coelho Cruz
    
acl: updated doc string to reflect recent changes

              r11042
            
        # if acl.allow not present, all users allowed by default

        # empty acl.allow = no users allowed

        # User "doc_writer" has write access to any file under the "docs" folder:

        Dirkjan Ochtman
    
help: add/fix docstrings for a bunch of extensions

              r8873
            
        docs/** = doc_writer

        Elifarley Callado Coelho Cruz
    
acl: updated doc string to reflect recent changes

              r11042
            
        # User "jack" and group "designers" have write access to any file under the

        # "images" folder:

        images/** = jack, @designers

        # Everyone (except for "user6" - see "acl.deny" above) will have write access

        Elifarley Callado Coelho Cruz
    
acl: add support for branch-based access control

              r11092
            
        to any file under the "resources" folder (except for 1 file. See "acl.deny"):

        Elifarley Callado Coelho Cruz
    
acl: updated doc string to reflect recent changes

              r11042
            
        src/main/resources/** = *

        Dirkjan Ochtman
    
help: add/fix docstrings for a bunch of extensions

              r8873
            
        .hgtags = release_engineer

      '''

        Vadim Gelfer
    
add acl extension, to limit who can push to subdirs of central repo.

              r2344
            
        Matt Mackall
    
Simplify i18n imports

              r3891
            
      from mercurial.i18n import _

        Matt Mackall
    
match: change all users of util.matcher to match.match

              r8566
            
      from mercurial import util, match

        Elifarley Callado Coelho Cruz
    
acl: add support for OS-level groups using @group syntax

              r11041
            
      import getpass, urllib, grp

      def _getusers(group):

          return grp.getgrnam(group).gr_mem

      def _usermatch(user, usersorgroups):

          if usersorgroups == '*':

              return True

          for ug in usersorgroups.replace(',', ' ').split():

              if user == ug or ug.find('@') == 0 and user in _getusers(ug[1:]):

                  return True

          return False

        Vadim Gelfer
    
add acl extension, to limit who can push to subdirs of central repo.

              r2344
            
        Matt Mackall
    
acl: refactoring...

              r6766
            
      def buildmatch(ui, repo, user, key):

          '''return tuple of (match function, list enabled).'''

          if not ui.has_section(key):

        Martin Geisler
    
do not attempt to translate ui.debug output

              r9467
            
              ui.debug('acl: %s not enabled\n' % key)

        Matt Mackall
    
acl: refactoring...

              r6766
            
              return None

        Vadim Gelfer
    
add acl extension, to limit who can push to subdirs of central repo.

              r2344
            
        Matt Mackall
    
acl: refactoring...

              r6766
            
          pats = [pat for pat, users in ui.configitems(key)

        Elifarley Callado Coelho Cruz
    
acl: add support for OS-level groups using @group syntax

              r11041
            
                  if _usermatch(user, users)]

        Martin Geisler
    
do not attempt to translate ui.debug output

              r9467
            
          ui.debug('acl: %s enabled, %d entries for user %s\n' %

        Matt Mackall
    
acl: refactoring...

              r6766
            
                   (key, len(pats), user))

        Elifarley Callado Coelho Cruz
    
acl: add support for branch-based access control

              r11092
            
          if not repo:

              if pats:

                  return lambda b: '*' in pats or b in pats

              return lambda b: False

        Matt Mackall
    
acl: refactoring...

              r6766
            
          if pats:

        Matt Mackall
    
match: add some default args

              r8567
            
              return match.match(repo.root, '', pats)

        Matt Mackall
    
match: remove match.never...

              r8682
            
          return match.exact(repo.root, '', [])

        Matt Mackall
    
match: change all users of util.matcher to match.match

              r8566
            
        Vadim Gelfer
    
add acl extension, to limit who can push to subdirs of central repo.

              r2344
            
      def hook(ui, repo, hooktype, node=None, source=None, **kwargs):

        Elifarley Callado Coelho Cruz
    
Added support for 'pretxncommit', so that one can call the ACL hook at...

              r10955
            
          if hooktype not in ['pretxnchangegroup', 'pretxncommit']:

        Vadim Gelfer
    
add acl extension, to limit who can push to subdirs of central repo.

              r2344
            
              raise util.Abort(_('config error - hook type "%s" cannot stop '

        Elifarley Callado Coelho Cruz
    
Added support for 'pretxncommit', so that one can call the ACL hook at...

              r10955
            
                                 'incoming changesets nor commits') % hooktype)

          if (hooktype == 'pretxnchangegroup' and

              source not in ui.config('acl', 'sources', 'serve').split()):

        Martin Geisler
    
do not attempt to translate ui.debug output

              r9467
            
              ui.debug('acl: changes have source "%s" - skipping\n' % source)

        Vadim Gelfer
    
add acl extension, to limit who can push to subdirs of central repo.

              r2344
            
              return

        Henrik Stuart
    
acl: support for getting authenticated user from web server (issue298)...

              r8846
            
          user = None

          if source == 'serve' and 'url' in kwargs:

              url = kwargs['url'].split(':')

              if url[0] == 'remote' and url[1].startswith('http'):

        Henrik Stuart
    
acl: read correct index into url for username (issue298)...

              r9018
            
                  user = urllib.unquote(url[3])

        Henrik Stuart
    
acl: support for getting authenticated user from web server (issue298)...

              r8846
            
          if user is None:

              user = getpass.getuser()

        Matt Mackall
    
acl: refactoring...

              r6766
            
          cfg = ui.config('acl', 'config')

          if cfg:

        Elifarley Callado Coelho Cruz
    
acl: add support for branch-based access control

              r11092
            
              ui.readconfig(cfg, sections = ['acl.allow.branches',

              'acl.deny.branches', 'acl.allow', 'acl.deny'])

          allowbranches = buildmatch(ui, None, user, 'acl.allow.branches')

          denybranches = buildmatch(ui, None, user, 'acl.deny.branches')

        Matt Mackall
    
acl: refactoring...

              r6766
            
          allow = buildmatch(ui, repo, user, 'acl.allow')

          deny = buildmatch(ui, repo, user, 'acl.deny')

          for rev in xrange(repo[node], len(repo)):

              ctx = repo[rev]

        Elifarley Callado Coelho Cruz
    
acl: add support for branch-based access control

              r11092
            
              branch = ctx.branch()

              if denybranches and denybranches(branch):

                  raise util.Abort(_('acl: user "%s" denied on branch "%s"'

                                     ' (changeset "%s")')

                                     % (user, branch, ctx))

              if allowbranches and not allowbranches(branch):

                  raise util.Abort(_('acl: user "%s" not allowed on branch "%s"'

                                     ' (changeset "%s")')

                                     % (user, branch, ctx))

              ui.debug('acl: branch access granted: "%s" on branch "%s"\n'

              % (ctx, branch))

        Matt Mackall
    
acl: refactoring...

              r6766
            
              for f in ctx.files():

                  if deny and deny(f):

        Martin Geisler
    
do not attempt to translate ui.debug output

              r9467
            
                      ui.debug('acl: user %s denied on %s\n' % (user, f))

        Matt Mackall
    
acl: refactoring...

              r6766
            
                      raise util.Abort(_('acl: access denied for changeset %s') % ctx)

                  if allow and not allow(f):

        Martin Geisler
    
do not attempt to translate ui.debug output

              r9467
            
                      ui.debug('acl: user %s not allowed on %s\n' % (user, f))

        Matt Mackall
    
acl: refactoring...

              r6766
            
                      raise util.Abort(_('acl: access denied for changeset %s') % ctx)

        Martin Geisler
    
do not attempt to translate ui.debug output

              r9467
            
              ui.debug('acl: allowing changeset %s\n' % ctx)

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

Vadim Gelfer add acl extension, to limit who can push to subdirs of central repo.	r2344	# acl.py - changeset access control for mercurial
		#
		# Copyright 2006 Vadim Gelfer <vadim.gelfer@gmail.com>
		#
Martin Geisler updated license to be explicit about GPL version 2	r8225	# This software may be used and distributed according to the terms of the
Matt Mackall Update license to GPLv2+	r10263	# GNU General Public License version 2 or any later version.
Dirkjan Ochtman help: add/fix docstrings for a bunch of extensions	r8873
Dirkjan Ochtman extensions: change descriptions for hook-providing extensions...	r8935	'''hooks for controlling repository access
Dirkjan Ochtman help: add/fix docstrings for a bunch of extensions	r8873
Elifarley Callado Coelho Cruz acl: add support for branch-based access control	r11092	This hook makes it possible to allow or deny write access to given branches and
		paths of a repository when receiving incoming changesets via pretxnchangegroup
		and pretxncommit.
Martin Geisler acl: wrap docstrings at 70 characters	r9250
		The authorization is matched based on the local user name on the
		system where the hook runs, and not the committer of the original
		changeset (since the latter is merely informative).
Dirkjan Ochtman help: add/fix docstrings for a bunch of extensions	r8873
Martin Geisler acl: wrap docstrings at 70 characters	r9250	The acl hook is best used along with a restricted shell like hgsh,
		preventing authenticating users from doing anything other than
		pushing or pulling. The hook is not safe to use if users have
		interactive shell access, as they can then disable the hook.
		Nor is it safe if remote users share an account, because then there
		is no way to distinguish them.
Dirkjan Ochtman help: add/fix docstrings for a bunch of extensions	r8873
Elifarley Callado Coelho Cruz acl: add support for branch-based access control	r11092	The order in which access checks are performed is:
		1) Deny list for branches (section [acl.deny.branches])
		2) Allow list for branches (section [acl.allow.branches])
		3) Deny list for paths (section [acl.deny])
		4) Allow list for paths (section [acl.allow])
Elifarley Callado Coelho Cruz acl: updated doc string to reflect recent changes	r11042
Elifarley Callado Coelho Cruz acl: add support for branch-based access control	r11092	The allow and deny sections take key-value pairs.

		--- Branch-based Access Control ---

		Use the [acl.deny.branches] and [acl.allow.branches] sections to have
		branch-based access control.
Martin Geisler acl: fix ReST syntax in docstring	r11057
Elifarley Callado Coelho Cruz acl: add support for branch-based access control	r11092	Keys in these sections can be either:
		1) a branch name
		2) an asterisk, to match any branch;

		The corresponding values can be either:
		1) a comma-separated list containing users and groups.
		2) an asterisk, to match anyone;
Elifarley Callado Coelho Cruz acl: updated doc string to reflect recent changes	r11042
Elifarley Callado Coelho Cruz acl: add support for branch-based access control	r11092	--- Path-based Access Control ---

		Use the [acl.deny] and [acl.allow] sections to have path-based access control.
		Keys in these sections accept a subtree pattern (with a glob syntax by default).
		The corresponding values follow the same syntax as the other sections above.

		--- Groups ---

		Group names must be prefixed with an @ symbol.
Elifarley Callado Coelho Cruz acl: updated doc string to reflect recent changes	r11042	Specifying a group name has the same effect as specifying all the users in
		that group.
Elifarley Callado Coelho Cruz acl: add support for branch-based access control	r11092	The set of users for a group is taken from "grp.getgrnam"
		(see http://docs.python.org/library/grp.html#grp.getgrnam).
Dirkjan Ochtman help: add/fix docstrings for a bunch of extensions	r8873
Elifarley Callado Coelho Cruz acl: add support for branch-based access control	r11092	--- Example Configuration ---
Dirkjan Ochtman help: add/fix docstrings for a bunch of extensions	r8873
		[hooks]
Elifarley Callado Coelho Cruz acl: updated doc string to reflect recent changes	r11042
Elifarley Callado Coelho Cruz acl: add support for branch-based access control	r11092	# Use this if you want to check access restrictions at commit time
Elifarley Callado Coelho Cruz acl: updated doc string to reflect recent changes	r11042	pretxncommit.acl = python:hgext.acl.hook

		# Use this if you want to check access restrictions for pull, push, bundle
		# and serve.
Dirkjan Ochtman help: add/fix docstrings for a bunch of extensions	r8873	pretxnchangegroup.acl = python:hgext.acl.hook

		[acl]
Elifarley Callado Coelho Cruz acl: add support for branch-based access control	r11092	# Check whether the source of incoming changes is in this list
		# ("serve" == ssh or http, "push", "pull", "bundle")
Cédric Duval acl: help improvements...	r8893	sources = serve
Dirkjan Ochtman help: add/fix docstrings for a bunch of extensions	r8873
Elifarley Callado Coelho Cruz acl: add support for branch-based access control	r11092	[acl.deny.branches]

		# Everyone is denied to the frozen branch:
		frozen-branch = *

		# A bad user is denied on all branches:
		* = bad-user

		[acl.allow.branches]

		# A few users are allowed on branch-a:
		branch-a = user-1, user-2, user-3

		# Only one user is allowed on branch-b:
		branch-b = user-1

		# The super user is allowed on any branch:
		* = super-user

		# Everyone is allowed on branch-for-tests:
		branch-for-tests = *

Elifarley Callado Coelho Cruz acl: updated doc string to reflect recent changes	r11042	[acl.deny]
Elifarley Callado Coelho Cruz acl: add support for branch-based access control	r11092	# If a match is found, "acl.allow" will not be checked.
		# if acl.deny is not present, no users denied by default
		# empty acl.deny = all users allowed
		# Format for both lists: glob pattern = user4, user5, @group1
Elifarley Callado Coelho Cruz acl: updated doc string to reflect recent changes	r11042
		# To match everyone, use an asterisk for the user:
		# my/glob/pattern = *

		# user6 will not have write access to any file:
		** = user6

		# Group "hg-denied" will not have write access to any file:
		** = @hg-denied

		# Nobody will be able to change "DONT-TOUCH-THIS.txt", despite everyone being
		# able to change all other files. See below.
		src/main/resources/DONT-TOUCH-THIS.txt = *
Dirkjan Ochtman help: add/fix docstrings for a bunch of extensions	r8873
		[acl.allow]
Elifarley Callado Coelho Cruz acl: updated doc string to reflect recent changes	r11042	# if acl.allow not present, all users allowed by default
		# empty acl.allow = no users allowed

		# User "doc_writer" has write access to any file under the "docs" folder:
Dirkjan Ochtman help: add/fix docstrings for a bunch of extensions	r8873	docs/** = doc_writer
Elifarley Callado Coelho Cruz acl: updated doc string to reflect recent changes	r11042
		# User "jack" and group "designers" have write access to any file under the
		# "images" folder:
		images/** = jack, @designers

		# Everyone (except for "user6" - see "acl.deny" above) will have write access
Elifarley Callado Coelho Cruz acl: add support for branch-based access control	r11092	to any file under the "resources" folder (except for 1 file. See "acl.deny"):
Elifarley Callado Coelho Cruz acl: updated doc string to reflect recent changes	r11042	src/main/resources/** = *

Dirkjan Ochtman help: add/fix docstrings for a bunch of extensions	r8873	.hgtags = release_engineer

		'''
Vadim Gelfer add acl extension, to limit who can push to subdirs of central repo.	r2344
Matt Mackall Simplify i18n imports	r3891	from mercurial.i18n import _
Matt Mackall match: change all users of util.matcher to match.match	r8566	from mercurial import util, match
Elifarley Callado Coelho Cruz acl: add support for OS-level groups using @group syntax	r11041	import getpass, urllib, grp

		def _getusers(group):
		return grp.getgrnam(group).gr_mem

		def _usermatch(user, usersorgroups):

		if usersorgroups == '*':
		return True

		for ug in usersorgroups.replace(',', ' ').split():
		if user == ug or ug.find('@') == 0 and user in _getusers(ug[1:]):
		return True

		return False
Vadim Gelfer add acl extension, to limit who can push to subdirs of central repo.	r2344
Matt Mackall acl: refactoring...	r6766	def buildmatch(ui, repo, user, key):
		'''return tuple of (match function, list enabled).'''
		if not ui.has_section(key):
Martin Geisler do not attempt to translate ui.debug output	r9467	ui.debug('acl: %s not enabled\n' % key)
Matt Mackall acl: refactoring...	r6766	return None
Vadim Gelfer add acl extension, to limit who can push to subdirs of central repo.	r2344
Matt Mackall acl: refactoring...	r6766	pats = [pat for pat, users in ui.configitems(key)
Elifarley Callado Coelho Cruz acl: add support for OS-level groups using @group syntax	r11041	if _usermatch(user, users)]
Martin Geisler do not attempt to translate ui.debug output	r9467	ui.debug('acl: %s enabled, %d entries for user %s\n' %
Matt Mackall acl: refactoring...	r6766	(key, len(pats), user))
Elifarley Callado Coelho Cruz acl: add support for branch-based access control	r11092
		if not repo:
		if pats:
		return lambda b: '*' in pats or b in pats
		return lambda b: False

Matt Mackall acl: refactoring...	r6766	if pats:
Matt Mackall match: add some default args	r8567	return match.match(repo.root, '', pats)
Matt Mackall match: remove match.never...	r8682	return match.exact(repo.root, '', [])
Matt Mackall match: change all users of util.matcher to match.match	r8566
Vadim Gelfer add acl extension, to limit who can push to subdirs of central repo.	r2344
		def hook(ui, repo, hooktype, node=None, source=None, **kwargs):
Elifarley Callado Coelho Cruz Added support for 'pretxncommit', so that one can call the ACL hook at...	r10955	if hooktype not in ['pretxnchangegroup', 'pretxncommit']:
Vadim Gelfer add acl extension, to limit who can push to subdirs of central repo.	r2344	raise util.Abort(_('config error - hook type "%s" cannot stop '
Elifarley Callado Coelho Cruz Added support for 'pretxncommit', so that one can call the ACL hook at...	r10955	'incoming changesets nor commits') % hooktype)
		if (hooktype == 'pretxnchangegroup' and
		source not in ui.config('acl', 'sources', 'serve').split()):
Martin Geisler do not attempt to translate ui.debug output	r9467	ui.debug('acl: changes have source "%s" - skipping\n' % source)
Vadim Gelfer add acl extension, to limit who can push to subdirs of central repo.	r2344	return

Henrik Stuart acl: support for getting authenticated user from web server (issue298)...	r8846	user = None
		if source == 'serve' and 'url' in kwargs:
		url = kwargs['url'].split(':')
		if url[0] == 'remote' and url[1].startswith('http'):
Henrik Stuart acl: read correct index into url for username (issue298)...	r9018	user = urllib.unquote(url[3])
Henrik Stuart acl: support for getting authenticated user from web server (issue298)...	r8846
		if user is None:
		user = getpass.getuser()

Matt Mackall acl: refactoring...	r6766	cfg = ui.config('acl', 'config')
		if cfg:
Elifarley Callado Coelho Cruz acl: add support for branch-based access control	r11092	ui.readconfig(cfg, sections = ['acl.allow.branches',
		'acl.deny.branches', 'acl.allow', 'acl.deny'])

		allowbranches = buildmatch(ui, None, user, 'acl.allow.branches')
		denybranches = buildmatch(ui, None, user, 'acl.deny.branches')
Matt Mackall acl: refactoring...	r6766	allow = buildmatch(ui, repo, user, 'acl.allow')
		deny = buildmatch(ui, repo, user, 'acl.deny')

		for rev in xrange(repo[node], len(repo)):
		ctx = repo[rev]
Elifarley Callado Coelho Cruz acl: add support for branch-based access control	r11092	branch = ctx.branch()
		if denybranches and denybranches(branch):
		raise util.Abort(_('acl: user "%s" denied on branch "%s"'
		' (changeset "%s")')
		% (user, branch, ctx))
		if allowbranches and not allowbranches(branch):
		raise util.Abort(_('acl: user "%s" not allowed on branch "%s"'
		' (changeset "%s")')
		% (user, branch, ctx))
		ui.debug('acl: branch access granted: "%s" on branch "%s"\n'
		% (ctx, branch))

Matt Mackall acl: refactoring...	r6766	for f in ctx.files():
		if deny and deny(f):
Martin Geisler do not attempt to translate ui.debug output	r9467	ui.debug('acl: user %s denied on %s\n' % (user, f))
Matt Mackall acl: refactoring...	r6766	raise util.Abort(_('acl: access denied for changeset %s') % ctx)
		if allow and not allow(f):
Martin Geisler do not attempt to translate ui.debug output	r9467	ui.debug('acl: user %s not allowed on %s\n' % (user, f))
Matt Mackall acl: refactoring...	r6766	raise util.Abort(_('acl: access denied for changeset %s') % ctx)
Martin Geisler do not attempt to translate ui.debug output	r9467	ui.debug('acl: allowing changeset %s\n' % ctx)