##// END OF EJS Templates
cleanup: use p1() instead of parents() when we only need the first parent...
cleanup: use p1() instead of parents() when we only need the first parent Differential Revision: https://phab.mercurial-scm.org/D5708

File last commit:

r39458:3694c9aa default
r41444:5cb8158a default
Show More
acl.py
428 lines | 13.5 KiB | text/x-python | PythonLexer
Vadim Gelfer
add acl extension, to limit who can push to subdirs of central repo.
r2344 # acl.py - changeset access control for mercurial
#
# Copyright 2006 Vadim Gelfer <vadim.gelfer@gmail.com>
#
Martin Geisler
updated license to be explicit about GPL version 2
r8225 # This software may be used and distributed according to the terms of the
Matt Mackall
Update license to GPLv2+
r10263 # GNU General Public License version 2 or any later version.
Dirkjan Ochtman
help: add/fix docstrings for a bunch of extensions
r8873
Dirkjan Ochtman
extensions: change descriptions for hook-providing extensions...
r8935 '''hooks for controlling repository access
Dirkjan Ochtman
help: add/fix docstrings for a bunch of extensions
r8873
Martin Geisler
acl: more consistent docstring
r11095 This hook makes it possible to allow or deny write access to given
branches and paths of a repository when receiving incoming changesets
via pretxnchangegroup and pretxncommit.
Martin Geisler
acl: wrap docstrings at 70 characters
r9250
The authorization is matched based on the local user name on the
system where the hook runs, and not the committer of the original
changeset (since the latter is merely informative).
Dirkjan Ochtman
help: add/fix docstrings for a bunch of extensions
r8873
Martin Geisler
acl: wrap docstrings at 70 characters
r9250 The acl hook is best used along with a restricted shell like hgsh,
Martin Geisler
acl: more consistent docstring
r11095 preventing authenticating users from doing anything other than pushing
or pulling. The hook is not safe to use if users have interactive
shell access, as they can then disable the hook. Nor is it safe if
remote users share an account, because then there is no way to
distinguish them.
Dirkjan Ochtman
help: add/fix docstrings for a bunch of extensions
r8873
Elifarley Callado Coelho Cruz
acl: add support for branch-based access control
r11092 The order in which access checks are performed is:
Martin Geisler
acl: fix reST syntax
r11094
1) Deny list for branches (section ``acl.deny.branches``)
2) Allow list for branches (section ``acl.allow.branches``)
3) Deny list for paths (section ``acl.deny``)
4) Allow list for paths (section ``acl.allow``)
Elifarley Callado Coelho Cruz
acl: updated doc string to reflect recent changes
r11042
Elifarley Callado Coelho Cruz
acl: add support for branch-based access control
r11092 The allow and deny sections take key-value pairs.
Martin Geisler
acl: fix reST syntax
r11094 Branch-based Access Control
FUJIWARA Katsunori
doc: unify section level between help topics...
r17267 ---------------------------
Elifarley Callado Coelho Cruz
acl: add support for branch-based access control
r11092
Martin Geisler
acl: more consistent docstring
r11095 Use the ``acl.deny.branches`` and ``acl.allow.branches`` sections to
have branch-based access control. Keys in these sections can be
either:
Martin Geisler
acl: fix ReST syntax in docstring
r11057
Martin Geisler
acl: more consistent docstring
r11095 - a branch name, or
- an asterisk, to match any branch;
Elifarley Callado Coelho Cruz
acl: add support for branch-based access control
r11092
The corresponding values can be either:
Martin Geisler
acl: fix reST syntax
r11094
Martin Geisler
acl: more consistent docstring
r11095 - a comma-separated list containing users and groups, or
- an asterisk, to match anyone;
Elifarley Callado Coelho Cruz
acl: updated doc string to reflect recent changes
r11042
Elifarley Callado Coelho Cruz
acl: user docs for the "!" prefix in user or group names
r16957 You can add the "!" prefix to a user or group name to invert the sense
of the match.
Martin Geisler
acl: fix reST syntax
r11094 Path-based Access Control
FUJIWARA Katsunori
doc: unify section level between help topics...
r17267 -------------------------
Elifarley Callado Coelho Cruz
acl: add support for branch-based access control
r11092
Martin Geisler
acl: more consistent docstring
r11095 Use the ``acl.deny`` and ``acl.allow`` sections to have path-based
access control. Keys in these sections accept a subtree pattern (with
a glob syntax by default). The corresponding values follow the same
syntax as the other sections above.
Elifarley Callado Coelho Cruz
acl: add support for branch-based access control
r11092
acl: add bookmarks support...
r38550 Bookmark-based Access Control
-----------------------------
Use the ``acl.deny.bookmarks`` and ``acl.allow.bookmarks`` sections to
have bookmark-based access control. Keys in these sections can be
either:
- a bookmark name, or
- an asterisk, to match any bookmark;
The corresponding values can be either:
- a comma-separated list containing users and groups, or
- an asterisk, to match anyone;
You can add the "!" prefix to a user or group name to invert the sense
of the match.
Note: for interactions between clients and servers using Mercurial 3.6+
a rejection will generally reject the entire push, for interactions
involving older clients, the commit transactions will already be accepted,
and only the bookmark movement will be rejected.
Martin Geisler
acl: fix reST syntax
r11094 Groups
FUJIWARA Katsunori
doc: unify section level between help topics...
r17267 ------
Elifarley Callado Coelho Cruz
acl: add support for branch-based access control
r11092
Martin Geisler
acl: more consistent docstring
r11095 Group names must be prefixed with an ``@`` symbol. Specifying a group
name has the same effect as specifying all the users in that group.
Dirkjan Ochtman
help: add/fix docstrings for a bunch of extensions
r8873
Elifarley Callado Coelho Cruz
acl: update docstring to describe section [acl.groups]
r11115 You can define group members in the ``acl.groups`` section.
If a group name is not defined there, and Mercurial is running under
a Unix-like system, the list of users will be taken from the OS.
Otherwise, an exception will be raised.
Martin Geisler
acl: fix reST syntax
r11094 Example Configuration
FUJIWARA Katsunori
doc: unify section level between help topics...
r17267 ---------------------
Martin Geisler
acl: fix reST syntax
r11094
::
Dirkjan Ochtman
help: add/fix docstrings for a bunch of extensions
r8873
[hooks]
Elifarley Callado Coelho Cruz
acl: updated doc string to reflect recent changes
r11042
Elifarley Callado Coelho Cruz
acl: add support for branch-based access control
r11092 # Use this if you want to check access restrictions at commit time
Elifarley Callado Coelho Cruz
acl: updated doc string to reflect recent changes
r11042 pretxncommit.acl = python:hgext.acl.hook
Martin Geisler
acl: delete trailing whitespace in docstring
r11423
Martin Geisler
acl: more consistent docstring
r11095 # Use this if you want to check access restrictions for pull, push,
# bundle and serve.
Dirkjan Ochtman
help: add/fix docstrings for a bunch of extensions
r8873 pretxnchangegroup.acl = python:hgext.acl.hook
[acl]
Patrick Mezard
acl: clarify acl.sources, fix typo
r11131 # Allow or deny access for incoming changes only if their source is
# listed here, let them pass otherwise. Source is "serve" for all
# remote access (http or ssh), "push", "pull" or "bundle" when the
# related commands are run locally.
# Default: serve
Cédric Duval
acl: help improvements...
r8893 sources = serve
Dirkjan Ochtman
help: add/fix docstrings for a bunch of extensions
r8873
Martin Geisler
acl: delete trailing whitespace in docstring
r11423 [acl.deny.branches]
# Everyone is denied to the frozen branch:
frozen-branch = *
# A bad user is denied on all branches:
* = bad-user
[acl.allow.branches]
# A few users are allowed on branch-a:
branch-a = user-1, user-2, user-3
# Only one user is allowed on branch-b:
branch-b = user-1
# The super user is allowed on any branch:
* = super-user
# Everyone is allowed on branch-for-tests:
branch-for-tests = *
Elifarley Callado Coelho Cruz
acl: add support for branch-based access control
r11092
Elifarley Callado Coelho Cruz
acl: updated doc string to reflect recent changes
r11042 [acl.deny]
Martin Geisler
acl: more consistent docstring
r11095 # This list is checked first. If a match is found, acl.allow is not
# checked. All users are granted access if acl.deny is not present.
# Format for both lists: glob pattern = user, ..., @group, ...
Elifarley Callado Coelho Cruz
acl: updated doc string to reflect recent changes
r11042
# To match everyone, use an asterisk for the user:
# my/glob/pattern = *
# user6 will not have write access to any file:
** = user6
# Group "hg-denied" will not have write access to any file:
** = @hg-denied
Bryan O'Sullivan
Merge spelling fixes
r17537 # Nobody will be able to change "DONT-TOUCH-THIS.txt", despite
Martin Geisler
acl: more consistent docstring
r11095 # everyone being able to change all other files. See below.
Bryan O'Sullivan
Merge spelling fixes
r17537 src/main/resources/DONT-TOUCH-THIS.txt = *
Dirkjan Ochtman
help: add/fix docstrings for a bunch of extensions
r8873
[acl.allow]
Patrick Mezard
acl: clarify acl.sources, fix typo
r11131 # if acl.allow is not present, all users are allowed by default
Elifarley Callado Coelho Cruz
acl: updated doc string to reflect recent changes
r11042 # empty acl.allow = no users allowed
Martin Geisler
acl: more consistent docstring
r11095 # User "doc_writer" has write access to any file under the "docs"
# folder:
Dirkjan Ochtman
help: add/fix docstrings for a bunch of extensions
r8873 docs/** = doc_writer
Elifarley Callado Coelho Cruz
acl: updated doc string to reflect recent changes
r11042
Martin Geisler
acl: more consistent docstring
r11095 # User "jack" and group "designers" have write access to any file
# under the "images" folder:
Elifarley Callado Coelho Cruz
acl: updated doc string to reflect recent changes
r11042 images/** = jack, @designers
FUJIWARA Katsunori
doc: fix explanation comment in acl extension...
r16499 # Everyone (except for "user6" and "@hg-denied" - see acl.deny above)
# will have write access to any file under the "resources" folder
# (except for 1 file. See acl.deny):
Elifarley Callado Coelho Cruz
acl: updated doc string to reflect recent changes
r11042 src/main/resources/** = *
Dirkjan Ochtman
help: add/fix docstrings for a bunch of extensions
r8873 .hgtags = release_engineer
Elifarley Callado Coelho Cruz
acl: user docs for the "!" prefix in user or group names
r16957 Examples using the "!" prefix
.............................
Suppose there's a branch that only a given user (or group) should be able to
push to, and you don't want to restrict access to any other branch that may
be created.
The "!" prefix allows you to prevent anyone except a given user or group to
push changesets in a given branch or path.
In the examples below, we will:
1) Deny access to branch "ring" to anyone but user "gollum"
2) Deny access to branch "lake" to anyone but members of the group "hobbit"
3) Deny access to a file to anyone but user "gollum"
::
[acl.allow.branches]
# Empty
[acl.deny.branches]
# 1) only 'gollum' can commit to branch 'ring';
# 'gollum' and anyone else can still commit to any other branch.
ring = !gollum
# 2) only members of the group 'hobbit' can commit to branch 'lake';
# 'hobbit' members and anyone else can still commit to any other branch.
lake = !@hobbit
# You can also deny access based on file paths:
[acl.allow]
# Empty
[acl.deny]
# 3) only 'gollum' can change the file below;
# 'gollum' and anyone else can still change any other file.
/misty/mountains/cave/ring = !gollum
Dirkjan Ochtman
help: add/fix docstrings for a bunch of extensions
r8873 '''
Vadim Gelfer
add acl extension, to limit who can push to subdirs of central repo.
r2344
Gregory Szorc
acl: use absolute_import...
r28089 from __future__ import absolute_import
Matt Mackall
Simplify i18n imports
r3891 from mercurial.i18n import _
Gregory Szorc
acl: use absolute_import...
r28089 from mercurial import (
error,
Boris Feld
acl: make sure the extensions is enabled when the acl-hooks run...
r34830 extensions,
Gregory Szorc
acl: use absolute_import...
r28089 match,
Gregory Szorc
global: use pycompat.xrange()...
r38806 pycompat,
configitems: register the 'acl.config' config
r33182 registrar,
Gregory Szorc
acl: use absolute_import...
r28089 util,
)
Yuya Nishihara
procutil: bulk-replace function calls to point to new module
r37138 from mercurial.utils import (
procutil,
)
Elifarley Callado Coelho Cruz
acl: add support for OS-level groups using @group syntax
r11041
timeless
pycompat: switch to util.urlreq/util.urlerr for py3 compat
r28883 urlreq = util.urlreq
Augie Fackler
extensions: change magic "shipped with hg" string...
r29841 # Note for extension authors: ONLY specify testedwith = 'ships-with-hg-core' for
Augie Fackler
extensions: document that `testedwith = 'internal'` is special...
r25186 # extensions which SHIP WITH MERCURIAL. Non-mainline extensions should
# be specifying the version(s) of Mercurial they are tested with, or
# leave the attribute unspecified.
Augie Fackler
extensions: change magic "shipped with hg" string...
r29841 testedwith = 'ships-with-hg-core'
Augie Fackler
hgext: mark all first-party extensions as such
r16743
configitems: register the 'acl.config' config
r33182 configtable = {}
configitem = registrar.configitem(configtable)
# deprecated config: acl.config
configitem('acl', 'config',
default=None,
)
Boris Feld
configitems: register acl config section
r34780 configitem('acl.groups', '.*',
default=None,
generic=True,
)
configitem('acl.deny.branches', '.*',
default=None,
generic=True,
)
configitem('acl.allow.branches', '.*',
default=None,
generic=True,
)
configitem('acl.deny', '.*',
default=None,
generic=True,
)
configitem('acl.allow', '.*',
default=None,
generic=True,
)
configitems: register the 'acl.sources' config...
r33183 configitem('acl', 'sources',
configitem: create a new list of each 'acl.sources' access...
r33213 default=lambda: ['serve'],
configitems: register the 'acl.sources' config...
r33183 )
configitems: register the 'acl.config' config
r33182
Elifarley Callado Coelho Cruz
acl: support for group definitions in section [acl.groups], which take precedence over OS-level groups
r11114 def _getusers(ui, group):
# First, try to use group definition from section [acl.groups]
hgrcusers = ui.configlist('acl.groups', group)
if hgrcusers:
return hgrcusers
ui.debug('acl: "%s" not defined in [acl.groups]\n' % group)
# If no users found in group definition, get users from OS-level group
Patrick Mezard
acl: improve undefined group error handling
r11140 try:
return util.groupmembers(group)
except KeyError:
Pierre-Yves David
error: get Abort from 'error' instead of 'util'...
r26587 raise error.Abort(_("group '%s' is undefined") % group)
Elifarley Callado Coelho Cruz
acl: add support for OS-level groups using @group syntax
r11041
Elifarley Callado Coelho Cruz
acl: support for group definitions in section [acl.groups], which take precedence over OS-level groups
r11114 def _usermatch(ui, user, usersorgroups):
Elifarley Callado Coelho Cruz
acl: add support for OS-level groups using @group syntax
r11041
if usersorgroups == '*':
return True
for ug in usersorgroups.replace(',', ' ').split():
Elifarley Callado Coelho Cruz
acl: use of "!" prefix in user or group names...
r16956
if ug.startswith('!'):
# Test for excluded user or group. Format:
# if ug is a user name: !username
# if ug is a group name: !@groupname
ug = ug[1:]
if not ug.startswith('@') and user != ug \
or ug.startswith('@') and user not in _getusers(ui, ug[1:]):
return True
# Test for user or group. Format:
# if ug is a user name: username
# if ug is a group name: @groupname
elif user == ug \
or ug.startswith('@') and user in _getusers(ui, ug[1:]):
Elifarley Callado Coelho Cruz
acl: add support for OS-level groups using @group syntax
r11041 return True
return False
Vadim Gelfer
add acl extension, to limit who can push to subdirs of central repo.
r2344
Matt Mackall
acl: refactoring...
r6766 def buildmatch(ui, repo, user, key):
'''return tuple of (match function, list enabled).'''
if not ui.has_section(key):
Martin Geisler
do not attempt to translate ui.debug output
r9467 ui.debug('acl: %s not enabled\n' % key)
Matt Mackall
acl: refactoring...
r6766 return None
Vadim Gelfer
add acl extension, to limit who can push to subdirs of central repo.
r2344
Matt Mackall
acl: refactoring...
r6766 pats = [pat for pat, users in ui.configitems(key)
Elifarley Callado Coelho Cruz
acl: support for group definitions in section [acl.groups], which take precedence over OS-level groups
r11114 if _usermatch(ui, user, users)]
Martin Geisler
do not attempt to translate ui.debug output
r9467 ui.debug('acl: %s enabled, %d entries for user %s\n' %
Matt Mackall
acl: refactoring...
r6766 (key, len(pats), user))
Elifarley Callado Coelho Cruz
acl: add support for branch-based access control
r11092
Elifarley Callado Coelho Cruz
acl: added some comments to easily identify branch- and path-based verifications
r16765 # Branch-based ACL
Elifarley Callado Coelho Cruz
acl: add support for branch-based access control
r11092 if not repo:
if pats:
Elifarley Callado Coelho Cruz
acl: perform some computations earlier, so that returned lambda functions are simpler
r16766 # If there's an asterisk (meaning "any branch"), always return True;
# Otherwise, test if b is in pats
if '*' in pats:
return util.always
return lambda b: b in pats
Elifarley Callado Coelho Cruz
acl: 'util.never' used
r16764 return util.never
Elifarley Callado Coelho Cruz
acl: add support for branch-based access control
r11092
Elifarley Callado Coelho Cruz
acl: added some comments to easily identify branch- and path-based verifications
r16765 # Path-based ACL
Matt Mackall
acl: refactoring...
r6766 if pats:
Matt Mackall
match: add some default args
r8567 return match.match(repo.root, '', pats)
Elifarley Callado Coelho Cruz
acl: 'util.never' can be used instead of a more complex expression
r16767 return util.never
Vadim Gelfer
add acl extension, to limit who can push to subdirs of central repo.
r2344
Boris Feld
acl: make sure the extensions is enabled when the acl-hooks run...
r34830 def ensureenabled(ui):
"""make sure the extension is enabled when used as hook
When acl is used through hooks, the extension is never formally loaded and
enabled. This has some side effect, for example the config declaration is
never loaded. This function ensure the extension is enabled when running
hooks.
"""
if 'acl' in ui._knownconfig:
return
ui.setconfig('extensions', 'acl', '', source='internal')
extensions.loadall(ui, ['acl'])
Vadim Gelfer
add acl extension, to limit who can push to subdirs of central repo.
r2344 def hook(ui, repo, hooktype, node=None, source=None, **kwargs):
Boris Feld
acl: make sure the extensions is enabled when the acl-hooks run...
r34830
ensureenabled(ui)
acl: add bookmarks support...
r38550 if hooktype not in ['pretxnchangegroup', 'pretxncommit', 'prepushkey']:
raise error.Abort(
_('config error - hook type "%s" cannot stop '
'incoming changesets, commits, nor bookmarks') % hooktype)
Elifarley Callado Coelho Cruz
Added support for 'pretxncommit', so that one can call the ACL hook at...
r10955 if (hooktype == 'pretxnchangegroup' and
acl: use configlist to retrieve the source config...
r33184 source not in ui.configlist('acl', 'sources')):
Martin Geisler
do not attempt to translate ui.debug output
r9467 ui.debug('acl: changes have source "%s" - skipping\n' % source)
Vadim Gelfer
add acl extension, to limit who can push to subdirs of central repo.
r2344 return
Henrik Stuart
acl: support for getting authenticated user from web server (issue298)...
r8846 user = None
Pulkit Goyal
py3: fix keyword arguments handling in hgext/acl.py...
r36395 if source == 'serve' and r'url' in kwargs:
url = kwargs[r'url'].split(':')
Henrik Stuart
acl: support for getting authenticated user from web server (issue298)...
r8846 if url[0] == 'remote' and url[1].startswith('http'):
timeless
pycompat: switch to util.urlreq/util.urlerr for py3 compat
r28883 user = urlreq.unquote(url[3])
Henrik Stuart
acl: support for getting authenticated user from web server (issue298)...
r8846
if user is None:
Yuya Nishihara
procutil: bulk-replace function calls to point to new module
r37138 user = procutil.getuser()
Henrik Stuart
acl: support for getting authenticated user from web server (issue298)...
r8846
Elifarley Callado Coelho Cruz
acl: more descriptive error messages
r15207 ui.debug('acl: checking access for user "%s"\n' % user)
acl: add bookmarks support...
r38550 if hooktype == 'prepushkey':
_pkhook(ui, repo, hooktype, node, source, user, **kwargs)
else:
_txnhook(ui, repo, hooktype, node, source, user, **kwargs)
def _pkhook(ui, repo, hooktype, node, source, user, **kwargs):
Pulkit Goyal
py3: handle keyword arguments correctly in hgext/acl.py...
r39458 if kwargs[r'namespace'] == 'bookmarks':
bookmark = kwargs[r'key']
ctx = kwargs[r'new']
acl: add bookmarks support...
r38550 allowbookmarks = buildmatch(ui, None, user, 'acl.allow.bookmarks')
denybookmarks = buildmatch(ui, None, user, 'acl.deny.bookmarks')
if denybookmarks and denybookmarks(bookmark):
raise error.Abort(_('acl: user "%s" denied on bookmark "%s"'
' (changeset "%s")')
% (user, bookmark, ctx))
if allowbookmarks and not allowbookmarks(bookmark):
raise error.Abort(_('acl: user "%s" not allowed on bookmark "%s"'
' (changeset "%s")')
% (user, bookmark, ctx))
ui.debug('acl: bookmark access granted: "%s" on bookmark "%s"\n'
% (ctx, bookmark))
def _txnhook(ui, repo, hooktype, node, source, user, **kwargs):
Matt Mackall
acl: mark deprecated config option...
r25792 # deprecated config: acl.config
Matt Mackall
acl: refactoring...
r6766 cfg = ui.config('acl', 'config')
if cfg:
Mads Kiilerich
check-code: check for spaces around = for named parameters
r19872 ui.readconfig(cfg, sections=['acl.groups', 'acl.allow.branches',
'acl.deny.branches', 'acl.allow', 'acl.deny'])
Elifarley Callado Coelho Cruz
acl: add support for branch-based access control
r11092
allowbranches = buildmatch(ui, None, user, 'acl.allow.branches')
denybranches = buildmatch(ui, None, user, 'acl.deny.branches')
Matt Mackall
acl: refactoring...
r6766 allow = buildmatch(ui, repo, user, 'acl.allow')
deny = buildmatch(ui, repo, user, 'acl.deny')
Gregory Szorc
global: use pycompat.xrange()...
r38806 for rev in pycompat.xrange(repo[node].rev(), len(repo)):
Matt Mackall
acl: refactoring...
r6766 ctx = repo[rev]
Elifarley Callado Coelho Cruz
acl: add support for branch-based access control
r11092 branch = ctx.branch()
if denybranches and denybranches(branch):
Pierre-Yves David
error: get Abort from 'error' instead of 'util'...
r26587 raise error.Abort(_('acl: user "%s" denied on branch "%s"'
Elifarley Callado Coelho Cruz
acl: add support for branch-based access control
r11092 ' (changeset "%s")')
% (user, branch, ctx))
if allowbranches and not allowbranches(branch):
Pierre-Yves David
error: get Abort from 'error' instead of 'util'...
r26587 raise error.Abort(_('acl: user "%s" not allowed on branch "%s"'
Elifarley Callado Coelho Cruz
acl: add support for branch-based access control
r11092 ' (changeset "%s")')
% (user, branch, ctx))
ui.debug('acl: branch access granted: "%s" on branch "%s"\n'
% (ctx, branch))
Matt Mackall
acl: refactoring...
r6766 for f in ctx.files():
if deny and deny(f):
Pierre-Yves David
error: get Abort from 'error' instead of 'util'...
r26587 raise error.Abort(_('acl: user "%s" denied on "%s"'
Elifarley Callado Coelho Cruz
acl: more descriptive error messages
r15207 ' (changeset "%s")') % (user, f, ctx))
Matt Mackall
acl: refactoring...
r6766 if allow and not allow(f):
Pierre-Yves David
error: get Abort from 'error' instead of 'util'...
r26587 raise error.Abort(_('acl: user "%s" not allowed on "%s"'
Elifarley Callado Coelho Cruz
acl: more descriptive error messages
r15207 ' (changeset "%s")') % (user, f, ctx))
ui.debug('acl: path access granted: "%s"\n' % ctx)