upstream/mercurial-mirror Files · hgext/acl.py

config: abort on indented non-continuation lines (issue1829)...

config: abort on indented non-continuation lines (issue1829) Previously, as soon as a continuation would be met, "cont" would stay forever set to True, but "item" was set back to "None". This caused the continuation code bits to run every time, until the next "self.get(section, item) + '\n'" which would crash.

Martin Geisler - - Load All Authors

File last commit:

r9467:4c041f1e default


                r9469:7f0f882a

default

Download file

             acl.py
        
                    107 lines
            
             | 3.8 KiB
            
                | text/x-python
            
             |
                PythonLexer
            
             / hgext / acl.py
          
                    History
                
                 |
                  Source
                 | Raw
                 |Copy content
                 |Copy permalink

        Vadim Gelfer
    
add acl extension, to limit who can push to subdirs of central repo.

              r2344
            
      # acl.py - changeset access control for mercurial

      #

      # Copyright 2006 Vadim Gelfer <vadim.gelfer@gmail.com>

      #

        Martin Geisler
    
updated license to be explicit about GPL version 2

              r8225
            
      # This software may be used and distributed according to the terms of the

      # GNU General Public License version 2, incorporated herein by reference.

        Vadim Gelfer
    
add acl extension, to limit who can push to subdirs of central repo.

              r2344
            
      #

        Dirkjan Ochtman
    
help: add/fix docstrings for a bunch of extensions

              r8873
            
        Dirkjan Ochtman
    
extensions: change descriptions for hook-providing extensions...

              r8935
            
      '''hooks for controlling repository access

        Dirkjan Ochtman
    
help: add/fix docstrings for a bunch of extensions

              r8873
            
        Cédric Duval
    
acl: help improvements...

              r8893
            
      This hook makes it possible to allow or deny write access to portions

      of a repository when receiving incoming changesets.

      The authorization is matched based on the local user name on the

      system where the hook runs, and not the committer of the original

      changeset (since the latter is merely informative).

        Dirkjan Ochtman
    
help: add/fix docstrings for a bunch of extensions

              r8873
            
        Cédric Duval
    
acl: help improvements...

              r8893
            
      The acl hook is best used along with a restricted shell like hgsh,

      preventing authenticating users from doing anything other than

      pushing or pulling. The hook is not safe to use if users have

      interactive shell access, as they can then disable the hook.

      Nor is it safe if remote users share an account, because then there

      is no way to distinguish them.

        Dirkjan Ochtman
    
help: add/fix docstrings for a bunch of extensions

              r8873
            
        Cédric Duval
    
acl: help improvements...

              r8893
            
      To use this hook, configure the acl extension in your hgrc like this:

        Dirkjan Ochtman
    
help: add/fix docstrings for a bunch of extensions

              r8873
            
        [extensions]

        hgext.acl =

        [hooks]

        pretxnchangegroup.acl = python:hgext.acl.hook

        [acl]

        Cédric Duval
    
acl: help improvements...

              r8893
            
        # Check whether the source of incoming changes is in this list

        # ("serve" == ssh or http, "push", "pull", "bundle")

        sources = serve

        Dirkjan Ochtman
    
help: add/fix docstrings for a bunch of extensions

              r8873
            
        Cédric Duval
    
acl: help improvements...

              r8893
            
      The allow and deny sections take a subtree pattern as key (with a

      glob syntax by default), and a comma separated list of users as

      the corresponding value. The deny list is checked before the allow

      list is.

        Dirkjan Ochtman
    
help: add/fix docstrings for a bunch of extensions

              r8873
            
        [acl.allow]

        Cédric Duval
    
acl: help improvements...

              r8893
            
        # If acl.allow is not present, all users are allowed by default.

        # An empty acl.allow section means no users allowed.

        Dirkjan Ochtman
    
help: add/fix docstrings for a bunch of extensions

              r8873
            
        docs/** = doc_writer

        .hgtags = release_engineer

        [acl.deny]

        Cédric Duval
    
acl: help improvements...

              r8893
            
        # If acl.deny is not present, no users are refused by default.

        # An empty acl.deny section means all users allowed.

        Dirkjan Ochtman
    
help: add/fix docstrings for a bunch of extensions

              r8873
            
        glob pattern = user4, user5

         ** = user6

      '''

        Vadim Gelfer
    
add acl extension, to limit who can push to subdirs of central repo.

              r2344
            
        Matt Mackall
    
Simplify i18n imports

              r3891
            
      from mercurial.i18n import _

        Matt Mackall
    
match: change all users of util.matcher to match.match

              r8566
            
      from mercurial import util, match

        Henrik Stuart
    
acl: support for getting authenticated user from web server (issue298)...

              r8846
            
      import getpass, urllib

        Vadim Gelfer
    
add acl extension, to limit who can push to subdirs of central repo.

              r2344
            
        Matt Mackall
    
acl: refactoring...

              r6766
            
      def buildmatch(ui, repo, user, key):

          '''return tuple of (match function, list enabled).'''

          if not ui.has_section(key):

              ui.debug(_('acl: %s not enabled\n') % key)

              return None

        Vadim Gelfer
    
add acl extension, to limit who can push to subdirs of central repo.

              r2344
            
        Matt Mackall
    
acl: refactoring...

              r6766
            
          pats = [pat for pat, users in ui.configitems(key)

                  if user in users.replace(',', ' ').split()]

          ui.debug(_('acl: %s enabled, %d entries for user %s\n') %

                   (key, len(pats), user))

          if pats:

        Matt Mackall
    
match: add some default args

              r8567
            
              return match.match(repo.root, '', pats)

        Matt Mackall
    
match: remove match.never...

              r8682
            
          return match.exact(repo.root, '', [])

        Matt Mackall
    
match: change all users of util.matcher to match.match

              r8566
            
        Vadim Gelfer
    
add acl extension, to limit who can push to subdirs of central repo.

              r2344
            
      def hook(ui, repo, hooktype, node=None, source=None, **kwargs):

          if hooktype != 'pretxnchangegroup':

              raise util.Abort(_('config error - hook type "%s" cannot stop '

                                 'incoming changesets') % hooktype)

        Matt Mackall
    
acl: refactoring...

              r6766
            
          if source not in ui.config('acl', 'sources', 'serve').split():

        Vadim Gelfer
    
add acl extension, to limit who can push to subdirs of central repo.

              r2344
            
              ui.debug(_('acl: changes have source "%s" - skipping\n') % source)

              return

        Henrik Stuart
    
acl: support for getting authenticated user from web server (issue298)...

              r8846
            
          user = None

          if source == 'serve' and 'url' in kwargs:

              url = kwargs['url'].split(':')

              if url[0] == 'remote' and url[1].startswith('http'):

        Henrik Stuart
    
acl: read correct index into url for username (issue298)...

              r9018
            
                  user = urllib.unquote(url[3])

        Henrik Stuart
    
acl: support for getting authenticated user from web server (issue298)...

              r8846
            
          if user is None:

              user = getpass.getuser()

        Matt Mackall
    
acl: refactoring...

              r6766
            
          cfg = ui.config('acl', 'config')

          if cfg:

        Matt Mackall
    
ui: fold readsections into readconfig...

              r8142
            
              ui.readconfig(cfg, sections = ['acl.allow', 'acl.deny'])

        Matt Mackall
    
acl: refactoring...

              r6766
            
          allow = buildmatch(ui, repo, user, 'acl.allow')

          deny = buildmatch(ui, repo, user, 'acl.deny')

          for rev in xrange(repo[node], len(repo)):

              ctx = repo[rev]

              for f in ctx.files():

                  if deny and deny(f):

                      ui.debug(_('acl: user %s denied on %s\n') % (user, f))

                      raise util.Abort(_('acl: access denied for changeset %s') % ctx)

                  if allow and not allow(f):

                      ui.debug(_('acl: user %s not allowed on %s\n') % (user, f))

                      raise util.Abort(_('acl: access denied for changeset %s') % ctx)

              ui.debug(_('acl: allowing changeset %s\n') % ctx)

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

Vadim Gelfer add acl extension, to limit who can push to subdirs of central repo.	r2344	# acl.py - changeset access control for mercurial
		#
		# Copyright 2006 Vadim Gelfer <vadim.gelfer@gmail.com>
		#
Martin Geisler updated license to be explicit about GPL version 2	r8225	# This software may be used and distributed according to the terms of the
		# GNU General Public License version 2, incorporated herein by reference.
Vadim Gelfer add acl extension, to limit who can push to subdirs of central repo.	r2344	#
Dirkjan Ochtman help: add/fix docstrings for a bunch of extensions	r8873
Dirkjan Ochtman extensions: change descriptions for hook-providing extensions...	r8935	'''hooks for controlling repository access
Dirkjan Ochtman help: add/fix docstrings for a bunch of extensions	r8873
Cédric Duval acl: help improvements...	r8893	This hook makes it possible to allow or deny write access to portions
		of a repository when receiving incoming changesets.

		The authorization is matched based on the local user name on the
		system where the hook runs, and not the committer of the original
		changeset (since the latter is merely informative).
Dirkjan Ochtman help: add/fix docstrings for a bunch of extensions	r8873
Cédric Duval acl: help improvements...	r8893	The acl hook is best used along with a restricted shell like hgsh,
		preventing authenticating users from doing anything other than
		pushing or pulling. The hook is not safe to use if users have
		interactive shell access, as they can then disable the hook.
		Nor is it safe if remote users share an account, because then there
		is no way to distinguish them.
Dirkjan Ochtman help: add/fix docstrings for a bunch of extensions	r8873
Cédric Duval acl: help improvements...	r8893	To use this hook, configure the acl extension in your hgrc like this:
Dirkjan Ochtman help: add/fix docstrings for a bunch of extensions	r8873
		[extensions]
		hgext.acl =

		[hooks]
		pretxnchangegroup.acl = python:hgext.acl.hook

		[acl]
Cédric Duval acl: help improvements...	r8893	# Check whether the source of incoming changes is in this list
		# ("serve" == ssh or http, "push", "pull", "bundle")
		sources = serve
Dirkjan Ochtman help: add/fix docstrings for a bunch of extensions	r8873
Cédric Duval acl: help improvements...	r8893	The allow and deny sections take a subtree pattern as key (with a
		glob syntax by default), and a comma separated list of users as
		the corresponding value. The deny list is checked before the allow
		list is.
Dirkjan Ochtman help: add/fix docstrings for a bunch of extensions	r8873
		[acl.allow]
Cédric Duval acl: help improvements...	r8893	# If acl.allow is not present, all users are allowed by default.
		# An empty acl.allow section means no users allowed.
Dirkjan Ochtman help: add/fix docstrings for a bunch of extensions	r8873	docs/** = doc_writer
		.hgtags = release_engineer

		[acl.deny]
Cédric Duval acl: help improvements...	r8893	# If acl.deny is not present, no users are refused by default.
		# An empty acl.deny section means all users allowed.
Dirkjan Ochtman help: add/fix docstrings for a bunch of extensions	r8873	glob pattern = user4, user5
		** = user6
		'''
Vadim Gelfer add acl extension, to limit who can push to subdirs of central repo.	r2344
Matt Mackall Simplify i18n imports	r3891	from mercurial.i18n import _
Matt Mackall match: change all users of util.matcher to match.match	r8566	from mercurial import util, match
Henrik Stuart acl: support for getting authenticated user from web server (issue298)...	r8846	import getpass, urllib
Vadim Gelfer add acl extension, to limit who can push to subdirs of central repo.	r2344
Matt Mackall acl: refactoring...	r6766	def buildmatch(ui, repo, user, key):
		'''return tuple of (match function, list enabled).'''
		if not ui.has_section(key):
		ui.debug(_('acl: %s not enabled\n') % key)
		return None
Vadim Gelfer add acl extension, to limit who can push to subdirs of central repo.	r2344
Matt Mackall acl: refactoring...	r6766	pats = [pat for pat, users in ui.configitems(key)
		if user in users.replace(',', ' ').split()]
		ui.debug(_('acl: %s enabled, %d entries for user %s\n') %
		(key, len(pats), user))
		if pats:
Matt Mackall match: add some default args	r8567	return match.match(repo.root, '', pats)
Matt Mackall match: remove match.never...	r8682	return match.exact(repo.root, '', [])
Matt Mackall match: change all users of util.matcher to match.match	r8566
Vadim Gelfer add acl extension, to limit who can push to subdirs of central repo.	r2344
		def hook(ui, repo, hooktype, node=None, source=None, **kwargs):
		if hooktype != 'pretxnchangegroup':
		raise util.Abort(_('config error - hook type "%s" cannot stop '
		'incoming changesets') % hooktype)
Matt Mackall acl: refactoring...	r6766	if source not in ui.config('acl', 'sources', 'serve').split():
Vadim Gelfer add acl extension, to limit who can push to subdirs of central repo.	r2344	ui.debug(_('acl: changes have source "%s" - skipping\n') % source)
		return

Henrik Stuart acl: support for getting authenticated user from web server (issue298)...	r8846	user = None
		if source == 'serve' and 'url' in kwargs:
		url = kwargs['url'].split(':')
		if url[0] == 'remote' and url[1].startswith('http'):
Henrik Stuart acl: read correct index into url for username (issue298)...	r9018	user = urllib.unquote(url[3])
Henrik Stuart acl: support for getting authenticated user from web server (issue298)...	r8846
		if user is None:
		user = getpass.getuser()

Matt Mackall acl: refactoring...	r6766	cfg = ui.config('acl', 'config')
		if cfg:
Matt Mackall ui: fold readsections into readconfig...	r8142	ui.readconfig(cfg, sections = ['acl.allow', 'acl.deny'])
Matt Mackall acl: refactoring...	r6766	allow = buildmatch(ui, repo, user, 'acl.allow')
		deny = buildmatch(ui, repo, user, 'acl.deny')

		for rev in xrange(repo[node], len(repo)):
		ctx = repo[rev]
		for f in ctx.files():
		if deny and deny(f):
		ui.debug(_('acl: user %s denied on %s\n') % (user, f))
		raise util.Abort(_('acl: access denied for changeset %s') % ctx)
		if allow and not allow(f):
		ui.debug(_('acl: user %s not allowed on %s\n') % (user, f))
		raise util.Abort(_('acl: access denied for changeset %s') % ctx)
		ui.debug(_('acl: allowing changeset %s\n') % ctx)