##// END OF EJS Templates
Added signature for changeset ca3dca416f8d
Added signature for changeset ca3dca416f8d

File last commit:

r43387:8ff1ecfa default
r43738:93aeebc9 stable
Show More
acl.py
471 lines | 14.1 KiB | text/x-python | PythonLexer
Vadim Gelfer
add acl extension, to limit who can push to subdirs of central repo.
r2344 # acl.py - changeset access control for mercurial
#
# Copyright 2006 Vadim Gelfer <vadim.gelfer@gmail.com>
#
Martin Geisler
updated license to be explicit about GPL version 2
r8225 # This software may be used and distributed according to the terms of the
Matt Mackall
Update license to GPLv2+
r10263 # GNU General Public License version 2 or any later version.
Dirkjan Ochtman
help: add/fix docstrings for a bunch of extensions
r8873
Dirkjan Ochtman
extensions: change descriptions for hook-providing extensions...
r8935 '''hooks for controlling repository access
Dirkjan Ochtman
help: add/fix docstrings for a bunch of extensions
r8873
Martin Geisler
acl: more consistent docstring
r11095 This hook makes it possible to allow or deny write access to given
branches and paths of a repository when receiving incoming changesets
via pretxnchangegroup and pretxncommit.
Martin Geisler
acl: wrap docstrings at 70 characters
r9250
The authorization is matched based on the local user name on the
system where the hook runs, and not the committer of the original
changeset (since the latter is merely informative).
Dirkjan Ochtman
help: add/fix docstrings for a bunch of extensions
r8873
Martin Geisler
acl: wrap docstrings at 70 characters
r9250 The acl hook is best used along with a restricted shell like hgsh,
Martin Geisler
acl: more consistent docstring
r11095 preventing authenticating users from doing anything other than pushing
or pulling. The hook is not safe to use if users have interactive
shell access, as they can then disable the hook. Nor is it safe if
remote users share an account, because then there is no way to
distinguish them.
Dirkjan Ochtman
help: add/fix docstrings for a bunch of extensions
r8873
Elifarley Callado Coelho Cruz
acl: add support for branch-based access control
r11092 The order in which access checks are performed is:
Martin Geisler
acl: fix reST syntax
r11094
1) Deny list for branches (section ``acl.deny.branches``)
2) Allow list for branches (section ``acl.allow.branches``)
3) Deny list for paths (section ``acl.deny``)
4) Allow list for paths (section ``acl.allow``)
Elifarley Callado Coelho Cruz
acl: updated doc string to reflect recent changes
r11042
Elifarley Callado Coelho Cruz
acl: add support for branch-based access control
r11092 The allow and deny sections take key-value pairs.
Martin Geisler
acl: fix reST syntax
r11094 Branch-based Access Control
FUJIWARA Katsunori
doc: unify section level between help topics...
r17267 ---------------------------
Elifarley Callado Coelho Cruz
acl: add support for branch-based access control
r11092
Martin Geisler
acl: more consistent docstring
r11095 Use the ``acl.deny.branches`` and ``acl.allow.branches`` sections to
have branch-based access control. Keys in these sections can be
either:
Martin Geisler
acl: fix ReST syntax in docstring
r11057
Martin Geisler
acl: more consistent docstring
r11095 - a branch name, or
- an asterisk, to match any branch;
Elifarley Callado Coelho Cruz
acl: add support for branch-based access control
r11092
The corresponding values can be either:
Martin Geisler
acl: fix reST syntax
r11094
Martin Geisler
acl: more consistent docstring
r11095 - a comma-separated list containing users and groups, or
- an asterisk, to match anyone;
Elifarley Callado Coelho Cruz
acl: updated doc string to reflect recent changes
r11042
Elifarley Callado Coelho Cruz
acl: user docs for the "!" prefix in user or group names
r16957 You can add the "!" prefix to a user or group name to invert the sense
of the match.
Martin Geisler
acl: fix reST syntax
r11094 Path-based Access Control
FUJIWARA Katsunori
doc: unify section level between help topics...
r17267 -------------------------
Elifarley Callado Coelho Cruz
acl: add support for branch-based access control
r11092
Martin Geisler
acl: more consistent docstring
r11095 Use the ``acl.deny`` and ``acl.allow`` sections to have path-based
access control. Keys in these sections accept a subtree pattern (with
a glob syntax by default). The corresponding values follow the same
syntax as the other sections above.
Elifarley Callado Coelho Cruz
acl: add support for branch-based access control
r11092
acl: add bookmarks support...
r38550 Bookmark-based Access Control
-----------------------------
Use the ``acl.deny.bookmarks`` and ``acl.allow.bookmarks`` sections to
have bookmark-based access control. Keys in these sections can be
either:
- a bookmark name, or
- an asterisk, to match any bookmark;
The corresponding values can be either:
- a comma-separated list containing users and groups, or
- an asterisk, to match anyone;
You can add the "!" prefix to a user or group name to invert the sense
of the match.
Note: for interactions between clients and servers using Mercurial 3.6+
a rejection will generally reject the entire push, for interactions
involving older clients, the commit transactions will already be accepted,
and only the bookmark movement will be rejected.
Martin Geisler
acl: fix reST syntax
r11094 Groups
FUJIWARA Katsunori
doc: unify section level between help topics...
r17267 ------
Elifarley Callado Coelho Cruz
acl: add support for branch-based access control
r11092
Martin Geisler
acl: more consistent docstring
r11095 Group names must be prefixed with an ``@`` symbol. Specifying a group
name has the same effect as specifying all the users in that group.
Dirkjan Ochtman
help: add/fix docstrings for a bunch of extensions
r8873
Elifarley Callado Coelho Cruz
acl: update docstring to describe section [acl.groups]
r11115 You can define group members in the ``acl.groups`` section.
If a group name is not defined there, and Mercurial is running under
a Unix-like system, the list of users will be taken from the OS.
Otherwise, an exception will be raised.
Martin Geisler
acl: fix reST syntax
r11094 Example Configuration
FUJIWARA Katsunori
doc: unify section level between help topics...
r17267 ---------------------
Martin Geisler
acl: fix reST syntax
r11094
::
Dirkjan Ochtman
help: add/fix docstrings for a bunch of extensions
r8873
[hooks]
Elifarley Callado Coelho Cruz
acl: updated doc string to reflect recent changes
r11042
Elifarley Callado Coelho Cruz
acl: add support for branch-based access control
r11092 # Use this if you want to check access restrictions at commit time
Elifarley Callado Coelho Cruz
acl: updated doc string to reflect recent changes
r11042 pretxncommit.acl = python:hgext.acl.hook
Martin Geisler
acl: delete trailing whitespace in docstring
r11423
Martin Geisler
acl: more consistent docstring
r11095 # Use this if you want to check access restrictions for pull, push,
# bundle and serve.
Dirkjan Ochtman
help: add/fix docstrings for a bunch of extensions
r8873 pretxnchangegroup.acl = python:hgext.acl.hook
[acl]
Patrick Mezard
acl: clarify acl.sources, fix typo
r11131 # Allow or deny access for incoming changes only if their source is
# listed here, let them pass otherwise. Source is "serve" for all
# remote access (http or ssh), "push", "pull" or "bundle" when the
# related commands are run locally.
# Default: serve
Cédric Duval
acl: help improvements...
r8893 sources = serve
Dirkjan Ochtman
help: add/fix docstrings for a bunch of extensions
r8873
Martin Geisler
acl: delete trailing whitespace in docstring
r11423 [acl.deny.branches]
# Everyone is denied to the frozen branch:
frozen-branch = *
# A bad user is denied on all branches:
* = bad-user
[acl.allow.branches]
# A few users are allowed on branch-a:
branch-a = user-1, user-2, user-3
# Only one user is allowed on branch-b:
branch-b = user-1
# The super user is allowed on any branch:
* = super-user
# Everyone is allowed on branch-for-tests:
branch-for-tests = *
Elifarley Callado Coelho Cruz
acl: add support for branch-based access control
r11092
Elifarley Callado Coelho Cruz
acl: updated doc string to reflect recent changes
r11042 [acl.deny]
Martin Geisler
acl: more consistent docstring
r11095 # This list is checked first. If a match is found, acl.allow is not
# checked. All users are granted access if acl.deny is not present.
# Format for both lists: glob pattern = user, ..., @group, ...
Elifarley Callado Coelho Cruz
acl: updated doc string to reflect recent changes
r11042
# To match everyone, use an asterisk for the user:
# my/glob/pattern = *
# user6 will not have write access to any file:
** = user6
# Group "hg-denied" will not have write access to any file:
** = @hg-denied
Bryan O'Sullivan
Merge spelling fixes
r17537 # Nobody will be able to change "DONT-TOUCH-THIS.txt", despite
Martin Geisler
acl: more consistent docstring
r11095 # everyone being able to change all other files. See below.
Bryan O'Sullivan
Merge spelling fixes
r17537 src/main/resources/DONT-TOUCH-THIS.txt = *
Dirkjan Ochtman
help: add/fix docstrings for a bunch of extensions
r8873
[acl.allow]
Patrick Mezard
acl: clarify acl.sources, fix typo
r11131 # if acl.allow is not present, all users are allowed by default
Elifarley Callado Coelho Cruz
acl: updated doc string to reflect recent changes
r11042 # empty acl.allow = no users allowed
Martin Geisler
acl: more consistent docstring
r11095 # User "doc_writer" has write access to any file under the "docs"
# folder:
Dirkjan Ochtman
help: add/fix docstrings for a bunch of extensions
r8873 docs/** = doc_writer
Elifarley Callado Coelho Cruz
acl: updated doc string to reflect recent changes
r11042
Martin Geisler
acl: more consistent docstring
r11095 # User "jack" and group "designers" have write access to any file
# under the "images" folder:
Elifarley Callado Coelho Cruz
acl: updated doc string to reflect recent changes
r11042 images/** = jack, @designers
FUJIWARA Katsunori
doc: fix explanation comment in acl extension...
r16499 # Everyone (except for "user6" and "@hg-denied" - see acl.deny above)
# will have write access to any file under the "resources" folder
# (except for 1 file. See acl.deny):
Elifarley Callado Coelho Cruz
acl: updated doc string to reflect recent changes
r11042 src/main/resources/** = *
Dirkjan Ochtman
help: add/fix docstrings for a bunch of extensions
r8873 .hgtags = release_engineer
Elifarley Callado Coelho Cruz
acl: user docs for the "!" prefix in user or group names
r16957 Examples using the "!" prefix
.............................
Suppose there's a branch that only a given user (or group) should be able to
push to, and you don't want to restrict access to any other branch that may
be created.
The "!" prefix allows you to prevent anyone except a given user or group to
push changesets in a given branch or path.
In the examples below, we will:
1) Deny access to branch "ring" to anyone but user "gollum"
2) Deny access to branch "lake" to anyone but members of the group "hobbit"
3) Deny access to a file to anyone but user "gollum"
::
[acl.allow.branches]
# Empty
[acl.deny.branches]
# 1) only 'gollum' can commit to branch 'ring';
# 'gollum' and anyone else can still commit to any other branch.
ring = !gollum
# 2) only members of the group 'hobbit' can commit to branch 'lake';
# 'hobbit' members and anyone else can still commit to any other branch.
lake = !@hobbit
# You can also deny access based on file paths:
[acl.allow]
# Empty
[acl.deny]
# 3) only 'gollum' can change the file below;
# 'gollum' and anyone else can still change any other file.
/misty/mountains/cave/ring = !gollum
Dirkjan Ochtman
help: add/fix docstrings for a bunch of extensions
r8873 '''
Vadim Gelfer
add acl extension, to limit who can push to subdirs of central repo.
r2344
Gregory Szorc
acl: use absolute_import...
r28089 from __future__ import absolute_import
Matt Mackall
Simplify i18n imports
r3891 from mercurial.i18n import _
Gregory Szorc
acl: use absolute_import...
r28089 from mercurial import (
error,
Boris Feld
acl: make sure the extensions is enabled when the acl-hooks run...
r34830 extensions,
Gregory Szorc
acl: use absolute_import...
r28089 match,
Gregory Szorc
global: use pycompat.xrange()...
r38806 pycompat,
configitems: register the 'acl.config' config
r33182 registrar,
Gregory Szorc
acl: use absolute_import...
r28089 util,
)
Augie Fackler
formatting: blacken the codebase...
r43346 from mercurial.utils import procutil
Elifarley Callado Coelho Cruz
acl: add support for OS-level groups using @group syntax
r11041
timeless
pycompat: switch to util.urlreq/util.urlerr for py3 compat
r28883 urlreq = util.urlreq
Augie Fackler
extensions: change magic "shipped with hg" string...
r29841 # Note for extension authors: ONLY specify testedwith = 'ships-with-hg-core' for
Augie Fackler
extensions: document that `testedwith = 'internal'` is special...
r25186 # extensions which SHIP WITH MERCURIAL. Non-mainline extensions should
# be specifying the version(s) of Mercurial they are tested with, or
# leave the attribute unspecified.
Augie Fackler
formatting: byteify all mercurial/ and hgext/ string literals...
r43347 testedwith = b'ships-with-hg-core'
Augie Fackler
hgext: mark all first-party extensions as such
r16743
configitems: register the 'acl.config' config
r33182 configtable = {}
configitem = registrar.configitem(configtable)
# deprecated config: acl.config
Augie Fackler
formatting: blacken the codebase...
r43346 configitem(
Augie Fackler
formatting: byteify all mercurial/ and hgext/ string literals...
r43347 b'acl', b'config', default=None,
configitems: register the 'acl.config' config
r33182 )
Augie Fackler
formatting: blacken the codebase...
r43346 configitem(
Augie Fackler
formatting: byteify all mercurial/ and hgext/ string literals...
r43347 b'acl.groups', b'.*', default=None, generic=True,
Boris Feld
configitems: register acl config section
r34780 )
Augie Fackler
formatting: blacken the codebase...
r43346 configitem(
Augie Fackler
formatting: byteify all mercurial/ and hgext/ string literals...
r43347 b'acl.deny.branches', b'.*', default=None, generic=True,
Boris Feld
configitems: register acl config section
r34780 )
Augie Fackler
formatting: blacken the codebase...
r43346 configitem(
Augie Fackler
formatting: byteify all mercurial/ and hgext/ string literals...
r43347 b'acl.allow.branches', b'.*', default=None, generic=True,
Boris Feld
configitems: register acl config section
r34780 )
Augie Fackler
formatting: blacken the codebase...
r43346 configitem(
Augie Fackler
formatting: byteify all mercurial/ and hgext/ string literals...
r43347 b'acl.deny', b'.*', default=None, generic=True,
Boris Feld
configitems: register acl config section
r34780 )
Augie Fackler
formatting: blacken the codebase...
r43346 configitem(
Augie Fackler
formatting: byteify all mercurial/ and hgext/ string literals...
r43347 b'acl.allow', b'.*', default=None, generic=True,
Boris Feld
configitems: register acl config section
r34780 )
Augie Fackler
formatting: blacken the codebase...
r43346 configitem(
Augie Fackler
formatting: byteify all mercurial/ and hgext/ string literals...
r43347 b'acl', b'sources', default=lambda: [b'serve'],
configitems: register the 'acl.sources' config...
r33183 )
configitems: register the 'acl.config' config
r33182
Augie Fackler
formatting: blacken the codebase...
r43346
Elifarley Callado Coelho Cruz
acl: support for group definitions in section [acl.groups], which take precedence over OS-level groups
r11114 def _getusers(ui, group):
# First, try to use group definition from section [acl.groups]
Augie Fackler
formatting: byteify all mercurial/ and hgext/ string literals...
r43347 hgrcusers = ui.configlist(b'acl.groups', group)
Elifarley Callado Coelho Cruz
acl: support for group definitions in section [acl.groups], which take precedence over OS-level groups
r11114 if hgrcusers:
return hgrcusers
Augie Fackler
formatting: byteify all mercurial/ and hgext/ string literals...
r43347 ui.debug(b'acl: "%s" not defined in [acl.groups]\n' % group)
Elifarley Callado Coelho Cruz
acl: support for group definitions in section [acl.groups], which take precedence over OS-level groups
r11114 # If no users found in group definition, get users from OS-level group
Patrick Mezard
acl: improve undefined group error handling
r11140 try:
return util.groupmembers(group)
except KeyError:
Augie Fackler
formatting: byteify all mercurial/ and hgext/ string literals...
r43347 raise error.Abort(_(b"group '%s' is undefined") % group)
Elifarley Callado Coelho Cruz
acl: add support for OS-level groups using @group syntax
r11041
Augie Fackler
formatting: blacken the codebase...
r43346
Elifarley Callado Coelho Cruz
acl: support for group definitions in section [acl.groups], which take precedence over OS-level groups
r11114 def _usermatch(ui, user, usersorgroups):
Elifarley Callado Coelho Cruz
acl: add support for OS-level groups using @group syntax
r11041
Augie Fackler
formatting: byteify all mercurial/ and hgext/ string literals...
r43347 if usersorgroups == b'*':
Elifarley Callado Coelho Cruz
acl: add support for OS-level groups using @group syntax
r11041 return True
Augie Fackler
formatting: byteify all mercurial/ and hgext/ string literals...
r43347 for ug in usersorgroups.replace(b',', b' ').split():
Elifarley Callado Coelho Cruz
acl: use of "!" prefix in user or group names...
r16956
Augie Fackler
formatting: byteify all mercurial/ and hgext/ string literals...
r43347 if ug.startswith(b'!'):
Elifarley Callado Coelho Cruz
acl: use of "!" prefix in user or group names...
r16956 # Test for excluded user or group. Format:
# if ug is a user name: !username
# if ug is a group name: !@groupname
ug = ug[1:]
Augie Fackler
formatting: blacken the codebase...
r43346 if (
Augie Fackler
formatting: byteify all mercurial/ and hgext/ string literals...
r43347 not ug.startswith(b'@')
Augie Fackler
formatting: blacken the codebase...
r43346 and user != ug
Augie Fackler
formatting: byteify all mercurial/ and hgext/ string literals...
r43347 or ug.startswith(b'@')
Augie Fackler
formatting: blacken the codebase...
r43346 and user not in _getusers(ui, ug[1:])
):
Elifarley Callado Coelho Cruz
acl: use of "!" prefix in user or group names...
r16956 return True
# Test for user or group. Format:
# if ug is a user name: username
# if ug is a group name: @groupname
Augie Fackler
formatting: byteify all mercurial/ and hgext/ string literals...
r43347 elif (
user == ug or ug.startswith(b'@') and user in _getusers(ui, ug[1:])
):
Elifarley Callado Coelho Cruz
acl: add support for OS-level groups using @group syntax
r11041 return True
return False
Vadim Gelfer
add acl extension, to limit who can push to subdirs of central repo.
r2344
Augie Fackler
formatting: blacken the codebase...
r43346
Matt Mackall
acl: refactoring...
r6766 def buildmatch(ui, repo, user, key):
'''return tuple of (match function, list enabled).'''
if not ui.has_section(key):
Augie Fackler
formatting: byteify all mercurial/ and hgext/ string literals...
r43347 ui.debug(b'acl: %s not enabled\n' % key)
Matt Mackall
acl: refactoring...
r6766 return None
Vadim Gelfer
add acl extension, to limit who can push to subdirs of central repo.
r2344
Augie Fackler
formatting: blacken the codebase...
r43346 pats = [
pat for pat, users in ui.configitems(key) if _usermatch(ui, user, users)
]
ui.debug(
Augie Fackler
formatting: byteify all mercurial/ and hgext/ string literals...
r43347 b'acl: %s enabled, %d entries for user %s\n' % (key, len(pats), user)
Augie Fackler
formatting: blacken the codebase...
r43346 )
Elifarley Callado Coelho Cruz
acl: add support for branch-based access control
r11092
Elifarley Callado Coelho Cruz
acl: added some comments to easily identify branch- and path-based verifications
r16765 # Branch-based ACL
Elifarley Callado Coelho Cruz
acl: add support for branch-based access control
r11092 if not repo:
if pats:
Elifarley Callado Coelho Cruz
acl: perform some computations earlier, so that returned lambda functions are simpler
r16766 # If there's an asterisk (meaning "any branch"), always return True;
# Otherwise, test if b is in pats
Augie Fackler
formatting: byteify all mercurial/ and hgext/ string literals...
r43347 if b'*' in pats:
Elifarley Callado Coelho Cruz
acl: perform some computations earlier, so that returned lambda functions are simpler
r16766 return util.always
return lambda b: b in pats
Elifarley Callado Coelho Cruz
acl: 'util.never' used
r16764 return util.never
Elifarley Callado Coelho Cruz
acl: add support for branch-based access control
r11092
Elifarley Callado Coelho Cruz
acl: added some comments to easily identify branch- and path-based verifications
r16765 # Path-based ACL
Matt Mackall
acl: refactoring...
r6766 if pats:
Augie Fackler
formatting: byteify all mercurial/ and hgext/ string literals...
r43347 return match.match(repo.root, b'', pats)
Elifarley Callado Coelho Cruz
acl: 'util.never' can be used instead of a more complex expression
r16767 return util.never
Vadim Gelfer
add acl extension, to limit who can push to subdirs of central repo.
r2344
Augie Fackler
formatting: blacken the codebase...
r43346
Boris Feld
acl: make sure the extensions is enabled when the acl-hooks run...
r34830 def ensureenabled(ui):
"""make sure the extension is enabled when used as hook
When acl is used through hooks, the extension is never formally loaded and
enabled. This has some side effect, for example the config declaration is
never loaded. This function ensure the extension is enabled when running
hooks.
"""
Augie Fackler
formatting: byteify all mercurial/ and hgext/ string literals...
r43347 if b'acl' in ui._knownconfig:
Boris Feld
acl: make sure the extensions is enabled when the acl-hooks run...
r34830 return
Augie Fackler
formatting: byteify all mercurial/ and hgext/ string literals...
r43347 ui.setconfig(b'extensions', b'acl', b'', source=b'internal')
extensions.loadall(ui, [b'acl'])
Boris Feld
acl: make sure the extensions is enabled when the acl-hooks run...
r34830
Augie Fackler
formatting: blacken the codebase...
r43346
Vadim Gelfer
add acl extension, to limit who can push to subdirs of central repo.
r2344 def hook(ui, repo, hooktype, node=None, source=None, **kwargs):
Boris Feld
acl: make sure the extensions is enabled when the acl-hooks run...
r34830
ensureenabled(ui)
Augie Fackler
formatting: byteify all mercurial/ and hgext/ string literals...
r43347 if hooktype not in [b'pretxnchangegroup', b'pretxncommit', b'prepushkey']:
acl: add bookmarks support...
r38550 raise error.Abort(
Augie Fackler
formatting: blacken the codebase...
r43346 _(
Augie Fackler
formatting: byteify all mercurial/ and hgext/ string literals...
r43347 b'config error - hook type "%s" cannot stop '
b'incoming changesets, commits, nor bookmarks'
Augie Fackler
formatting: blacken the codebase...
r43346 )
% hooktype
)
Augie Fackler
formatting: byteify all mercurial/ and hgext/ string literals...
r43347 if hooktype == b'pretxnchangegroup' and source not in ui.configlist(
b'acl', b'sources'
Augie Fackler
formatting: blacken the codebase...
r43346 ):
Augie Fackler
formatting: byteify all mercurial/ and hgext/ string literals...
r43347 ui.debug(b'acl: changes have source "%s" - skipping\n' % source)
Vadim Gelfer
add acl extension, to limit who can push to subdirs of central repo.
r2344 return
Henrik Stuart
acl: support for getting authenticated user from web server (issue298)...
r8846 user = None
Augie Fackler
formatting: byteify all mercurial/ and hgext/ string literals...
r43347 if source == b'serve' and r'url' in kwargs:
url = kwargs[r'url'].split(b':')
if url[0] == b'remote' and url[1].startswith(b'http'):
timeless
pycompat: switch to util.urlreq/util.urlerr for py3 compat
r28883 user = urlreq.unquote(url[3])
Henrik Stuart
acl: support for getting authenticated user from web server (issue298)...
r8846
if user is None:
Yuya Nishihara
procutil: bulk-replace function calls to point to new module
r37138 user = procutil.getuser()
Henrik Stuart
acl: support for getting authenticated user from web server (issue298)...
r8846
Augie Fackler
formatting: byteify all mercurial/ and hgext/ string literals...
r43347 ui.debug(b'acl: checking access for user "%s"\n' % user)
Elifarley Callado Coelho Cruz
acl: more descriptive error messages
r15207
Augie Fackler
formatting: byteify all mercurial/ and hgext/ string literals...
r43347 if hooktype == b'prepushkey':
acl: add bookmarks support...
r38550 _pkhook(ui, repo, hooktype, node, source, user, **kwargs)
else:
_txnhook(ui, repo, hooktype, node, source, user, **kwargs)
Augie Fackler
formatting: blacken the codebase...
r43346
acl: add bookmarks support...
r38550 def _pkhook(ui, repo, hooktype, node, source, user, **kwargs):
Augie Fackler
formatting: byteify all mercurial/ and hgext/ string literals...
r43347 if kwargs[r'namespace'] == b'bookmarks':
Pulkit Goyal
py3: handle keyword arguments correctly in hgext/acl.py...
r39458 bookmark = kwargs[r'key']
ctx = kwargs[r'new']
Augie Fackler
formatting: byteify all mercurial/ and hgext/ string literals...
r43347 allowbookmarks = buildmatch(ui, None, user, b'acl.allow.bookmarks')
denybookmarks = buildmatch(ui, None, user, b'acl.deny.bookmarks')
acl: add bookmarks support...
r38550
if denybookmarks and denybookmarks(bookmark):
Augie Fackler
formatting: blacken the codebase...
r43346 raise error.Abort(
Augie Fackler
formatting: byteify all mercurial/ and hgext/ string literals...
r43347 _(
b'acl: user "%s" denied on bookmark "%s"'
b' (changeset "%s")'
)
Augie Fackler
formatting: blacken the codebase...
r43346 % (user, bookmark, ctx)
)
acl: add bookmarks support...
r38550 if allowbookmarks and not allowbookmarks(bookmark):
Augie Fackler
formatting: blacken the codebase...
r43346 raise error.Abort(
_(
Augie Fackler
formatting: byteify all mercurial/ and hgext/ string literals...
r43347 b'acl: user "%s" not allowed on bookmark "%s"'
b' (changeset "%s")'
Augie Fackler
formatting: blacken the codebase...
r43346 )
% (user, bookmark, ctx)
)
ui.debug(
Augie Fackler
formatting: byteify all mercurial/ and hgext/ string literals...
r43347 b'acl: bookmark access granted: "%s" on bookmark "%s"\n'
Augie Fackler
formatting: blacken the codebase...
r43346 % (ctx, bookmark)
)
acl: add bookmarks support...
r38550
def _txnhook(ui, repo, hooktype, node, source, user, **kwargs):
Matt Mackall
acl: mark deprecated config option...
r25792 # deprecated config: acl.config
Augie Fackler
formatting: byteify all mercurial/ and hgext/ string literals...
r43347 cfg = ui.config(b'acl', b'config')
Matt Mackall
acl: refactoring...
r6766 if cfg:
Augie Fackler
formatting: blacken the codebase...
r43346 ui.readconfig(
cfg,
sections=[
Augie Fackler
formatting: byteify all mercurial/ and hgext/ string literals...
r43347 b'acl.groups',
b'acl.allow.branches',
b'acl.deny.branches',
b'acl.allow',
b'acl.deny',
Augie Fackler
formatting: blacken the codebase...
r43346 ],
)
Elifarley Callado Coelho Cruz
acl: add support for branch-based access control
r11092
Augie Fackler
formatting: byteify all mercurial/ and hgext/ string literals...
r43347 allowbranches = buildmatch(ui, None, user, b'acl.allow.branches')
denybranches = buildmatch(ui, None, user, b'acl.deny.branches')
allow = buildmatch(ui, repo, user, b'acl.allow')
deny = buildmatch(ui, repo, user, b'acl.deny')
Matt Mackall
acl: refactoring...
r6766
Gregory Szorc
global: use pycompat.xrange()...
r38806 for rev in pycompat.xrange(repo[node].rev(), len(repo)):
Matt Mackall
acl: refactoring...
r6766 ctx = repo[rev]
Elifarley Callado Coelho Cruz
acl: add support for branch-based access control
r11092 branch = ctx.branch()
if denybranches and denybranches(branch):
Augie Fackler
formatting: blacken the codebase...
r43346 raise error.Abort(
Martin von Zweigbergk
cleanup: join string literals that are already on one line...
r43387 _(b'acl: user "%s" denied on branch "%s" (changeset "%s")')
Augie Fackler
formatting: blacken the codebase...
r43346 % (user, branch, ctx)
)
Elifarley Callado Coelho Cruz
acl: add support for branch-based access control
r11092 if allowbranches and not allowbranches(branch):
Augie Fackler
formatting: blacken the codebase...
r43346 raise error.Abort(
_(
Augie Fackler
formatting: byteify all mercurial/ and hgext/ string literals...
r43347 b'acl: user "%s" not allowed on branch "%s"'
b' (changeset "%s")'
Augie Fackler
formatting: blacken the codebase...
r43346 )
% (user, branch, ctx)
)
ui.debug(
Augie Fackler
formatting: byteify all mercurial/ and hgext/ string literals...
r43347 b'acl: branch access granted: "%s" on branch "%s"\n' % (ctx, branch)
Augie Fackler
formatting: blacken the codebase...
r43346 )
Elifarley Callado Coelho Cruz
acl: add support for branch-based access control
r11092
Matt Mackall
acl: refactoring...
r6766 for f in ctx.files():
if deny and deny(f):
Augie Fackler
formatting: blacken the codebase...
r43346 raise error.Abort(
Martin von Zweigbergk
cleanup: join string literals that are already on one line...
r43387 _(b'acl: user "%s" denied on "%s" (changeset "%s")')
Augie Fackler
formatting: blacken the codebase...
r43346 % (user, f, ctx)
)
Matt Mackall
acl: refactoring...
r6766 if allow and not allow(f):
Augie Fackler
formatting: blacken the codebase...
r43346 raise error.Abort(
Augie Fackler
formatting: byteify all mercurial/ and hgext/ string literals...
r43347 _(
b'acl: user "%s" not allowed on "%s"'
b' (changeset "%s")'
)
Augie Fackler
formatting: blacken the codebase...
r43346 % (user, f, ctx)
)
Augie Fackler
formatting: byteify all mercurial/ and hgext/ string literals...
r43347 ui.debug(b'acl: path access granted: "%s"\n' % ctx)