upstream/mercurial-mirror Files · hgext/acl.py

interhg: use reST syntax for literal block

Martin Geisler - - Load All Authors

File last commit:

r9201:3d6c9659 default


                r9211:9f64878a

default

Download file

             acl.py
        
                    105 lines
            
             | 3.8 KiB
            
                | text/x-python
            
             |
                PythonLexer
            
             / hgext / acl.py
          
                    History
                
                 |
                  Source
                 | Raw
                 |Copy content
                 |Copy permalink

        Vadim Gelfer
    
add acl extension, to limit who can push to subdirs of central repo.

              r2344
            
      # acl.py - changeset access control for mercurial

      #

      # Copyright 2006 Vadim Gelfer <vadim.gelfer@gmail.com>

      #

        Martin Geisler
    
updated license to be explicit about GPL version 2

              r8225
            
      # This software may be used and distributed according to the terms of the

      # GNU General Public License version 2, incorporated herein by reference.

        Vadim Gelfer
    
add acl extension, to limit who can push to subdirs of central repo.

              r2344
            
      #

        Dirkjan Ochtman
    
help: add/fix docstrings for a bunch of extensions

              r8873
            
        Dirkjan Ochtman
    
extensions: change descriptions for hook-providing extensions...

              r8935
            
      '''hooks for controlling repository access

        Dirkjan Ochtman
    
help: add/fix docstrings for a bunch of extensions

              r8873
            
        Martin Geisler
    
acl: wrapped docstrings at 78 characters

              r9052
            
      This hook makes it possible to allow or deny write access to portions of a

      repository when receiving incoming changesets.

        Dirkjan Ochtman
    
help: add/fix docstrings for a bunch of extensions

              r8873
            
        Martin Geisler
    
acl: wrapped docstrings at 78 characters

              r9052
            
      The authorization is matched based on the local user name on the system where

      the hook runs, and not the committer of the original changeset (since the

      latter is merely informative).

      The acl hook is best used along with a restricted shell like hgsh, preventing

      authenticating users from doing anything other than pushing or pulling. The

      hook is not safe to use if users have interactive shell access, as they can

      then disable the hook. Nor is it safe if remote users share an account,

      because then there is no way to distinguish them.

        Dirkjan Ochtman
    
help: add/fix docstrings for a bunch of extensions

              r8873
            
        Martin Geisler
    
acl: use reST syntax for literal blocks

              r9201
            
      To use this hook, configure the acl extension in your hgrc like this::

        Dirkjan Ochtman
    
help: add/fix docstrings for a bunch of extensions

              r8873
            
        [extensions]

        hgext.acl =

        [hooks]

        pretxnchangegroup.acl = python:hgext.acl.hook

        [acl]

        Cédric Duval
    
acl: help improvements...

              r8893
            
        # Check whether the source of incoming changes is in this list

        # ("serve" == ssh or http, "push", "pull", "bundle")

        sources = serve

        Dirkjan Ochtman
    
help: add/fix docstrings for a bunch of extensions

              r8873
            
        Martin Geisler
    
acl: wrapped docstrings at 78 characters

              r9052
            
      The allow and deny sections take a subtree pattern as key (with a glob syntax

      by default), and a comma separated list of users as the corresponding value.

        Martin Geisler
    
acl: use reST syntax for literal blocks

              r9201
            
      The deny list is checked before the allow list is. ::

        Dirkjan Ochtman
    
help: add/fix docstrings for a bunch of extensions

              r8873
            
        [acl.allow]

        Cédric Duval
    
acl: help improvements...

              r8893
            
        # If acl.allow is not present, all users are allowed by default.

        # An empty acl.allow section means no users allowed.

        Dirkjan Ochtman
    
help: add/fix docstrings for a bunch of extensions

              r8873
            
        docs/** = doc_writer

        .hgtags = release_engineer

        [acl.deny]

        Cédric Duval
    
acl: help improvements...

              r8893
            
        # If acl.deny is not present, no users are refused by default.

        # An empty acl.deny section means all users allowed.

        Dirkjan Ochtman
    
help: add/fix docstrings for a bunch of extensions

              r8873
            
        glob pattern = user4, user5

         ** = user6

      '''

        Vadim Gelfer
    
add acl extension, to limit who can push to subdirs of central repo.

              r2344
            
        Matt Mackall
    
Simplify i18n imports

              r3891
            
      from mercurial.i18n import _

        Matt Mackall
    
match: change all users of util.matcher to match.match

              r8566
            
      from mercurial import util, match

        Henrik Stuart
    
acl: support for getting authenticated user from web server (issue298)...

              r8846
            
      import getpass, urllib

        Vadim Gelfer
    
add acl extension, to limit who can push to subdirs of central repo.

              r2344
            
        Matt Mackall
    
acl: refactoring...

              r6766
            
      def buildmatch(ui, repo, user, key):

          '''return tuple of (match function, list enabled).'''

          if not ui.has_section(key):

              ui.debug(_('acl: %s not enabled\n') % key)

              return None

        Vadim Gelfer
    
add acl extension, to limit who can push to subdirs of central repo.

              r2344
            
        Matt Mackall
    
acl: refactoring...

              r6766
            
          pats = [pat for pat, users in ui.configitems(key)

                  if user in users.replace(',', ' ').split()]

          ui.debug(_('acl: %s enabled, %d entries for user %s\n') %

                   (key, len(pats), user))

          if pats:

        Matt Mackall
    
match: add some default args

              r8567
            
              return match.match(repo.root, '', pats)

        Matt Mackall
    
match: remove match.never...

              r8682
            
          return match.exact(repo.root, '', [])

        Matt Mackall
    
match: change all users of util.matcher to match.match

              r8566
            
        Vadim Gelfer
    
add acl extension, to limit who can push to subdirs of central repo.

              r2344
            
      def hook(ui, repo, hooktype, node=None, source=None, **kwargs):

          if hooktype != 'pretxnchangegroup':

              raise util.Abort(_('config error - hook type "%s" cannot stop '

                                 'incoming changesets') % hooktype)

        Matt Mackall
    
acl: refactoring...

              r6766
            
          if source not in ui.config('acl', 'sources', 'serve').split():

        Vadim Gelfer
    
add acl extension, to limit who can push to subdirs of central repo.

              r2344
            
              ui.debug(_('acl: changes have source "%s" - skipping\n') % source)

              return

        Henrik Stuart
    
acl: support for getting authenticated user from web server (issue298)...

              r8846
            
          user = None

          if source == 'serve' and 'url' in kwargs:

              url = kwargs['url'].split(':')

              if url[0] == 'remote' and url[1].startswith('http'):

        Henrik Stuart
    
acl: read correct index into url for username (issue298)...

              r9018
            
                  user = urllib.unquote(url[3])

        Henrik Stuart
    
acl: support for getting authenticated user from web server (issue298)...

              r8846
            
          if user is None:

              user = getpass.getuser()

        Matt Mackall
    
acl: refactoring...

              r6766
            
          cfg = ui.config('acl', 'config')

          if cfg:

        Matt Mackall
    
ui: fold readsections into readconfig...

              r8142
            
              ui.readconfig(cfg, sections = ['acl.allow', 'acl.deny'])

        Matt Mackall
    
acl: refactoring...

              r6766
            
          allow = buildmatch(ui, repo, user, 'acl.allow')

          deny = buildmatch(ui, repo, user, 'acl.deny')

          for rev in xrange(repo[node], len(repo)):

              ctx = repo[rev]

              for f in ctx.files():

                  if deny and deny(f):

                      ui.debug(_('acl: user %s denied on %s\n') % (user, f))

                      raise util.Abort(_('acl: access denied for changeset %s') % ctx)

                  if allow and not allow(f):

                      ui.debug(_('acl: user %s not allowed on %s\n') % (user, f))

                      raise util.Abort(_('acl: access denied for changeset %s') % ctx)

              ui.debug(_('acl: allowing changeset %s\n') % ctx)

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

Vadim Gelfer add acl extension, to limit who can push to subdirs of central repo.	r2344	# acl.py - changeset access control for mercurial
		#
		# Copyright 2006 Vadim Gelfer <vadim.gelfer@gmail.com>
		#
Martin Geisler updated license to be explicit about GPL version 2	r8225	# This software may be used and distributed according to the terms of the
		# GNU General Public License version 2, incorporated herein by reference.
Vadim Gelfer add acl extension, to limit who can push to subdirs of central repo.	r2344	#
Dirkjan Ochtman help: add/fix docstrings for a bunch of extensions	r8873
Dirkjan Ochtman extensions: change descriptions for hook-providing extensions...	r8935	'''hooks for controlling repository access
Dirkjan Ochtman help: add/fix docstrings for a bunch of extensions	r8873
Martin Geisler acl: wrapped docstrings at 78 characters	r9052	This hook makes it possible to allow or deny write access to portions of a
		repository when receiving incoming changesets.
Dirkjan Ochtman help: add/fix docstrings for a bunch of extensions	r8873
Martin Geisler acl: wrapped docstrings at 78 characters	r9052	The authorization is matched based on the local user name on the system where
		the hook runs, and not the committer of the original changeset (since the
		latter is merely informative).

		The acl hook is best used along with a restricted shell like hgsh, preventing
		authenticating users from doing anything other than pushing or pulling. The
		hook is not safe to use if users have interactive shell access, as they can
		then disable the hook. Nor is it safe if remote users share an account,
		because then there is no way to distinguish them.
Dirkjan Ochtman help: add/fix docstrings for a bunch of extensions	r8873
Martin Geisler acl: use reST syntax for literal blocks	r9201	To use this hook, configure the acl extension in your hgrc like this::
Dirkjan Ochtman help: add/fix docstrings for a bunch of extensions	r8873
		[extensions]
		hgext.acl =

		[hooks]
		pretxnchangegroup.acl = python:hgext.acl.hook

		[acl]
Cédric Duval acl: help improvements...	r8893	# Check whether the source of incoming changes is in this list
		# ("serve" == ssh or http, "push", "pull", "bundle")
		sources = serve
Dirkjan Ochtman help: add/fix docstrings for a bunch of extensions	r8873
Martin Geisler acl: wrapped docstrings at 78 characters	r9052	The allow and deny sections take a subtree pattern as key (with a glob syntax
		by default), and a comma separated list of users as the corresponding value.
Martin Geisler acl: use reST syntax for literal blocks	r9201	The deny list is checked before the allow list is. ::
Dirkjan Ochtman help: add/fix docstrings for a bunch of extensions	r8873
		[acl.allow]
Cédric Duval acl: help improvements...	r8893	# If acl.allow is not present, all users are allowed by default.
		# An empty acl.allow section means no users allowed.
Dirkjan Ochtman help: add/fix docstrings for a bunch of extensions	r8873	docs/** = doc_writer
		.hgtags = release_engineer

		[acl.deny]
Cédric Duval acl: help improvements...	r8893	# If acl.deny is not present, no users are refused by default.
		# An empty acl.deny section means all users allowed.
Dirkjan Ochtman help: add/fix docstrings for a bunch of extensions	r8873	glob pattern = user4, user5
		** = user6
		'''
Vadim Gelfer add acl extension, to limit who can push to subdirs of central repo.	r2344
Matt Mackall Simplify i18n imports	r3891	from mercurial.i18n import _
Matt Mackall match: change all users of util.matcher to match.match	r8566	from mercurial import util, match
Henrik Stuart acl: support for getting authenticated user from web server (issue298)...	r8846	import getpass, urllib
Vadim Gelfer add acl extension, to limit who can push to subdirs of central repo.	r2344
Matt Mackall acl: refactoring...	r6766	def buildmatch(ui, repo, user, key):
		'''return tuple of (match function, list enabled).'''
		if not ui.has_section(key):
		ui.debug(_('acl: %s not enabled\n') % key)
		return None
Vadim Gelfer add acl extension, to limit who can push to subdirs of central repo.	r2344
Matt Mackall acl: refactoring...	r6766	pats = [pat for pat, users in ui.configitems(key)
		if user in users.replace(',', ' ').split()]
		ui.debug(_('acl: %s enabled, %d entries for user %s\n') %
		(key, len(pats), user))
		if pats:
Matt Mackall match: add some default args	r8567	return match.match(repo.root, '', pats)
Matt Mackall match: remove match.never...	r8682	return match.exact(repo.root, '', [])
Matt Mackall match: change all users of util.matcher to match.match	r8566
Vadim Gelfer add acl extension, to limit who can push to subdirs of central repo.	r2344
		def hook(ui, repo, hooktype, node=None, source=None, **kwargs):
		if hooktype != 'pretxnchangegroup':
		raise util.Abort(_('config error - hook type "%s" cannot stop '
		'incoming changesets') % hooktype)
Matt Mackall acl: refactoring...	r6766	if source not in ui.config('acl', 'sources', 'serve').split():
Vadim Gelfer add acl extension, to limit who can push to subdirs of central repo.	r2344	ui.debug(_('acl: changes have source "%s" - skipping\n') % source)
		return

Henrik Stuart acl: support for getting authenticated user from web server (issue298)...	r8846	user = None
		if source == 'serve' and 'url' in kwargs:
		url = kwargs['url'].split(':')
		if url[0] == 'remote' and url[1].startswith('http'):
Henrik Stuart acl: read correct index into url for username (issue298)...	r9018	user = urllib.unquote(url[3])
Henrik Stuart acl: support for getting authenticated user from web server (issue298)...	r8846
		if user is None:
		user = getpass.getuser()

Matt Mackall acl: refactoring...	r6766	cfg = ui.config('acl', 'config')
		if cfg:
Matt Mackall ui: fold readsections into readconfig...	r8142	ui.readconfig(cfg, sections = ['acl.allow', 'acl.deny'])
Matt Mackall acl: refactoring...	r6766	allow = buildmatch(ui, repo, user, 'acl.allow')
		deny = buildmatch(ui, repo, user, 'acl.deny')

		for rev in xrange(repo[node], len(repo)):
		ctx = repo[rev]
		for f in ctx.files():
		if deny and deny(f):
		ui.debug(_('acl: user %s denied on %s\n') % (user, f))
		raise util.Abort(_('acl: access denied for changeset %s') % ctx)
		if allow and not allow(f):
		ui.debug(_('acl: user %s not allowed on %s\n') % (user, f))
		raise util.Abort(_('acl: access denied for changeset %s') % ctx)
		ui.debug(_('acl: allowing changeset %s\n') % ctx)