upstream/mercurial-mirror Files · hgext/acl.py

zsh completion: catch up with 2.2 commands and options...

zsh completion: catch up with 2.2 commands and options * add completion for phase and graft core commands * add completion for rebase extension * add new options for already defined commands: * commit --amend * import --bypass * manifest --all * merge --tool * revert -C (short for --no-backup) * qpush --exact [mq] * email --body [patchbomb]

Elifarley Callado Coelho Cruz - - Load All Authors

File last commit:

r16957:d7b60814 default


                r17004:a1d86396

default

Download file

             acl.py
        
                    316 lines
            
             | 10.1 KiB
            
                | text/x-python
            
             |
                PythonLexer
            
             / hgext / acl.py
          
                    History
                
                 |
                  Source
                 | Raw
                 |Copy content
                 |Copy permalink

        Vadim Gelfer
    
add acl extension, to limit who can push to subdirs of central repo.

              r2344
            
      # acl.py - changeset access control for mercurial

      #

      # Copyright 2006 Vadim Gelfer <vadim.gelfer@gmail.com>

      #

        Martin Geisler
    
updated license to be explicit about GPL version 2

              r8225
            
      # This software may be used and distributed according to the terms of the

        Matt Mackall
    
Update license to GPLv2+

              r10263
            
      # GNU General Public License version 2 or any later version.

        Dirkjan Ochtman
    
help: add/fix docstrings for a bunch of extensions

              r8873
            
        Dirkjan Ochtman
    
extensions: change descriptions for hook-providing extensions...

              r8935
            
      '''hooks for controlling repository access

        Dirkjan Ochtman
    
help: add/fix docstrings for a bunch of extensions

              r8873
            
        Martin Geisler
    
acl: more consistent docstring

              r11095
            
      This hook makes it possible to allow or deny write access to given

      branches and paths of a repository when receiving incoming changesets

      via pretxnchangegroup and pretxncommit.

        Martin Geisler
    
acl: wrap docstrings at 70 characters

              r9250
            
      The authorization is matched based on the local user name on the

      system where the hook runs, and not the committer of the original

      changeset (since the latter is merely informative).

        Dirkjan Ochtman
    
help: add/fix docstrings for a bunch of extensions

              r8873
            
        Martin Geisler
    
acl: wrap docstrings at 70 characters

              r9250
            
      The acl hook is best used along with a restricted shell like hgsh,

        Martin Geisler
    
acl: more consistent docstring

              r11095
            
      preventing authenticating users from doing anything other than pushing

      or pulling. The hook is not safe to use if users have interactive

      shell access, as they can then disable the hook. Nor is it safe if

      remote users share an account, because then there is no way to

      distinguish them.

        Dirkjan Ochtman
    
help: add/fix docstrings for a bunch of extensions

              r8873
            
        Elifarley Callado Coelho Cruz
    
acl: add support for branch-based access control

              r11092
            
      The order in which access checks are performed is:

        Martin Geisler
    
acl: fix reST syntax

              r11094
            
      1) Deny  list for branches (section ``acl.deny.branches``)

      2) Allow list for branches (section ``acl.allow.branches``)

      3) Deny  list for paths    (section ``acl.deny``)

      4) Allow list for paths    (section ``acl.allow``)

        Elifarley Callado Coelho Cruz
    
acl: updated doc string to reflect recent changes

              r11042
            
        Elifarley Callado Coelho Cruz
    
acl: add support for branch-based access control

              r11092
            
      The allow and deny sections take key-value pairs.

        Martin Geisler
    
acl: fix reST syntax

              r11094
            
      Branch-based Access Control

        Erik Zielke
    
help: different section separators...

              r12778
            
      ...........................

        Elifarley Callado Coelho Cruz
    
acl: add support for branch-based access control

              r11092
            
        Martin Geisler
    
acl: more consistent docstring

              r11095
            
      Use the ``acl.deny.branches`` and ``acl.allow.branches`` sections to

      have branch-based access control. Keys in these sections can be

      either:

        Martin Geisler
    
acl: fix ReST syntax in docstring

              r11057
            
        Martin Geisler
    
acl: more consistent docstring

              r11095
            
      - a branch name, or

      - an asterisk, to match any branch;

        Elifarley Callado Coelho Cruz
    
acl: add support for branch-based access control

              r11092
            
      The corresponding values can be either:

        Martin Geisler
    
acl: fix reST syntax

              r11094
            
        Martin Geisler
    
acl: more consistent docstring

              r11095
            
      - a comma-separated list containing users and groups, or

      - an asterisk, to match anyone;

        Elifarley Callado Coelho Cruz
    
acl: updated doc string to reflect recent changes

              r11042
            
        Elifarley Callado Coelho Cruz
    
acl: user docs for the "!" prefix in user or group names

              r16957
            
      You can add the "!" prefix to a user or group name to invert the sense

      of the match.

        Martin Geisler
    
acl: fix reST syntax

              r11094
            
      Path-based Access Control

        Erik Zielke
    
help: different section separators...

              r12778
            
      .........................

        Elifarley Callado Coelho Cruz
    
acl: add support for branch-based access control

              r11092
            
        Martin Geisler
    
acl: more consistent docstring

              r11095
            
      Use the ``acl.deny`` and ``acl.allow`` sections to have path-based

      access control. Keys in these sections accept a subtree pattern (with

      a glob syntax by default). The corresponding values follow the same

      syntax as the other sections above.

        Elifarley Callado Coelho Cruz
    
acl: add support for branch-based access control

              r11092
            
        Martin Geisler
    
acl: fix reST syntax

              r11094
            
      Groups

        Erik Zielke
    
help: different section separators...

              r12778
            
      ......

        Elifarley Callado Coelho Cruz
    
acl: add support for branch-based access control

              r11092
            
        Martin Geisler
    
acl: more consistent docstring

              r11095
            
      Group names must be prefixed with an ``@`` symbol. Specifying a group

      name has the same effect as specifying all the users in that group.

        Dirkjan Ochtman
    
help: add/fix docstrings for a bunch of extensions

              r8873
            
        Elifarley Callado Coelho Cruz
    
acl: update docstring to describe section [acl.groups]

              r11115
            
      You can define group members in the ``acl.groups`` section.

      If a group name is not defined there, and Mercurial is running under

      a Unix-like system, the list of users will be taken from the OS.

      Otherwise, an exception will be raised.

        Martin Geisler
    
acl: fix reST syntax

              r11094
            
      Example Configuration

        Erik Zielke
    
help: different section separators...

              r12778
            
      .....................

        Martin Geisler
    
acl: fix reST syntax

              r11094
            
      ::

        Dirkjan Ochtman
    
help: add/fix docstrings for a bunch of extensions

              r8873
            
        [hooks]

        Elifarley Callado Coelho Cruz
    
acl: updated doc string to reflect recent changes

              r11042
            
        Elifarley Callado Coelho Cruz
    
acl: add support for branch-based access control

              r11092
            
        # Use this if you want to check access restrictions at commit time

        Elifarley Callado Coelho Cruz
    
acl: updated doc string to reflect recent changes

              r11042
            
        pretxncommit.acl = python:hgext.acl.hook

        Martin Geisler
    
acl: delete trailing whitespace in docstring

              r11423
            
        Martin Geisler
    
acl: more consistent docstring

              r11095
            
        # Use this if you want to check access restrictions for pull, push,

        # bundle and serve.

        Dirkjan Ochtman
    
help: add/fix docstrings for a bunch of extensions

              r8873
            
        pretxnchangegroup.acl = python:hgext.acl.hook

        [acl]

        Patrick Mezard
    
acl: clarify acl.sources, fix typo

              r11131
            
        # Allow or deny access for incoming changes only if their source is

        # listed here, let them pass otherwise. Source is "serve" for all

        # remote access (http or ssh), "push", "pull" or "bundle" when the

        # related commands are run locally.

        # Default: serve

        Cédric Duval
    
acl: help improvements...

              r8893
            
        sources = serve

        Dirkjan Ochtman
    
help: add/fix docstrings for a bunch of extensions

              r8873
            
        Martin Geisler
    
acl: delete trailing whitespace in docstring

              r11423
            
        [acl.deny.branches]

        # Everyone is denied to the frozen branch:

        frozen-branch = *

        # A bad user is denied on all branches:

        * = bad-user

        [acl.allow.branches]

        # A few users are allowed on branch-a:

        branch-a = user-1, user-2, user-3

        # Only one user is allowed on branch-b:

        branch-b = user-1

        # The super user is allowed on any branch:

        * = super-user

        # Everyone is allowed on branch-for-tests:

        branch-for-tests = *

        Elifarley Callado Coelho Cruz
    
acl: add support for branch-based access control

              r11092
            
        Elifarley Callado Coelho Cruz
    
acl: updated doc string to reflect recent changes

              r11042
            
        [acl.deny]

        Martin Geisler
    
acl: more consistent docstring

              r11095
            
        # This list is checked first. If a match is found, acl.allow is not

        # checked. All users are granted access if acl.deny is not present.

        # Format for both lists: glob pattern = user, ..., @group, ...

        Elifarley Callado Coelho Cruz
    
acl: updated doc string to reflect recent changes

              r11042
            
        # To match everyone, use an asterisk for the user:

        # my/glob/pattern = *

        # user6 will not have write access to any file:

        ** = user6

        # Group "hg-denied" will not have write access to any file:

        ** = @hg-denied

        Martin Geisler
    
acl: more consistent docstring

              r11095
            
        # Nobody will be able to change "DONT-TOUCH-THIS.txt", despite

        # everyone being able to change all other files. See below.

        Elifarley Callado Coelho Cruz
    
acl: updated doc string to reflect recent changes

              r11042
            
        src/main/resources/DONT-TOUCH-THIS.txt = *

        Dirkjan Ochtman
    
help: add/fix docstrings for a bunch of extensions

              r8873
            
        [acl.allow]

        Patrick Mezard
    
acl: clarify acl.sources, fix typo

              r11131
            
        # if acl.allow is not present, all users are allowed by default

        Elifarley Callado Coelho Cruz
    
acl: updated doc string to reflect recent changes

              r11042
            
        # empty acl.allow = no users allowed

        Martin Geisler
    
acl: more consistent docstring

              r11095
            
        # User "doc_writer" has write access to any file under the "docs"

        # folder:

        Dirkjan Ochtman
    
help: add/fix docstrings for a bunch of extensions

              r8873
            
        docs/** = doc_writer

        Elifarley Callado Coelho Cruz
    
acl: updated doc string to reflect recent changes

              r11042
            
        Martin Geisler
    
acl: more consistent docstring

              r11095
            
        # User "jack" and group "designers" have write access to any file

        # under the "images" folder:

        Elifarley Callado Coelho Cruz
    
acl: updated doc string to reflect recent changes

              r11042
            
        images/** = jack, @designers

        FUJIWARA Katsunori
    
doc: fix explanation comment in acl extension...

              r16499
            
        # Everyone (except for "user6" and "@hg-denied" - see acl.deny above)

        # will have write access to any file under the "resources" folder

        # (except for 1 file. See acl.deny):

        Elifarley Callado Coelho Cruz
    
acl: updated doc string to reflect recent changes

              r11042
            
        src/main/resources/** = *

        Dirkjan Ochtman
    
help: add/fix docstrings for a bunch of extensions

              r8873
            
        .hgtags = release_engineer

        Elifarley Callado Coelho Cruz
    
acl: user docs for the "!" prefix in user or group names

              r16957
            
      Examples using the "!" prefix

      .............................

      Suppose there's a branch that only a given user (or group) should be able to

      push to, and you don't want to restrict access to any other branch that may

      be created.

      The "!" prefix allows you to prevent anyone except a given user or group to

      push changesets in a given branch or path.

      In the examples below, we will:

      1) Deny access to branch "ring" to anyone but user "gollum"

      2) Deny access to branch "lake" to anyone but members of the group "hobbit"

      3) Deny access to a file to anyone but user "gollum"

      ::

        [acl.allow.branches]

        # Empty

        [acl.deny.branches]

        # 1) only 'gollum' can commit to branch 'ring';

        # 'gollum' and anyone else can still commit to any other branch.

        ring = !gollum

        # 2) only members of the group 'hobbit' can commit to branch 'lake';

        # 'hobbit' members and anyone else can still commit to any other branch.

        lake = !@hobbit

        # You can also deny access based on file paths:

        [acl.allow]

        # Empty

        [acl.deny]

        # 3) only 'gollum' can change the file below;

        # 'gollum' and anyone else can still change any other file.

        /misty/mountains/cave/ring = !gollum

        Dirkjan Ochtman
    
help: add/fix docstrings for a bunch of extensions

              r8873
            
      '''

        Vadim Gelfer
    
add acl extension, to limit who can push to subdirs of central repo.

              r2344
            
        Matt Mackall
    
Simplify i18n imports

              r3891
            
      from mercurial.i18n import _

        Matt Mackall
    
match: change all users of util.matcher to match.match

              r8566
            
      from mercurial import util, match

        Patrick Mezard
    
acl: grp module is not available on windows

              r11138
            
      import getpass, urllib

        Elifarley Callado Coelho Cruz
    
acl: add support for OS-level groups using @group syntax

              r11041
            
        Augie Fackler
    
hgext: mark all first-party extensions as such

              r16743
            
      testedwith = 'internal'

        Elifarley Callado Coelho Cruz
    
acl: support for group definitions in section [acl.groups], which take precedence over OS-level groups

              r11114
            
      def _getusers(ui, group):

          # First, try to use group definition from section [acl.groups]

          hgrcusers = ui.configlist('acl.groups', group)

          if hgrcusers:

              return hgrcusers

          ui.debug('acl: "%s" not defined in [acl.groups]\n' % group)

          # If no users found in group definition, get users from OS-level group

        Patrick Mezard
    
acl: improve undefined group error handling

              r11140
            
          try:

              return util.groupmembers(group)

          except KeyError:

              raise util.Abort(_("group '%s' is undefined") % group)

        Elifarley Callado Coelho Cruz
    
acl: add support for OS-level groups using @group syntax

              r11041
            
        Elifarley Callado Coelho Cruz
    
acl: support for group definitions in section [acl.groups], which take precedence over OS-level groups

              r11114
            
      def _usermatch(ui, user, usersorgroups):

        Elifarley Callado Coelho Cruz
    
acl: add support for OS-level groups using @group syntax

              r11041
            
          if usersorgroups == '*':

              return True

          for ug in usersorgroups.replace(',', ' ').split():

        Elifarley Callado Coelho Cruz
    
acl: use of "!" prefix in user or group names...

              r16956
            
              if ug.startswith('!'):

                  # Test for excluded user or group. Format:

                  # if ug is a user  name: !username

                  # if ug is a group name: !@groupname

                  ug = ug[1:]

                  if not ug.startswith('@') and user != ug \

                      or ug.startswith('@') and user not in _getusers(ui, ug[1:]):

                      return True

              # Test for user or group. Format:

              # if ug is a user  name: username

              # if ug is a group name: @groupname

              elif user == ug \

                   or ug.startswith('@') and user in _getusers(ui, ug[1:]):

        Elifarley Callado Coelho Cruz
    
acl: add support for OS-level groups using @group syntax

              r11041
            
                  return True

          return False

        Vadim Gelfer
    
add acl extension, to limit who can push to subdirs of central repo.

              r2344
            
        Matt Mackall
    
acl: refactoring...

              r6766
            
      def buildmatch(ui, repo, user, key):

          '''return tuple of (match function, list enabled).'''

          if not ui.has_section(key):

        Martin Geisler
    
do not attempt to translate ui.debug output

              r9467
            
              ui.debug('acl: %s not enabled\n' % key)

        Matt Mackall
    
acl: refactoring...

              r6766
            
              return None

        Vadim Gelfer
    
add acl extension, to limit who can push to subdirs of central repo.

              r2344
            
        Matt Mackall
    
acl: refactoring...

              r6766
            
          pats = [pat for pat, users in ui.configitems(key)

        Elifarley Callado Coelho Cruz
    
acl: support for group definitions in section [acl.groups], which take precedence over OS-level groups

              r11114
            
                  if _usermatch(ui, user, users)]

        Martin Geisler
    
do not attempt to translate ui.debug output

              r9467
            
          ui.debug('acl: %s enabled, %d entries for user %s\n' %

        Matt Mackall
    
acl: refactoring...

              r6766
            
                   (key, len(pats), user))

        Elifarley Callado Coelho Cruz
    
acl: add support for branch-based access control

              r11092
            
        Elifarley Callado Coelho Cruz
    
acl: added some comments to easily identify branch- and path-based verifications

              r16765
            
          # Branch-based ACL

        Elifarley Callado Coelho Cruz
    
acl: add support for branch-based access control

              r11092
            
          if not repo:

              if pats:

        Elifarley Callado Coelho Cruz
    
acl: perform some computations earlier, so that returned lambda functions are simpler

              r16766
            
                  # If there's an asterisk (meaning "any branch"), always return True;

                  # Otherwise, test if b is in pats

                  if '*' in pats:

                      return util.always

                  return lambda b: b in pats

        Elifarley Callado Coelho Cruz
    
acl: 'util.never' used

              r16764
            
              return util.never

        Elifarley Callado Coelho Cruz
    
acl: add support for branch-based access control

              r11092
            
        Elifarley Callado Coelho Cruz
    
acl: added some comments to easily identify branch- and path-based verifications

              r16765
            
          # Path-based ACL

        Matt Mackall
    
acl: refactoring...

              r6766
            
          if pats:

        Matt Mackall
    
match: add some default args

              r8567
            
              return match.match(repo.root, '', pats)

        Elifarley Callado Coelho Cruz
    
acl: 'util.never' can be used instead of a more complex expression

              r16767
            
          return util.never

        Vadim Gelfer
    
add acl extension, to limit who can push to subdirs of central repo.

              r2344
            
      def hook(ui, repo, hooktype, node=None, source=None, **kwargs):

        Elifarley Callado Coelho Cruz
    
Added support for 'pretxncommit', so that one can call the ACL hook at...

              r10955
            
          if hooktype not in ['pretxnchangegroup', 'pretxncommit']:

        Vadim Gelfer
    
add acl extension, to limit who can push to subdirs of central repo.

              r2344
            
              raise util.Abort(_('config error - hook type "%s" cannot stop '

        Elifarley Callado Coelho Cruz
    
Added support for 'pretxncommit', so that one can call the ACL hook at...

              r10955
            
                                 'incoming changesets nor commits') % hooktype)

          if (hooktype == 'pretxnchangegroup' and

              source not in ui.config('acl', 'sources', 'serve').split()):

        Martin Geisler
    
do not attempt to translate ui.debug output

              r9467
            
              ui.debug('acl: changes have source "%s" - skipping\n' % source)

        Vadim Gelfer
    
add acl extension, to limit who can push to subdirs of central repo.

              r2344
            
              return

        Henrik Stuart
    
acl: support for getting authenticated user from web server (issue298)...

              r8846
            
          user = None

          if source == 'serve' and 'url' in kwargs:

              url = kwargs['url'].split(':')

              if url[0] == 'remote' and url[1].startswith('http'):

        Henrik Stuart
    
acl: read correct index into url for username (issue298)...

              r9018
            
                  user = urllib.unquote(url[3])

        Henrik Stuart
    
acl: support for getting authenticated user from web server (issue298)...

              r8846
            
          if user is None:

              user = getpass.getuser()

        Elifarley Callado Coelho Cruz
    
acl: more descriptive error messages

              r15207
            
          ui.debug('acl: checking access for user "%s"\n' % user)

        Matt Mackall
    
acl: refactoring...

              r6766
            
          cfg = ui.config('acl', 'config')

          if cfg:

        Elifarley Callado Coelho Cruz
    
acl: support for group definitions in section [acl.groups], which take precedence over OS-level groups

              r11114
            
              ui.readconfig(cfg, sections = ['acl.groups', 'acl.allow.branches',

        Elifarley Callado Coelho Cruz
    
acl: add support for branch-based access control

              r11092
            
              'acl.deny.branches', 'acl.allow', 'acl.deny'])

          allowbranches = buildmatch(ui, None, user, 'acl.allow.branches')

          denybranches = buildmatch(ui, None, user, 'acl.deny.branches')

        Matt Mackall
    
acl: refactoring...

              r6766
            
          allow = buildmatch(ui, repo, user, 'acl.allow')

          deny = buildmatch(ui, repo, user, 'acl.deny')

          for rev in xrange(repo[node], len(repo)):

              ctx = repo[rev]

        Elifarley Callado Coelho Cruz
    
acl: add support for branch-based access control

              r11092
            
              branch = ctx.branch()

              if denybranches and denybranches(branch):

                  raise util.Abort(_('acl: user "%s" denied on branch "%s"'

                                     ' (changeset "%s")')

                                     % (user, branch, ctx))

              if allowbranches and not allowbranches(branch):

                  raise util.Abort(_('acl: user "%s" not allowed on branch "%s"'

                                     ' (changeset "%s")')

                                     % (user, branch, ctx))

              ui.debug('acl: branch access granted: "%s" on branch "%s"\n'

              % (ctx, branch))

        Matt Mackall
    
acl: refactoring...

              r6766
            
              for f in ctx.files():

                  if deny and deny(f):

        Elifarley Callado Coelho Cruz
    
acl: more descriptive error messages

              r15207
            
                      raise util.Abort(_('acl: user "%s" denied on "%s"'

                      ' (changeset "%s")') % (user, f, ctx))

        Matt Mackall
    
acl: refactoring...

              r6766
            
                  if allow and not allow(f):

        Elifarley Callado Coelho Cruz
    
acl: more descriptive error messages

              r15207
            
                      raise util.Abort(_('acl: user "%s" not allowed on "%s"'

                      ' (changeset "%s")') % (user, f, ctx))

              ui.debug('acl: path access granted: "%s"\n' % ctx)

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

Vadim Gelfer add acl extension, to limit who can push to subdirs of central repo.	r2344	# acl.py - changeset access control for mercurial
		#
		# Copyright 2006 Vadim Gelfer <vadim.gelfer@gmail.com>
		#
Martin Geisler updated license to be explicit about GPL version 2	r8225	# This software may be used and distributed according to the terms of the
Matt Mackall Update license to GPLv2+	r10263	# GNU General Public License version 2 or any later version.
Dirkjan Ochtman help: add/fix docstrings for a bunch of extensions	r8873
Dirkjan Ochtman extensions: change descriptions for hook-providing extensions...	r8935	'''hooks for controlling repository access
Dirkjan Ochtman help: add/fix docstrings for a bunch of extensions	r8873
Martin Geisler acl: more consistent docstring	r11095	This hook makes it possible to allow or deny write access to given
		branches and paths of a repository when receiving incoming changesets
		via pretxnchangegroup and pretxncommit.
Martin Geisler acl: wrap docstrings at 70 characters	r9250
		The authorization is matched based on the local user name on the
		system where the hook runs, and not the committer of the original
		changeset (since the latter is merely informative).
Dirkjan Ochtman help: add/fix docstrings for a bunch of extensions	r8873
Martin Geisler acl: wrap docstrings at 70 characters	r9250	The acl hook is best used along with a restricted shell like hgsh,
Martin Geisler acl: more consistent docstring	r11095	preventing authenticating users from doing anything other than pushing
		or pulling. The hook is not safe to use if users have interactive
		shell access, as they can then disable the hook. Nor is it safe if
		remote users share an account, because then there is no way to
		distinguish them.
Dirkjan Ochtman help: add/fix docstrings for a bunch of extensions	r8873
Elifarley Callado Coelho Cruz acl: add support for branch-based access control	r11092	The order in which access checks are performed is:
Martin Geisler acl: fix reST syntax	r11094
		1) Deny list for branches (section ``acl.deny.branches``)
		2) Allow list for branches (section ``acl.allow.branches``)
		3) Deny list for paths (section ``acl.deny``)
		4) Allow list for paths (section ``acl.allow``)
Elifarley Callado Coelho Cruz acl: updated doc string to reflect recent changes	r11042
Elifarley Callado Coelho Cruz acl: add support for branch-based access control	r11092	The allow and deny sections take key-value pairs.

Martin Geisler acl: fix reST syntax	r11094	Branch-based Access Control
Erik Zielke help: different section separators...	r12778	...........................
Elifarley Callado Coelho Cruz acl: add support for branch-based access control	r11092
Martin Geisler acl: more consistent docstring	r11095	Use the ``acl.deny.branches`` and ``acl.allow.branches`` sections to
		have branch-based access control. Keys in these sections can be
		either:
Martin Geisler acl: fix ReST syntax in docstring	r11057
Martin Geisler acl: more consistent docstring	r11095	- a branch name, or
		- an asterisk, to match any branch;
Elifarley Callado Coelho Cruz acl: add support for branch-based access control	r11092
		The corresponding values can be either:
Martin Geisler acl: fix reST syntax	r11094
Martin Geisler acl: more consistent docstring	r11095	- a comma-separated list containing users and groups, or
		- an asterisk, to match anyone;
Elifarley Callado Coelho Cruz acl: updated doc string to reflect recent changes	r11042
Elifarley Callado Coelho Cruz acl: user docs for the "!" prefix in user or group names	r16957	You can add the "!" prefix to a user or group name to invert the sense
		of the match.

Martin Geisler acl: fix reST syntax	r11094	Path-based Access Control
Erik Zielke help: different section separators...	r12778	.........................
Elifarley Callado Coelho Cruz acl: add support for branch-based access control	r11092
Martin Geisler acl: more consistent docstring	r11095	Use the ``acl.deny`` and ``acl.allow`` sections to have path-based
		access control. Keys in these sections accept a subtree pattern (with
		a glob syntax by default). The corresponding values follow the same
		syntax as the other sections above.
Elifarley Callado Coelho Cruz acl: add support for branch-based access control	r11092
Martin Geisler acl: fix reST syntax	r11094	Groups
Erik Zielke help: different section separators...	r12778	......
Elifarley Callado Coelho Cruz acl: add support for branch-based access control	r11092
Martin Geisler acl: more consistent docstring	r11095	Group names must be prefixed with an ``@`` symbol. Specifying a group
		name has the same effect as specifying all the users in that group.
Dirkjan Ochtman help: add/fix docstrings for a bunch of extensions	r8873
Elifarley Callado Coelho Cruz acl: update docstring to describe section [acl.groups]	r11115	You can define group members in the ``acl.groups`` section.
		If a group name is not defined there, and Mercurial is running under
		a Unix-like system, the list of users will be taken from the OS.
		Otherwise, an exception will be raised.

Martin Geisler acl: fix reST syntax	r11094	Example Configuration
Erik Zielke help: different section separators...	r12778	.....................
Martin Geisler acl: fix reST syntax	r11094
		::
Dirkjan Ochtman help: add/fix docstrings for a bunch of extensions	r8873
		[hooks]
Elifarley Callado Coelho Cruz acl: updated doc string to reflect recent changes	r11042
Elifarley Callado Coelho Cruz acl: add support for branch-based access control	r11092	# Use this if you want to check access restrictions at commit time
Elifarley Callado Coelho Cruz acl: updated doc string to reflect recent changes	r11042	pretxncommit.acl = python:hgext.acl.hook
Martin Geisler acl: delete trailing whitespace in docstring	r11423
Martin Geisler acl: more consistent docstring	r11095	# Use this if you want to check access restrictions for pull, push,
		# bundle and serve.
Dirkjan Ochtman help: add/fix docstrings for a bunch of extensions	r8873	pretxnchangegroup.acl = python:hgext.acl.hook

		[acl]
Patrick Mezard acl: clarify acl.sources, fix typo	r11131	# Allow or deny access for incoming changes only if their source is
		# listed here, let them pass otherwise. Source is "serve" for all
		# remote access (http or ssh), "push", "pull" or "bundle" when the
		# related commands are run locally.
		# Default: serve
Cédric Duval acl: help improvements...	r8893	sources = serve
Dirkjan Ochtman help: add/fix docstrings for a bunch of extensions	r8873
Martin Geisler acl: delete trailing whitespace in docstring	r11423	[acl.deny.branches]

		# Everyone is denied to the frozen branch:
		frozen-branch = *

		# A bad user is denied on all branches:
		* = bad-user

		[acl.allow.branches]

		# A few users are allowed on branch-a:
		branch-a = user-1, user-2, user-3

		# Only one user is allowed on branch-b:
		branch-b = user-1

		# The super user is allowed on any branch:
		* = super-user

		# Everyone is allowed on branch-for-tests:
		branch-for-tests = *
Elifarley Callado Coelho Cruz acl: add support for branch-based access control	r11092
Elifarley Callado Coelho Cruz acl: updated doc string to reflect recent changes	r11042	[acl.deny]
Martin Geisler acl: more consistent docstring	r11095	# This list is checked first. If a match is found, acl.allow is not
		# checked. All users are granted access if acl.deny is not present.
		# Format for both lists: glob pattern = user, ..., @group, ...
Elifarley Callado Coelho Cruz acl: updated doc string to reflect recent changes	r11042
		# To match everyone, use an asterisk for the user:
		# my/glob/pattern = *

		# user6 will not have write access to any file:
		** = user6

		# Group "hg-denied" will not have write access to any file:
		** = @hg-denied

Martin Geisler acl: more consistent docstring	r11095	# Nobody will be able to change "DONT-TOUCH-THIS.txt", despite
		# everyone being able to change all other files. See below.
Elifarley Callado Coelho Cruz acl: updated doc string to reflect recent changes	r11042	src/main/resources/DONT-TOUCH-THIS.txt = *
Dirkjan Ochtman help: add/fix docstrings for a bunch of extensions	r8873
		[acl.allow]
Patrick Mezard acl: clarify acl.sources, fix typo	r11131	# if acl.allow is not present, all users are allowed by default
Elifarley Callado Coelho Cruz acl: updated doc string to reflect recent changes	r11042	# empty acl.allow = no users allowed

Martin Geisler acl: more consistent docstring	r11095	# User "doc_writer" has write access to any file under the "docs"
		# folder:
Dirkjan Ochtman help: add/fix docstrings for a bunch of extensions	r8873	docs/** = doc_writer
Elifarley Callado Coelho Cruz acl: updated doc string to reflect recent changes	r11042
Martin Geisler acl: more consistent docstring	r11095	# User "jack" and group "designers" have write access to any file
		# under the "images" folder:
Elifarley Callado Coelho Cruz acl: updated doc string to reflect recent changes	r11042	images/** = jack, @designers

FUJIWARA Katsunori doc: fix explanation comment in acl extension...	r16499	# Everyone (except for "user6" and "@hg-denied" - see acl.deny above)
		# will have write access to any file under the "resources" folder
		# (except for 1 file. See acl.deny):
Elifarley Callado Coelho Cruz acl: updated doc string to reflect recent changes	r11042	src/main/resources/** = *

Dirkjan Ochtman help: add/fix docstrings for a bunch of extensions	r8873	.hgtags = release_engineer

Elifarley Callado Coelho Cruz acl: user docs for the "!" prefix in user or group names	r16957	Examples using the "!" prefix
		.............................

		Suppose there's a branch that only a given user (or group) should be able to
		push to, and you don't want to restrict access to any other branch that may
		be created.

		The "!" prefix allows you to prevent anyone except a given user or group to
		push changesets in a given branch or path.

		In the examples below, we will:
		1) Deny access to branch "ring" to anyone but user "gollum"
		2) Deny access to branch "lake" to anyone but members of the group "hobbit"
		3) Deny access to a file to anyone but user "gollum"

		::

		[acl.allow.branches]
		# Empty

		[acl.deny.branches]

		# 1) only 'gollum' can commit to branch 'ring';
		# 'gollum' and anyone else can still commit to any other branch.
		ring = !gollum

		# 2) only members of the group 'hobbit' can commit to branch 'lake';
		# 'hobbit' members and anyone else can still commit to any other branch.
		lake = !@hobbit

		# You can also deny access based on file paths:

		[acl.allow]
		# Empty

		[acl.deny]
		# 3) only 'gollum' can change the file below;
		# 'gollum' and anyone else can still change any other file.
		/misty/mountains/cave/ring = !gollum

Dirkjan Ochtman help: add/fix docstrings for a bunch of extensions	r8873	'''
Vadim Gelfer add acl extension, to limit who can push to subdirs of central repo.	r2344
Matt Mackall Simplify i18n imports	r3891	from mercurial.i18n import _
Matt Mackall match: change all users of util.matcher to match.match	r8566	from mercurial import util, match
Patrick Mezard acl: grp module is not available on windows	r11138	import getpass, urllib
Elifarley Callado Coelho Cruz acl: add support for OS-level groups using @group syntax	r11041
Augie Fackler hgext: mark all first-party extensions as such	r16743	testedwith = 'internal'

Elifarley Callado Coelho Cruz acl: support for group definitions in section [acl.groups], which take precedence over OS-level groups	r11114	def _getusers(ui, group):

		# First, try to use group definition from section [acl.groups]
		hgrcusers = ui.configlist('acl.groups', group)
		if hgrcusers:
		return hgrcusers

		ui.debug('acl: "%s" not defined in [acl.groups]\n' % group)
		# If no users found in group definition, get users from OS-level group
Patrick Mezard acl: improve undefined group error handling	r11140	try:
		return util.groupmembers(group)
		except KeyError:
		raise util.Abort(_("group '%s' is undefined") % group)
Elifarley Callado Coelho Cruz acl: add support for OS-level groups using @group syntax	r11041
Elifarley Callado Coelho Cruz acl: support for group definitions in section [acl.groups], which take precedence over OS-level groups	r11114	def _usermatch(ui, user, usersorgroups):
Elifarley Callado Coelho Cruz acl: add support for OS-level groups using @group syntax	r11041
		if usersorgroups == '*':
		return True

		for ug in usersorgroups.replace(',', ' ').split():
Elifarley Callado Coelho Cruz acl: use of "!" prefix in user or group names...	r16956
		if ug.startswith('!'):
		# Test for excluded user or group. Format:
		# if ug is a user name: !username
		# if ug is a group name: !@groupname
		ug = ug[1:]
		if not ug.startswith('@') and user != ug \
		or ug.startswith('@') and user not in _getusers(ui, ug[1:]):
		return True

		# Test for user or group. Format:
		# if ug is a user name: username
		# if ug is a group name: @groupname
		elif user == ug \
		or ug.startswith('@') and user in _getusers(ui, ug[1:]):
Elifarley Callado Coelho Cruz acl: add support for OS-level groups using @group syntax	r11041	return True

		return False
Vadim Gelfer add acl extension, to limit who can push to subdirs of central repo.	r2344
Matt Mackall acl: refactoring...	r6766	def buildmatch(ui, repo, user, key):
		'''return tuple of (match function, list enabled).'''
		if not ui.has_section(key):
Martin Geisler do not attempt to translate ui.debug output	r9467	ui.debug('acl: %s not enabled\n' % key)
Matt Mackall acl: refactoring...	r6766	return None
Vadim Gelfer add acl extension, to limit who can push to subdirs of central repo.	r2344
Matt Mackall acl: refactoring...	r6766	pats = [pat for pat, users in ui.configitems(key)
Elifarley Callado Coelho Cruz acl: support for group definitions in section [acl.groups], which take precedence over OS-level groups	r11114	if _usermatch(ui, user, users)]
Martin Geisler do not attempt to translate ui.debug output	r9467	ui.debug('acl: %s enabled, %d entries for user %s\n' %
Matt Mackall acl: refactoring...	r6766	(key, len(pats), user))
Elifarley Callado Coelho Cruz acl: add support for branch-based access control	r11092
Elifarley Callado Coelho Cruz acl: added some comments to easily identify branch- and path-based verifications	r16765	# Branch-based ACL
Elifarley Callado Coelho Cruz acl: add support for branch-based access control	r11092	if not repo:
		if pats:
Elifarley Callado Coelho Cruz acl: perform some computations earlier, so that returned lambda functions are simpler	r16766	# If there's an asterisk (meaning "any branch"), always return True;
		# Otherwise, test if b is in pats
		if '*' in pats:
		return util.always
		return lambda b: b in pats
Elifarley Callado Coelho Cruz acl: 'util.never' used	r16764	return util.never
Elifarley Callado Coelho Cruz acl: add support for branch-based access control	r11092
Elifarley Callado Coelho Cruz acl: added some comments to easily identify branch- and path-based verifications	r16765	# Path-based ACL
Matt Mackall acl: refactoring...	r6766	if pats:
Matt Mackall match: add some default args	r8567	return match.match(repo.root, '', pats)
Elifarley Callado Coelho Cruz acl: 'util.never' can be used instead of a more complex expression	r16767	return util.never
Vadim Gelfer add acl extension, to limit who can push to subdirs of central repo.	r2344
		def hook(ui, repo, hooktype, node=None, source=None, **kwargs):
Elifarley Callado Coelho Cruz Added support for 'pretxncommit', so that one can call the ACL hook at...	r10955	if hooktype not in ['pretxnchangegroup', 'pretxncommit']:
Vadim Gelfer add acl extension, to limit who can push to subdirs of central repo.	r2344	raise util.Abort(_('config error - hook type "%s" cannot stop '
Elifarley Callado Coelho Cruz Added support for 'pretxncommit', so that one can call the ACL hook at...	r10955	'incoming changesets nor commits') % hooktype)
		if (hooktype == 'pretxnchangegroup' and
		source not in ui.config('acl', 'sources', 'serve').split()):
Martin Geisler do not attempt to translate ui.debug output	r9467	ui.debug('acl: changes have source "%s" - skipping\n' % source)
Vadim Gelfer add acl extension, to limit who can push to subdirs of central repo.	r2344	return

Henrik Stuart acl: support for getting authenticated user from web server (issue298)...	r8846	user = None
		if source == 'serve' and 'url' in kwargs:
		url = kwargs['url'].split(':')
		if url[0] == 'remote' and url[1].startswith('http'):
Henrik Stuart acl: read correct index into url for username (issue298)...	r9018	user = urllib.unquote(url[3])
Henrik Stuart acl: support for getting authenticated user from web server (issue298)...	r8846
		if user is None:
		user = getpass.getuser()

Elifarley Callado Coelho Cruz acl: more descriptive error messages	r15207	ui.debug('acl: checking access for user "%s"\n' % user)

Matt Mackall acl: refactoring...	r6766	cfg = ui.config('acl', 'config')
		if cfg:
Elifarley Callado Coelho Cruz acl: support for group definitions in section [acl.groups], which take precedence over OS-level groups	r11114	ui.readconfig(cfg, sections = ['acl.groups', 'acl.allow.branches',
Elifarley Callado Coelho Cruz acl: add support for branch-based access control	r11092	'acl.deny.branches', 'acl.allow', 'acl.deny'])

		allowbranches = buildmatch(ui, None, user, 'acl.allow.branches')
		denybranches = buildmatch(ui, None, user, 'acl.deny.branches')
Matt Mackall acl: refactoring...	r6766	allow = buildmatch(ui, repo, user, 'acl.allow')
		deny = buildmatch(ui, repo, user, 'acl.deny')

		for rev in xrange(repo[node], len(repo)):
		ctx = repo[rev]
Elifarley Callado Coelho Cruz acl: add support for branch-based access control	r11092	branch = ctx.branch()
		if denybranches and denybranches(branch):
		raise util.Abort(_('acl: user "%s" denied on branch "%s"'
		' (changeset "%s")')
		% (user, branch, ctx))
		if allowbranches and not allowbranches(branch):
		raise util.Abort(_('acl: user "%s" not allowed on branch "%s"'
		' (changeset "%s")')
		% (user, branch, ctx))
		ui.debug('acl: branch access granted: "%s" on branch "%s"\n'
		% (ctx, branch))

Matt Mackall acl: refactoring...	r6766	for f in ctx.files():
		if deny and deny(f):
Elifarley Callado Coelho Cruz acl: more descriptive error messages	r15207	raise util.Abort(_('acl: user "%s" denied on "%s"'
		' (changeset "%s")') % (user, f, ctx))
Matt Mackall acl: refactoring...	r6766	if allow and not allow(f):
Elifarley Callado Coelho Cruz acl: more descriptive error messages	r15207	raise util.Abort(_('acl: user "%s" not allowed on "%s"'
		' (changeset "%s")') % (user, f, ctx))
		ui.debug('acl: path access granted: "%s"\n' % ctx)