# HG changeset patch
# User Elifarley Callado Coelho Cruz <elifarley@gmail.com>
# Date 2010-05-06 17:23:14
# Node ID 62714143742f015f95ad78d150527f9bc65e70d0
# Parent  db6f3a97e268716756706fcea7400a88b3f83710

acl: support for group definitions in section [acl.groups], which take precedence over OS-level groups

diff --git a/hgext/acl.py b/hgext/acl.py
--- a/hgext/acl.py
+++ b/hgext/acl.py
@@ -145,16 +145,24 @@ from mercurial.i18n import _
 from mercurial import util, match
 import getpass, urllib, grp
 
-def _getusers(group):
+def _getusers(ui, group):
+
+    # First, try to use group definition from section [acl.groups]
+    hgrcusers = ui.configlist('acl.groups', group)
+    if hgrcusers:
+        return hgrcusers
+
+    ui.debug('acl: "%s" not defined in [acl.groups]\n' % group)
+    # If no users found in group definition, get users from OS-level group
     return grp.getgrnam(group).gr_mem
 
-def _usermatch(user, usersorgroups):
+def _usermatch(ui, user, usersorgroups):
 
     if usersorgroups == '*':
         return True
 
     for ug in usersorgroups.replace(',', ' ').split():
-        if user == ug or ug.find('@') == 0 and user in _getusers(ug[1:]):
+        if user == ug or ug.find('@') == 0 and user in _getusers(ui, ug[1:]):
             return True
 
     return False
@@ -166,7 +174,7 @@ def buildmatch(ui, repo, user, key):
         return None
 
     pats = [pat for pat, users in ui.configitems(key)
-            if _usermatch(user, users)]
+            if _usermatch(ui, user, users)]
     ui.debug('acl: %s enabled, %d entries for user %s\n' %
              (key, len(pats), user))
 
@@ -200,7 +208,7 @@ def hook(ui, repo, hooktype, node=None, 
 
     cfg = ui.config('acl', 'config')
     if cfg:
-        ui.readconfig(cfg, sections = ['acl.allow.branches',
+        ui.readconfig(cfg, sections = ['acl.groups', 'acl.allow.branches',
         'acl.deny.branches', 'acl.allow', 'acl.deny'])
 
     allowbranches = buildmatch(ui, None, user, 'acl.allow.branches')
diff --git a/tests/test-acl b/tests/test-acl
--- a/tests/test-acl
+++ b/tests/test-acl
@@ -28,7 +28,13 @@ init_config()
 {
 cat > fakegroups.py <<EOF
 from hgext import acl
-acl._getusers = lambda x: ["fred", "betty"]
+def fakegetusers(ui, group):
+    try:
+        return acl._getusersorig(ui, group)
+    except:
+        return ["fred", "betty"]
+acl._getusersorig = acl._getusers
+acl._getusers = fakegetusers
 EOF
 
 rm -f acl.config