# HG changeset patch # User Henrik Stuart # Date 2009-06-07 18:31:38 # Node ID b30775386d4064a22a52b35cd5449a2623cec27a # Parent 296767acbb55423849e51f698144bcb6c06404aa acl: support for getting authenticated user from web server (issue298) Previously, the acl extension just read the current system user, which is fine for direct file system access and SSH, but will not work for HTTP(S) as that would return the web server process user identity rather than the authenticated user. An empty user is returned if the user is not authenticated. diff --git a/hgext/acl.py b/hgext/acl.py --- a/hgext/acl.py +++ b/hgext/acl.py @@ -47,7 +47,7 @@ from mercurial.i18n import _ from mercurial import util, match -import getpass +import getpass, urllib def buildmatch(ui, repo, user, key): '''return tuple of (match function, list enabled).''' @@ -72,7 +72,15 @@ def hook(ui, repo, hooktype, node=None, ui.debug(_('acl: changes have source "%s" - skipping\n') % source) return - user = getpass.getuser() + user = None + if source == 'serve' and 'url' in kwargs: + url = kwargs['url'].split(':') + if url[0] == 'remote' and url[1].startswith('http'): + user = urllib.unquote(url[2]) + + if user is None: + user = getpass.getuser() + cfg = ui.config('acl', 'config') if cfg: ui.readconfig(cfg, sections = ['acl.allow', 'acl.deny']) diff --git a/mercurial/hgweb/protocol.py b/mercurial/hgweb/protocol.py --- a/mercurial/hgweb/protocol.py +++ b/mercurial/hgweb/protocol.py @@ -162,9 +162,10 @@ def unbundle(repo, req): sys.stderr = sys.stdout = cStringIO.StringIO() try: - url = 'remote:%s:%s' % (proto, - urllib.quote( - req.env.get('REMOTE_HOST', ''))) + url = 'remote:%s:%s:%s' % ( + proto, + urllib.quote(req.env.get('REMOTE_HOST', '')), + urllib.quote(req.env.get('REMOTE_USER', ''))) try: ret = repo.addchangegroup(gen, 'serve', url) except util.Abort, inst: