Show More
@@ -676,6 +676,16 b' web::' | |||
|
676 | 676 | must be present in this list (separated by whitespace or ","). |
|
677 | 677 | The contents of the allow_push list are examined after the |
|
678 | 678 | deny_push list. |
|
679 | allow_read;; | |
|
680 | If the user has not already been denied repository access due to the | |
|
681 | contents of deny_read, this list determines whether to grant repository | |
|
682 | access to the user. If this list is not empty, and the user is | |
|
683 | unauthenticated or not present in the list (separated by whitespace or ","), | |
|
684 | then access is denied for the user. If the list is empty or not set, then | |
|
685 | access is permitted to all users by default. Setting allow_read to the | |
|
686 | special value "*" is equivalent to it not being set (i.e. access is | |
|
687 | permitted to all users). The contents of the allow_read list are examined | |
|
688 | after the deny_read list. | |
|
679 | 689 | allowzip;; |
|
680 | 690 | (DEPRECATED) Whether to allow .zip downloading of repo revisions. |
|
681 | 691 | Default is false. This feature creates temporary files. |
@@ -693,6 +703,18 b' web::' | |||
|
693 | 703 | and any authenticated user name present in this list (separated by |
|
694 | 704 | whitespace or ",") is also denied. The contents of the deny_push |
|
695 | 705 | list are examined before the allow_push list. |
|
706 | deny_read;; | |
|
707 | Whether to deny reading/viewing of the repository. If this list is not | |
|
708 | empty, unauthenticated users are all denied, and any authenticated user name | |
|
709 | present in this list (separated by whitespace or ",") is also denied access | |
|
710 | to the repository. If set to the special value "*", all remote users are | |
|
711 | denied access (rarely needed ;). If deny_read is empty or not set, the | |
|
712 | determination of repository access depends on the presence and content of | |
|
713 | the allow_read list (see description). If both deny_read and allow_read are | |
|
714 | empty or not set, then access is permitted to all users by default. If the | |
|
715 | repository is being served via hgwebdir, denied users will not be able to | |
|
716 | see it in the list of repositories. The contents of the deny_read list have | |
|
717 | priority over (are examined before) the contents of the allow_read list. | |
|
696 | 718 | description;; |
|
697 | 719 | Textual description of the repository's purpose or contents. |
|
698 | 720 | Default is "unknown". |
@@ -161,11 +161,13 b' class hgweb(object):' | |||
|
161 | 161 | # process the web interface request |
|
162 | 162 | |
|
163 | 163 | try: |
|
164 | ||
|
165 | 164 | tmpl = self.templater(req) |
|
166 | 165 | ctype = tmpl('mimetype', encoding=self.encoding) |
|
167 | 166 | ctype = templater.stringify(ctype) |
|
168 | 167 | |
|
168 | # check allow_read / deny_read config options | |
|
169 | self.check_perm(req, None) | |
|
170 | ||
|
169 | 171 | if cmd == '': |
|
170 | 172 | req.form['cmd'] = [tmpl.cache['default']] |
|
171 | 173 | cmd = req.form['cmd'][0] |
@@ -278,11 +280,24 b' class hgweb(object):' | |||
|
278 | 280 | |
|
279 | 281 | def check_perm(self, req, op): |
|
280 | 282 | '''Check permission for operation based on request data (including |
|
281 |
authentication info. Return |
|
|
283 | authentication info). Return if op allowed, else raise an ErrorResponse | |
|
284 | exception.''' | |
|
285 | ||
|
286 | user = req.env.get('REMOTE_USER') | |
|
287 | ||
|
288 | deny_read = self.configlist('web', 'deny_read') | |
|
289 | if deny_read and (not user or deny_read == ['*'] or user in deny_read): | |
|
290 | raise ErrorResponse(HTTP_UNAUTHORIZED, 'read not authorized') | |
|
291 | ||
|
292 | allow_read = self.configlist('web', 'allow_read') | |
|
293 | result = (not allow_read) or (allow_read == ['*']) or (user in allow_read) | |
|
294 | if not result: | |
|
295 | raise ErrorResponse(HTTP_UNAUTHORIZED, 'read not authorized') | |
|
282 | 296 | |
|
283 | 297 | if op == 'pull' and not self.allowpull: |
|
284 | 298 | raise ErrorResponse(HTTP_OK, '') |
|
285 | elif op == 'pull': | |
|
299 | # op is None when checking allow/deny_read permissions for a web-browser request | |
|
300 | elif op == 'pull' or op is None: | |
|
286 | 301 | return |
|
287 | 302 | |
|
288 | 303 | # enforce that you can only push using POST requests |
@@ -296,8 +311,6 b' class hgweb(object):' | |||
|
296 | 311 | if self.configbool('web', 'push_ssl', True) and scheme != 'https': |
|
297 | 312 | raise ErrorResponse(HTTP_OK, 'ssl required') |
|
298 | 313 | |
|
299 | user = req.env.get('REMOTE_USER') | |
|
300 | ||
|
301 | 314 | deny = self.configlist('web', 'deny_push') |
|
302 | 315 | if deny and (not user or deny == ['*'] or user in deny): |
|
303 | 316 | raise ErrorResponse(HTTP_UNAUTHORIZED, 'push not authorized') |
@@ -72,6 +72,28 b' class hgwebdir(object):' | |||
|
72 | 72 | req = wsgirequest(env, respond) |
|
73 | 73 | return self.run_wsgi(req) |
|
74 | 74 | |
|
75 | def read_allowed(self, ui, req): | |
|
76 | """Check allow_read and deny_read config options of a repo's ui object | |
|
77 | to determine user permissions. By default, with neither option set (or | |
|
78 | both empty), allow all users to read the repo. There are two ways a | |
|
79 | user can be denied read access: (1) deny_read is not empty, and the | |
|
80 | user is unauthenticated or deny_read contains user (or *), and (2) | |
|
81 | allow_read is not empty and the user is not in allow_read. Return True | |
|
82 | if user is allowed to read the repo, else return False.""" | |
|
83 | ||
|
84 | user = req.env.get('REMOTE_USER') | |
|
85 | ||
|
86 | deny_read = ui.configlist('web', 'deny_read', default=None, untrusted=True) | |
|
87 | if deny_read and (not user or deny_read == ['*'] or user in deny_read): | |
|
88 | return False | |
|
89 | ||
|
90 | allow_read = ui.configlist('web', 'allow_read', default=None, untrusted=True) | |
|
91 | # by default, allow reading if no allow_read option has been set | |
|
92 | if (not allow_read) or (allow_read == ['*']) or (user in allow_read): | |
|
93 | return True | |
|
94 | ||
|
95 | return False | |
|
96 | ||
|
75 | 97 | def run_wsgi(self, req): |
|
76 | 98 | |
|
77 | 99 | try: |
@@ -175,6 +197,9 b' class hgwebdir(object):' | |||
|
175 | 197 | if u.configbool("web", "hidden", untrusted=True): |
|
176 | 198 | continue |
|
177 | 199 | |
|
200 | if not self.read_allowed(u, req): | |
|
201 | continue | |
|
202 | ||
|
178 | 203 | parts = [name] |
|
179 | 204 | if 'PATH_INFO' in req.env: |
|
180 | 205 | parts.insert(0, req.env['PATH_INFO'].rstrip('/')) |
General Comments 0
You need to be logged in to leave comments.
Login now