##// END OF EJS Templates
upstream » mercurial-mirror
RSS

Clone from https://www.mercurial-scm.org/repo/hg-all

exchange: move narrow acl functionality into core...
Gregory Szorc -
r38826:3e738733 default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -324,42 +324,6 b' def getbundlechangegrouppart_narrow(bund'
324 if 'treemanifest' in repo.requirements:
324 if 'treemanifest' in repo.requirements:
325 part.addparam('treemanifest', '1')
325 part.addparam('treemanifest', '1')
326
326
327 def applyacl_narrow(repo, kwargs):
328 ui = repo.ui
329 username = ui.shortuser(ui.environ.get('REMOTE_USER') or ui.username())
330 user_includes = ui.configlist(
331 _NARROWACL_SECTION, username + '.includes',
332 ui.configlist(_NARROWACL_SECTION, 'default.includes'))
333 user_excludes = ui.configlist(
334 _NARROWACL_SECTION, username + '.excludes',
335 ui.configlist(_NARROWACL_SECTION, 'default.excludes'))
336 if not user_includes:
337 raise error.Abort(_("{} configuration for user {} is empty")
338 .format(_NARROWACL_SECTION, username))
339
340 user_includes = [
341 'path:.' if p == '*' else 'path:' + p for p in user_includes]
342 user_excludes = [
343 'path:.' if p == '*' else 'path:' + p for p in user_excludes]
344
345 req_includes = set(kwargs.get(r'includepats', []))
346 req_excludes = set(kwargs.get(r'excludepats', []))
347
348 req_includes, req_excludes, invalid_includes = narrowspec.restrictpatterns(
349 req_includes, req_excludes, user_includes, user_excludes)
350
351 if invalid_includes:
352 raise error.Abort(
353 _("The following includes are not accessible for {}: {}")
354 .format(username, invalid_includes))
355
356 new_args = {}
357 new_args.update(kwargs)
358 new_args['includepats'] = req_includes
359 if req_excludes:
360 new_args['excludepats'] = req_excludes
361 return new_args
362
363 @bundle2.parthandler(_SPECPART, (_SPECPART_INCLUDE, _SPECPART_EXCLUDE))
327 @bundle2.parthandler(_SPECPART, (_SPECPART_INCLUDE, _SPECPART_EXCLUDE))
364 def _handlechangespec_2(op, inpart):
328 def _handlechangespec_2(op, inpart):
365 includepats = set(inpart.params.get(_SPECPART_INCLUDE, '').splitlines())
329 includepats = set(inpart.params.get(_SPECPART_INCLUDE, '').splitlines())
@@ -480,7 +444,7 b' def setup():'
480 repo = args[1]
444 repo = args[1]
481 if repo.ui.has_section(_NARROWACL_SECTION):
445 if repo.ui.has_section(_NARROWACL_SECTION):
482 getbundlechangegrouppart_narrow(
446 getbundlechangegrouppart_narrow(
483 *args, **applyacl_narrow(repo, kwargs))
447 *args, **exchange.applynarrowacl(repo, kwargs))
484 elif kwargs.get(r'narrow', False):
448 elif kwargs.get(r'narrow', False):
485 getbundlechangegrouppart_narrow(*args, **kwargs)
449 getbundlechangegrouppart_narrow(*args, **kwargs)
486 else:
450 else:
Show file before | Show file after | Hide comments
@@ -27,6 +27,7 b' from . import ('
27 error,
27 error,
28 lock as lockmod,
28 lock as lockmod,
29 logexchange,
29 logexchange,
30 narrowspec,
30 obsolete,
31 obsolete,
31 phases,
32 phases,
32 pushkey,
33 pushkey,
@@ -1832,6 +1833,48 b' def _pullobsolete(pullop):'
1832 pullop.repo.invalidatevolatilesets()
1833 pullop.repo.invalidatevolatilesets()
1833 return tr
1834 return tr
1834
1835
1836 def applynarrowacl(repo, kwargs):
1837 """Apply narrow fetch access control.
1838
1839 This massages the named arguments for getbundle wire protocol commands
1840 so requested data is filtered through access control rules.
1841 """
1842 ui = repo.ui
1843 # TODO this assumes existence of HTTP and is a layering violation.
1844 username = ui.shortuser(ui.environ.get('REMOTE_USER') or ui.username())
1845 user_includes = ui.configlist(
1846 _NARROWACL_SECTION, username + '.includes',
1847 ui.configlist(_NARROWACL_SECTION, 'default.includes'))
1848 user_excludes = ui.configlist(
1849 _NARROWACL_SECTION, username + '.excludes',
1850 ui.configlist(_NARROWACL_SECTION, 'default.excludes'))
1851 if not user_includes:
1852 raise error.Abort(_("{} configuration for user {} is empty")
1853 .format(_NARROWACL_SECTION, username))
1854
1855 user_includes = [
1856 'path:.' if p == '*' else 'path:' + p for p in user_includes]
1857 user_excludes = [
1858 'path:.' if p == '*' else 'path:' + p for p in user_excludes]
1859
1860 req_includes = set(kwargs.get(r'includepats', []))
1861 req_excludes = set(kwargs.get(r'excludepats', []))
1862
1863 req_includes, req_excludes, invalid_includes = narrowspec.restrictpatterns(
1864 req_includes, req_excludes, user_includes, user_excludes)
1865
1866 if invalid_includes:
1867 raise error.Abort(
1868 _("The following includes are not accessible for {}: {}")
1869 .format(username, invalid_includes))
1870
1871 new_args = {}
1872 new_args.update(kwargs)
1873 new_args['includepats'] = req_includes
1874 if req_excludes:
1875 new_args['excludepats'] = req_excludes
1876 return new_args
1877
1835 def caps20to10(repo, role):
1878 def caps20to10(repo, role):
1836 """return a set with appropriate options to use bundle20 during getbundle"""
1879 """return a set with appropriate options to use bundle20 during getbundle"""
1837 caps = {'HG20'}
1880 caps = {'HG20'}
General Comments 0
You need to be logged in to leave comments. Login now