Show More
@@ -324,42 +324,6 b' def getbundlechangegrouppart_narrow(bund' | |||
|
324 | 324 | if 'treemanifest' in repo.requirements: |
|
325 | 325 | part.addparam('treemanifest', '1') |
|
326 | 326 | |
|
327 | def applyacl_narrow(repo, kwargs): | |
|
328 | ui = repo.ui | |
|
329 | username = ui.shortuser(ui.environ.get('REMOTE_USER') or ui.username()) | |
|
330 | user_includes = ui.configlist( | |
|
331 | _NARROWACL_SECTION, username + '.includes', | |
|
332 | ui.configlist(_NARROWACL_SECTION, 'default.includes')) | |
|
333 | user_excludes = ui.configlist( | |
|
334 | _NARROWACL_SECTION, username + '.excludes', | |
|
335 | ui.configlist(_NARROWACL_SECTION, 'default.excludes')) | |
|
336 | if not user_includes: | |
|
337 | raise error.Abort(_("{} configuration for user {} is empty") | |
|
338 | .format(_NARROWACL_SECTION, username)) | |
|
339 | ||
|
340 | user_includes = [ | |
|
341 | 'path:.' if p == '*' else 'path:' + p for p in user_includes] | |
|
342 | user_excludes = [ | |
|
343 | 'path:.' if p == '*' else 'path:' + p for p in user_excludes] | |
|
344 | ||
|
345 | req_includes = set(kwargs.get(r'includepats', [])) | |
|
346 | req_excludes = set(kwargs.get(r'excludepats', [])) | |
|
347 | ||
|
348 | req_includes, req_excludes, invalid_includes = narrowspec.restrictpatterns( | |
|
349 | req_includes, req_excludes, user_includes, user_excludes) | |
|
350 | ||
|
351 | if invalid_includes: | |
|
352 | raise error.Abort( | |
|
353 | _("The following includes are not accessible for {}: {}") | |
|
354 | .format(username, invalid_includes)) | |
|
355 | ||
|
356 | new_args = {} | |
|
357 | new_args.update(kwargs) | |
|
358 | new_args['includepats'] = req_includes | |
|
359 | if req_excludes: | |
|
360 | new_args['excludepats'] = req_excludes | |
|
361 | return new_args | |
|
362 | ||
|
363 | 327 | @bundle2.parthandler(_SPECPART, (_SPECPART_INCLUDE, _SPECPART_EXCLUDE)) |
|
364 | 328 | def _handlechangespec_2(op, inpart): |
|
365 | 329 | includepats = set(inpart.params.get(_SPECPART_INCLUDE, '').splitlines()) |
@@ -480,7 +444,7 b' def setup():' | |||
|
480 | 444 | repo = args[1] |
|
481 | 445 | if repo.ui.has_section(_NARROWACL_SECTION): |
|
482 | 446 | getbundlechangegrouppart_narrow( |
|
483 |
*args, **apply |
|
|
447 | *args, **exchange.applynarrowacl(repo, kwargs)) | |
|
484 | 448 | elif kwargs.get(r'narrow', False): |
|
485 | 449 | getbundlechangegrouppart_narrow(*args, **kwargs) |
|
486 | 450 | else: |
@@ -27,6 +27,7 b' from . import (' | |||
|
27 | 27 | error, |
|
28 | 28 | lock as lockmod, |
|
29 | 29 | logexchange, |
|
30 | narrowspec, | |
|
30 | 31 | obsolete, |
|
31 | 32 | phases, |
|
32 | 33 | pushkey, |
@@ -1832,6 +1833,48 b' def _pullobsolete(pullop):' | |||
|
1832 | 1833 | pullop.repo.invalidatevolatilesets() |
|
1833 | 1834 | return tr |
|
1834 | 1835 | |
|
1836 | def applynarrowacl(repo, kwargs): | |
|
1837 | """Apply narrow fetch access control. | |
|
1838 | ||
|
1839 | This massages the named arguments for getbundle wire protocol commands | |
|
1840 | so requested data is filtered through access control rules. | |
|
1841 | """ | |
|
1842 | ui = repo.ui | |
|
1843 | # TODO this assumes existence of HTTP and is a layering violation. | |
|
1844 | username = ui.shortuser(ui.environ.get('REMOTE_USER') or ui.username()) | |
|
1845 | user_includes = ui.configlist( | |
|
1846 | _NARROWACL_SECTION, username + '.includes', | |
|
1847 | ui.configlist(_NARROWACL_SECTION, 'default.includes')) | |
|
1848 | user_excludes = ui.configlist( | |
|
1849 | _NARROWACL_SECTION, username + '.excludes', | |
|
1850 | ui.configlist(_NARROWACL_SECTION, 'default.excludes')) | |
|
1851 | if not user_includes: | |
|
1852 | raise error.Abort(_("{} configuration for user {} is empty") | |
|
1853 | .format(_NARROWACL_SECTION, username)) | |
|
1854 | ||
|
1855 | user_includes = [ | |
|
1856 | 'path:.' if p == '*' else 'path:' + p for p in user_includes] | |
|
1857 | user_excludes = [ | |
|
1858 | 'path:.' if p == '*' else 'path:' + p for p in user_excludes] | |
|
1859 | ||
|
1860 | req_includes = set(kwargs.get(r'includepats', [])) | |
|
1861 | req_excludes = set(kwargs.get(r'excludepats', [])) | |
|
1862 | ||
|
1863 | req_includes, req_excludes, invalid_includes = narrowspec.restrictpatterns( | |
|
1864 | req_includes, req_excludes, user_includes, user_excludes) | |
|
1865 | ||
|
1866 | if invalid_includes: | |
|
1867 | raise error.Abort( | |
|
1868 | _("The following includes are not accessible for {}: {}") | |
|
1869 | .format(username, invalid_includes)) | |
|
1870 | ||
|
1871 | new_args = {} | |
|
1872 | new_args.update(kwargs) | |
|
1873 | new_args['includepats'] = req_includes | |
|
1874 | if req_excludes: | |
|
1875 | new_args['excludepats'] = req_excludes | |
|
1876 | return new_args | |
|
1877 | ||
|
1835 | 1878 | def caps20to10(repo, role): |
|
1836 | 1879 | """return a set with appropriate options to use bundle20 during getbundle""" |
|
1837 | 1880 | caps = {'HG20'} |
General Comments 0
You need to be logged in to leave comments.
Login now