##// END OF EJS Templates
exchange: move narrow acl functionality into core...
Gregory Szorc -
r38826:3e738733 default
parent child Browse files
Show More
@@ -324,42 +324,6 b' def getbundlechangegrouppart_narrow(bund'
324 324 if 'treemanifest' in repo.requirements:
325 325 part.addparam('treemanifest', '1')
326 326
327 def applyacl_narrow(repo, kwargs):
328 ui = repo.ui
329 username = ui.shortuser(ui.environ.get('REMOTE_USER') or ui.username())
330 user_includes = ui.configlist(
331 _NARROWACL_SECTION, username + '.includes',
332 ui.configlist(_NARROWACL_SECTION, 'default.includes'))
333 user_excludes = ui.configlist(
334 _NARROWACL_SECTION, username + '.excludes',
335 ui.configlist(_NARROWACL_SECTION, 'default.excludes'))
336 if not user_includes:
337 raise error.Abort(_("{} configuration for user {} is empty")
338 .format(_NARROWACL_SECTION, username))
339
340 user_includes = [
341 'path:.' if p == '*' else 'path:' + p for p in user_includes]
342 user_excludes = [
343 'path:.' if p == '*' else 'path:' + p for p in user_excludes]
344
345 req_includes = set(kwargs.get(r'includepats', []))
346 req_excludes = set(kwargs.get(r'excludepats', []))
347
348 req_includes, req_excludes, invalid_includes = narrowspec.restrictpatterns(
349 req_includes, req_excludes, user_includes, user_excludes)
350
351 if invalid_includes:
352 raise error.Abort(
353 _("The following includes are not accessible for {}: {}")
354 .format(username, invalid_includes))
355
356 new_args = {}
357 new_args.update(kwargs)
358 new_args['includepats'] = req_includes
359 if req_excludes:
360 new_args['excludepats'] = req_excludes
361 return new_args
362
363 327 @bundle2.parthandler(_SPECPART, (_SPECPART_INCLUDE, _SPECPART_EXCLUDE))
364 328 def _handlechangespec_2(op, inpart):
365 329 includepats = set(inpart.params.get(_SPECPART_INCLUDE, '').splitlines())
@@ -480,7 +444,7 b' def setup():'
480 444 repo = args[1]
481 445 if repo.ui.has_section(_NARROWACL_SECTION):
482 446 getbundlechangegrouppart_narrow(
483 *args, **applyacl_narrow(repo, kwargs))
447 *args, **exchange.applynarrowacl(repo, kwargs))
484 448 elif kwargs.get(r'narrow', False):
485 449 getbundlechangegrouppart_narrow(*args, **kwargs)
486 450 else:
@@ -27,6 +27,7 b' from . import ('
27 27 error,
28 28 lock as lockmod,
29 29 logexchange,
30 narrowspec,
30 31 obsolete,
31 32 phases,
32 33 pushkey,
@@ -1832,6 +1833,48 b' def _pullobsolete(pullop):'
1832 1833 pullop.repo.invalidatevolatilesets()
1833 1834 return tr
1834 1835
1836 def applynarrowacl(repo, kwargs):
1837 """Apply narrow fetch access control.
1838
1839 This massages the named arguments for getbundle wire protocol commands
1840 so requested data is filtered through access control rules.
1841 """
1842 ui = repo.ui
1843 # TODO this assumes existence of HTTP and is a layering violation.
1844 username = ui.shortuser(ui.environ.get('REMOTE_USER') or ui.username())
1845 user_includes = ui.configlist(
1846 _NARROWACL_SECTION, username + '.includes',
1847 ui.configlist(_NARROWACL_SECTION, 'default.includes'))
1848 user_excludes = ui.configlist(
1849 _NARROWACL_SECTION, username + '.excludes',
1850 ui.configlist(_NARROWACL_SECTION, 'default.excludes'))
1851 if not user_includes:
1852 raise error.Abort(_("{} configuration for user {} is empty")
1853 .format(_NARROWACL_SECTION, username))
1854
1855 user_includes = [
1856 'path:.' if p == '*' else 'path:' + p for p in user_includes]
1857 user_excludes = [
1858 'path:.' if p == '*' else 'path:' + p for p in user_excludes]
1859
1860 req_includes = set(kwargs.get(r'includepats', []))
1861 req_excludes = set(kwargs.get(r'excludepats', []))
1862
1863 req_includes, req_excludes, invalid_includes = narrowspec.restrictpatterns(
1864 req_includes, req_excludes, user_includes, user_excludes)
1865
1866 if invalid_includes:
1867 raise error.Abort(
1868 _("The following includes are not accessible for {}: {}")
1869 .format(username, invalid_includes))
1870
1871 new_args = {}
1872 new_args.update(kwargs)
1873 new_args['includepats'] = req_includes
1874 if req_excludes:
1875 new_args['excludepats'] = req_excludes
1876 return new_args
1877
1835 1878 def caps20to10(repo, role):
1836 1879 """return a set with appropriate options to use bundle20 during getbundle"""
1837 1880 caps = {'HG20'}
General Comments 0
You need to be logged in to leave comments. Login now