Show More
@@ -324,42 +324,6 b' def getbundlechangegrouppart_narrow(bund' | |||||
324 | if 'treemanifest' in repo.requirements: |
|
324 | if 'treemanifest' in repo.requirements: | |
325 | part.addparam('treemanifest', '1') |
|
325 | part.addparam('treemanifest', '1') | |
326 |
|
326 | |||
327 | def applyacl_narrow(repo, kwargs): |
|
|||
328 | ui = repo.ui |
|
|||
329 | username = ui.shortuser(ui.environ.get('REMOTE_USER') or ui.username()) |
|
|||
330 | user_includes = ui.configlist( |
|
|||
331 | _NARROWACL_SECTION, username + '.includes', |
|
|||
332 | ui.configlist(_NARROWACL_SECTION, 'default.includes')) |
|
|||
333 | user_excludes = ui.configlist( |
|
|||
334 | _NARROWACL_SECTION, username + '.excludes', |
|
|||
335 | ui.configlist(_NARROWACL_SECTION, 'default.excludes')) |
|
|||
336 | if not user_includes: |
|
|||
337 | raise error.Abort(_("{} configuration for user {} is empty") |
|
|||
338 | .format(_NARROWACL_SECTION, username)) |
|
|||
339 |
|
||||
340 | user_includes = [ |
|
|||
341 | 'path:.' if p == '*' else 'path:' + p for p in user_includes] |
|
|||
342 | user_excludes = [ |
|
|||
343 | 'path:.' if p == '*' else 'path:' + p for p in user_excludes] |
|
|||
344 |
|
||||
345 | req_includes = set(kwargs.get(r'includepats', [])) |
|
|||
346 | req_excludes = set(kwargs.get(r'excludepats', [])) |
|
|||
347 |
|
||||
348 | req_includes, req_excludes, invalid_includes = narrowspec.restrictpatterns( |
|
|||
349 | req_includes, req_excludes, user_includes, user_excludes) |
|
|||
350 |
|
||||
351 | if invalid_includes: |
|
|||
352 | raise error.Abort( |
|
|||
353 | _("The following includes are not accessible for {}: {}") |
|
|||
354 | .format(username, invalid_includes)) |
|
|||
355 |
|
||||
356 | new_args = {} |
|
|||
357 | new_args.update(kwargs) |
|
|||
358 | new_args['includepats'] = req_includes |
|
|||
359 | if req_excludes: |
|
|||
360 | new_args['excludepats'] = req_excludes |
|
|||
361 | return new_args |
|
|||
362 |
|
||||
363 | @bundle2.parthandler(_SPECPART, (_SPECPART_INCLUDE, _SPECPART_EXCLUDE)) |
|
327 | @bundle2.parthandler(_SPECPART, (_SPECPART_INCLUDE, _SPECPART_EXCLUDE)) | |
364 | def _handlechangespec_2(op, inpart): |
|
328 | def _handlechangespec_2(op, inpart): | |
365 | includepats = set(inpart.params.get(_SPECPART_INCLUDE, '').splitlines()) |
|
329 | includepats = set(inpart.params.get(_SPECPART_INCLUDE, '').splitlines()) | |
@@ -480,7 +444,7 b' def setup():' | |||||
480 | repo = args[1] |
|
444 | repo = args[1] | |
481 | if repo.ui.has_section(_NARROWACL_SECTION): |
|
445 | if repo.ui.has_section(_NARROWACL_SECTION): | |
482 | getbundlechangegrouppart_narrow( |
|
446 | getbundlechangegrouppart_narrow( | |
483 |
*args, **apply |
|
447 | *args, **exchange.applynarrowacl(repo, kwargs)) | |
484 | elif kwargs.get(r'narrow', False): |
|
448 | elif kwargs.get(r'narrow', False): | |
485 | getbundlechangegrouppart_narrow(*args, **kwargs) |
|
449 | getbundlechangegrouppart_narrow(*args, **kwargs) | |
486 | else: |
|
450 | else: |
@@ -27,6 +27,7 b' from . import (' | |||||
27 | error, |
|
27 | error, | |
28 | lock as lockmod, |
|
28 | lock as lockmod, | |
29 | logexchange, |
|
29 | logexchange, | |
|
30 | narrowspec, | |||
30 | obsolete, |
|
31 | obsolete, | |
31 | phases, |
|
32 | phases, | |
32 | pushkey, |
|
33 | pushkey, | |
@@ -1832,6 +1833,48 b' def _pullobsolete(pullop):' | |||||
1832 | pullop.repo.invalidatevolatilesets() |
|
1833 | pullop.repo.invalidatevolatilesets() | |
1833 | return tr |
|
1834 | return tr | |
1834 |
|
1835 | |||
|
1836 | def applynarrowacl(repo, kwargs): | |||
|
1837 | """Apply narrow fetch access control. | |||
|
1838 | ||||
|
1839 | This massages the named arguments for getbundle wire protocol commands | |||
|
1840 | so requested data is filtered through access control rules. | |||
|
1841 | """ | |||
|
1842 | ui = repo.ui | |||
|
1843 | # TODO this assumes existence of HTTP and is a layering violation. | |||
|
1844 | username = ui.shortuser(ui.environ.get('REMOTE_USER') or ui.username()) | |||
|
1845 | user_includes = ui.configlist( | |||
|
1846 | _NARROWACL_SECTION, username + '.includes', | |||
|
1847 | ui.configlist(_NARROWACL_SECTION, 'default.includes')) | |||
|
1848 | user_excludes = ui.configlist( | |||
|
1849 | _NARROWACL_SECTION, username + '.excludes', | |||
|
1850 | ui.configlist(_NARROWACL_SECTION, 'default.excludes')) | |||
|
1851 | if not user_includes: | |||
|
1852 | raise error.Abort(_("{} configuration for user {} is empty") | |||
|
1853 | .format(_NARROWACL_SECTION, username)) | |||
|
1854 | ||||
|
1855 | user_includes = [ | |||
|
1856 | 'path:.' if p == '*' else 'path:' + p for p in user_includes] | |||
|
1857 | user_excludes = [ | |||
|
1858 | 'path:.' if p == '*' else 'path:' + p for p in user_excludes] | |||
|
1859 | ||||
|
1860 | req_includes = set(kwargs.get(r'includepats', [])) | |||
|
1861 | req_excludes = set(kwargs.get(r'excludepats', [])) | |||
|
1862 | ||||
|
1863 | req_includes, req_excludes, invalid_includes = narrowspec.restrictpatterns( | |||
|
1864 | req_includes, req_excludes, user_includes, user_excludes) | |||
|
1865 | ||||
|
1866 | if invalid_includes: | |||
|
1867 | raise error.Abort( | |||
|
1868 | _("The following includes are not accessible for {}: {}") | |||
|
1869 | .format(username, invalid_includes)) | |||
|
1870 | ||||
|
1871 | new_args = {} | |||
|
1872 | new_args.update(kwargs) | |||
|
1873 | new_args['includepats'] = req_includes | |||
|
1874 | if req_excludes: | |||
|
1875 | new_args['excludepats'] = req_excludes | |||
|
1876 | return new_args | |||
|
1877 | ||||
1835 | def caps20to10(repo, role): |
|
1878 | def caps20to10(repo, role): | |
1836 | """return a set with appropriate options to use bundle20 during getbundle""" |
|
1879 | """return a set with appropriate options to use bundle20 during getbundle""" | |
1837 | caps = {'HG20'} |
|
1880 | caps = {'HG20'} |
General Comments 0
You need to be logged in to leave comments.
Login now