##// END OF EJS Templates
upstream » mercurial-mirror
RSS

Clone from https://www.mercurial-scm.org/repo/hg-all

acl: add bookmarks support...
idlsoft -
r38550:6beb8347 @66 default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -1,380 +1,427
1 1 # acl.py - changeset access control for mercurial
2 2 #
3 3 # Copyright 2006 Vadim Gelfer <vadim.gelfer@gmail.com>
4 4 #
5 5 # This software may be used and distributed according to the terms of the
6 6 # GNU General Public License version 2 or any later version.
7 7
8 8 '''hooks for controlling repository access
9 9
10 10 This hook makes it possible to allow or deny write access to given
11 11 branches and paths of a repository when receiving incoming changesets
12 12 via pretxnchangegroup and pretxncommit.
13 13
14 14 The authorization is matched based on the local user name on the
15 15 system where the hook runs, and not the committer of the original
16 16 changeset (since the latter is merely informative).
17 17
18 18 The acl hook is best used along with a restricted shell like hgsh,
19 19 preventing authenticating users from doing anything other than pushing
20 20 or pulling. The hook is not safe to use if users have interactive
21 21 shell access, as they can then disable the hook. Nor is it safe if
22 22 remote users share an account, because then there is no way to
23 23 distinguish them.
24 24
25 25 The order in which access checks are performed is:
26 26
27 27 1) Deny list for branches (section ``acl.deny.branches``)
28 28 2) Allow list for branches (section ``acl.allow.branches``)
29 29 3) Deny list for paths (section ``acl.deny``)
30 30 4) Allow list for paths (section ``acl.allow``)
31 31
32 32 The allow and deny sections take key-value pairs.
33 33
34 34 Branch-based Access Control
35 35 ---------------------------
36 36
37 37 Use the ``acl.deny.branches`` and ``acl.allow.branches`` sections to
38 38 have branch-based access control. Keys in these sections can be
39 39 either:
40 40
41 41 - a branch name, or
42 42 - an asterisk, to match any branch;
43 43
44 44 The corresponding values can be either:
45 45
46 46 - a comma-separated list containing users and groups, or
47 47 - an asterisk, to match anyone;
48 48
49 49 You can add the "!" prefix to a user or group name to invert the sense
50 50 of the match.
51 51
52 52 Path-based Access Control
53 53 -------------------------
54 54
55 55 Use the ``acl.deny`` and ``acl.allow`` sections to have path-based
56 56 access control. Keys in these sections accept a subtree pattern (with
57 57 a glob syntax by default). The corresponding values follow the same
58 58 syntax as the other sections above.
59 59
60 Bookmark-based Access Control
61 -----------------------------
62 Use the ``acl.deny.bookmarks`` and ``acl.allow.bookmarks`` sections to
63 have bookmark-based access control. Keys in these sections can be
64 either:
65
66 - a bookmark name, or
67 - an asterisk, to match any bookmark;
68
69 The corresponding values can be either:
70
71 - a comma-separated list containing users and groups, or
72 - an asterisk, to match anyone;
73
74 You can add the "!" prefix to a user or group name to invert the sense
75 of the match.
76
77 Note: for interactions between clients and servers using Mercurial 3.6+
78 a rejection will generally reject the entire push, for interactions
79 involving older clients, the commit transactions will already be accepted,
80 and only the bookmark movement will be rejected.
81
60 82 Groups
61 83 ------
62 84
63 85 Group names must be prefixed with an ``@`` symbol. Specifying a group
64 86 name has the same effect as specifying all the users in that group.
65 87
66 88 You can define group members in the ``acl.groups`` section.
67 89 If a group name is not defined there, and Mercurial is running under
68 90 a Unix-like system, the list of users will be taken from the OS.
69 91 Otherwise, an exception will be raised.
70 92
71 93 Example Configuration
72 94 ---------------------
73 95
74 96 ::
75 97
76 98 [hooks]
77 99
78 100 # Use this if you want to check access restrictions at commit time
79 101 pretxncommit.acl = python:hgext.acl.hook
80 102
81 103 # Use this if you want to check access restrictions for pull, push,
82 104 # bundle and serve.
83 105 pretxnchangegroup.acl = python:hgext.acl.hook
84 106
85 107 [acl]
86 108 # Allow or deny access for incoming changes only if their source is
87 109 # listed here, let them pass otherwise. Source is "serve" for all
88 110 # remote access (http or ssh), "push", "pull" or "bundle" when the
89 111 # related commands are run locally.
90 112 # Default: serve
91 113 sources = serve
92 114
93 115 [acl.deny.branches]
94 116
95 117 # Everyone is denied to the frozen branch:
96 118 frozen-branch = *
97 119
98 120 # A bad user is denied on all branches:
99 121 * = bad-user
100 122
101 123 [acl.allow.branches]
102 124
103 125 # A few users are allowed on branch-a:
104 126 branch-a = user-1, user-2, user-3
105 127
106 128 # Only one user is allowed on branch-b:
107 129 branch-b = user-1
108 130
109 131 # The super user is allowed on any branch:
110 132 * = super-user
111 133
112 134 # Everyone is allowed on branch-for-tests:
113 135 branch-for-tests = *
114 136
115 137 [acl.deny]
116 138 # This list is checked first. If a match is found, acl.allow is not
117 139 # checked. All users are granted access if acl.deny is not present.
118 140 # Format for both lists: glob pattern = user, ..., @group, ...
119 141
120 142 # To match everyone, use an asterisk for the user:
121 143 # my/glob/pattern = *
122 144
123 145 # user6 will not have write access to any file:
124 146 ** = user6
125 147
126 148 # Group "hg-denied" will not have write access to any file:
127 149 ** = @hg-denied
128 150
129 151 # Nobody will be able to change "DONT-TOUCH-THIS.txt", despite
130 152 # everyone being able to change all other files. See below.
131 153 src/main/resources/DONT-TOUCH-THIS.txt = *
132 154
133 155 [acl.allow]
134 156 # if acl.allow is not present, all users are allowed by default
135 157 # empty acl.allow = no users allowed
136 158
137 159 # User "doc_writer" has write access to any file under the "docs"
138 160 # folder:
139 161 docs/** = doc_writer
140 162
141 163 # User "jack" and group "designers" have write access to any file
142 164 # under the "images" folder:
143 165 images/** = jack, @designers
144 166
145 167 # Everyone (except for "user6" and "@hg-denied" - see acl.deny above)
146 168 # will have write access to any file under the "resources" folder
147 169 # (except for 1 file. See acl.deny):
148 170 src/main/resources/** = *
149 171
150 172 .hgtags = release_engineer
151 173
152 174 Examples using the "!" prefix
153 175 .............................
154 176
155 177 Suppose there's a branch that only a given user (or group) should be able to
156 178 push to, and you don't want to restrict access to any other branch that may
157 179 be created.
158 180
159 181 The "!" prefix allows you to prevent anyone except a given user or group to
160 182 push changesets in a given branch or path.
161 183
162 184 In the examples below, we will:
163 185 1) Deny access to branch "ring" to anyone but user "gollum"
164 186 2) Deny access to branch "lake" to anyone but members of the group "hobbit"
165 187 3) Deny access to a file to anyone but user "gollum"
166 188
167 189 ::
168 190
169 191 [acl.allow.branches]
170 192 # Empty
171 193
172 194 [acl.deny.branches]
173 195
174 196 # 1) only 'gollum' can commit to branch 'ring';
175 197 # 'gollum' and anyone else can still commit to any other branch.
176 198 ring = !gollum
177 199
178 200 # 2) only members of the group 'hobbit' can commit to branch 'lake';
179 201 # 'hobbit' members and anyone else can still commit to any other branch.
180 202 lake = !@hobbit
181 203
182 204 # You can also deny access based on file paths:
183 205
184 206 [acl.allow]
185 207 # Empty
186 208
187 209 [acl.deny]
188 210 # 3) only 'gollum' can change the file below;
189 211 # 'gollum' and anyone else can still change any other file.
190 212 /misty/mountains/cave/ring = !gollum
191 213
192 214 '''
193 215
194 216 from __future__ import absolute_import
195 217
196 218 from mercurial.i18n import _
197 219 from mercurial import (
198 220 error,
199 221 extensions,
200 222 match,
201 223 registrar,
202 224 util,
203 225 )
204 226 from mercurial.utils import (
205 227 procutil,
206 228 )
207 229
208 230 urlreq = util.urlreq
209 231
210 232 # Note for extension authors: ONLY specify testedwith = 'ships-with-hg-core' for
211 233 # extensions which SHIP WITH MERCURIAL. Non-mainline extensions should
212 234 # be specifying the version(s) of Mercurial they are tested with, or
213 235 # leave the attribute unspecified.
214 236 testedwith = 'ships-with-hg-core'
215 237
216 238 configtable = {}
217 239 configitem = registrar.configitem(configtable)
218 240
219 241 # deprecated config: acl.config
220 242 configitem('acl', 'config',
221 243 default=None,
222 244 )
223 245 configitem('acl.groups', '.*',
224 246 default=None,
225 247 generic=True,
226 248 )
227 249 configitem('acl.deny.branches', '.*',
228 250 default=None,
229 251 generic=True,
230 252 )
231 253 configitem('acl.allow.branches', '.*',
232 254 default=None,
233 255 generic=True,
234 256 )
235 257 configitem('acl.deny', '.*',
236 258 default=None,
237 259 generic=True,
238 260 )
239 261 configitem('acl.allow', '.*',
240 262 default=None,
241 263 generic=True,
242 264 )
243 265 configitem('acl', 'sources',
244 266 default=lambda: ['serve'],
245 267 )
246 268
247 269 def _getusers(ui, group):
248 270
249 271 # First, try to use group definition from section [acl.groups]
250 272 hgrcusers = ui.configlist('acl.groups', group)
251 273 if hgrcusers:
252 274 return hgrcusers
253 275
254 276 ui.debug('acl: "%s" not defined in [acl.groups]\n' % group)
255 277 # If no users found in group definition, get users from OS-level group
256 278 try:
257 279 return util.groupmembers(group)
258 280 except KeyError:
259 281 raise error.Abort(_("group '%s' is undefined") % group)
260 282
261 283 def _usermatch(ui, user, usersorgroups):
262 284
263 285 if usersorgroups == '*':
264 286 return True
265 287
266 288 for ug in usersorgroups.replace(',', ' ').split():
267 289
268 290 if ug.startswith('!'):
269 291 # Test for excluded user or group. Format:
270 292 # if ug is a user name: !username
271 293 # if ug is a group name: !@groupname
272 294 ug = ug[1:]
273 295 if not ug.startswith('@') and user != ug \
274 296 or ug.startswith('@') and user not in _getusers(ui, ug[1:]):
275 297 return True
276 298
277 299 # Test for user or group. Format:
278 300 # if ug is a user name: username
279 301 # if ug is a group name: @groupname
280 302 elif user == ug \
281 303 or ug.startswith('@') and user in _getusers(ui, ug[1:]):
282 304 return True
283 305
284 306 return False
285 307
286 308 def buildmatch(ui, repo, user, key):
287 309 '''return tuple of (match function, list enabled).'''
288 310 if not ui.has_section(key):
289 311 ui.debug('acl: %s not enabled\n' % key)
290 312 return None
291 313
292 314 pats = [pat for pat, users in ui.configitems(key)
293 315 if _usermatch(ui, user, users)]
294 316 ui.debug('acl: %s enabled, %d entries for user %s\n' %
295 317 (key, len(pats), user))
296 318
297 319 # Branch-based ACL
298 320 if not repo:
299 321 if pats:
300 322 # If there's an asterisk (meaning "any branch"), always return True;
301 323 # Otherwise, test if b is in pats
302 324 if '*' in pats:
303 325 return util.always
304 326 return lambda b: b in pats
305 327 return util.never
306 328
307 329 # Path-based ACL
308 330 if pats:
309 331 return match.match(repo.root, '', pats)
310 332 return util.never
311 333
312 334 def ensureenabled(ui):
313 335 """make sure the extension is enabled when used as hook
314 336
315 337 When acl is used through hooks, the extension is never formally loaded and
316 338 enabled. This has some side effect, for example the config declaration is
317 339 never loaded. This function ensure the extension is enabled when running
318 340 hooks.
319 341 """
320 342 if 'acl' in ui._knownconfig:
321 343 return
322 344 ui.setconfig('extensions', 'acl', '', source='internal')
323 345 extensions.loadall(ui, ['acl'])
324 346
325 347 def hook(ui, repo, hooktype, node=None, source=None, **kwargs):
326 348
327 349 ensureenabled(ui)
328 350
329 if hooktype not in ['pretxnchangegroup', 'pretxncommit']:
330 raise error.Abort(_('config error - hook type "%s" cannot stop '
331 'incoming changesets nor commits') % hooktype)
351 if hooktype not in ['pretxnchangegroup', 'pretxncommit', 'prepushkey']:
352 raise error.Abort(
353 _('config error - hook type "%s" cannot stop '
354 'incoming changesets, commits, nor bookmarks') % hooktype)
332 355 if (hooktype == 'pretxnchangegroup' and
333 356 source not in ui.configlist('acl', 'sources')):
334 357 ui.debug('acl: changes have source "%s" - skipping\n' % source)
335 358 return
336 359
337 360 user = None
338 361 if source == 'serve' and r'url' in kwargs:
339 362 url = kwargs[r'url'].split(':')
340 363 if url[0] == 'remote' and url[1].startswith('http'):
341 364 user = urlreq.unquote(url[3])
342 365
343 366 if user is None:
344 367 user = procutil.getuser()
345 368
346 369 ui.debug('acl: checking access for user "%s"\n' % user)
347 370
371 if hooktype == 'prepushkey':
372 _pkhook(ui, repo, hooktype, node, source, user, **kwargs)
373 else:
374 _txnhook(ui, repo, hooktype, node, source, user, **kwargs)
375
376 def _pkhook(ui, repo, hooktype, node, source, user, **kwargs):
377 if kwargs['namespace'] == 'bookmarks':
378 bookmark = kwargs['key']
379 ctx = kwargs['new']
380 allowbookmarks = buildmatch(ui, None, user, 'acl.allow.bookmarks')
381 denybookmarks = buildmatch(ui, None, user, 'acl.deny.bookmarks')
382
383 if denybookmarks and denybookmarks(bookmark):
384 raise error.Abort(_('acl: user "%s" denied on bookmark "%s"'
385 ' (changeset "%s")')
386 % (user, bookmark, ctx))
387 if allowbookmarks and not allowbookmarks(bookmark):
388 raise error.Abort(_('acl: user "%s" not allowed on bookmark "%s"'
389 ' (changeset "%s")')
390 % (user, bookmark, ctx))
391 ui.debug('acl: bookmark access granted: "%s" on bookmark "%s"\n'
392 % (ctx, bookmark))
393
394 def _txnhook(ui, repo, hooktype, node, source, user, **kwargs):
348 395 # deprecated config: acl.config
349 396 cfg = ui.config('acl', 'config')
350 397 if cfg:
351 398 ui.readconfig(cfg, sections=['acl.groups', 'acl.allow.branches',
352 399 'acl.deny.branches', 'acl.allow', 'acl.deny'])
353 400
354 401 allowbranches = buildmatch(ui, None, user, 'acl.allow.branches')
355 402 denybranches = buildmatch(ui, None, user, 'acl.deny.branches')
356 403 allow = buildmatch(ui, repo, user, 'acl.allow')
357 404 deny = buildmatch(ui, repo, user, 'acl.deny')
358 405
359 406 for rev in xrange(repo[node].rev(), len(repo)):
360 407 ctx = repo[rev]
361 408 branch = ctx.branch()
362 409 if denybranches and denybranches(branch):
363 410 raise error.Abort(_('acl: user "%s" denied on branch "%s"'
364 411 ' (changeset "%s")')
365 412 % (user, branch, ctx))
366 413 if allowbranches and not allowbranches(branch):
367 414 raise error.Abort(_('acl: user "%s" not allowed on branch "%s"'
368 415 ' (changeset "%s")')
369 416 % (user, branch, ctx))
370 417 ui.debug('acl: branch access granted: "%s" on branch "%s"\n'
371 418 % (ctx, branch))
372 419
373 420 for f in ctx.files():
374 421 if deny and deny(f):
375 422 raise error.Abort(_('acl: user "%s" denied on "%s"'
376 423 ' (changeset "%s")') % (user, f, ctx))
377 424 if allow and not allow(f):
378 425 raise error.Abort(_('acl: user "%s" not allowed on "%s"'
379 426 ' (changeset "%s")') % (user, f, ctx))
380 427 ui.debug('acl: path access granted: "%s"\n' % ctx)
Show file before | Show file after | Hide comments
@@ -1,2211 +1,2411
1 1 > do_push()
2 2 > {
3 3 > user=$1
4 4 > shift
5 5 > echo "Pushing as user $user"
6 6 > echo 'hgrc = """'
7 7 > sed -n '/\[[ha]/,$p' b/.hg/hgrc | grep -v fakegroups.py
8 8 > echo '"""'
9 9 > if test -f acl.config; then
10 10 > echo 'acl.config = """'
11 11 > cat acl.config
12 12 > echo '"""'
13 13 > fi
14 14 > # On AIX /etc/profile sets LOGNAME read-only. So
15 15 > # LOGNAME=$user hg --cws a --debug push ../b
16 16 > # fails with "This variable is read only."
17 17 > # Use env to work around this.
18 > env LOGNAME=$user hg --cwd a --debug push ../b
18 > env LOGNAME=$user hg --cwd a --debug push ../b $*
19 19 > hg --cwd b rollback
20 20 > hg --cwd b --quiet tip
21 21 > echo
22 22 > }
23 23
24 24 > cat > posixgetuser.py <<'EOF'
25 25 > import getpass
26 26 > from mercurial import pycompat
27 27 > from mercurial.utils import procutil
28 28 > def posixgetuser():
29 29 > return pycompat.fsencode(getpass.getuser())
30 30 > if not pycompat.isposix:
31 31 > procutil.getuser = posixgetuser # forcibly trust $LOGNAME
32 32 > EOF
33 33
34 34 > init_config()
35 35 > {
36 36 > cat > fakegroups.py <<EOF
37 37 > from hgext import acl
38 38 > def fakegetusers(ui, group):
39 39 > try:
40 40 > return acl._getusersorig(ui, group)
41 41 > except:
42 42 > return ["fred", "betty"]
43 43 > acl._getusersorig = acl._getusers
44 44 > acl._getusers = fakegetusers
45 45 > EOF
46 46 > rm -f acl.config
47 47 > cat > $config <<EOF
48 48 > [hooks]
49 49 > pretxnchangegroup.acl = python:hgext.acl.hook
50 > prepushkey.acl = python:hgext.acl.hook
50 51 > [acl]
51 52 > sources = push
52 53 > [extensions]
53 54 > f=`pwd`/fakegroups.py
54 55 > posixgetuser=$TESTTMP/posixgetuser.py
55 56 > EOF
56 57 > }
57 58
58 59 $ hg init a
59 60 $ cd a
60 61 $ mkdir foo foo/Bar quux
61 62 $ echo 'in foo' > foo/file.txt
62 63 $ echo 'in foo/Bar' > foo/Bar/file.txt
63 64 $ echo 'in quux' > quux/file.py
64 65 $ hg add -q
65 66 $ hg ci -m 'add files' -d '1000000 0'
66 67 $ echo >> foo/file.txt
67 68 $ hg ci -m 'change foo/file' -d '1000001 0'
68 69 $ echo >> foo/Bar/file.txt
69 70 $ hg ci -m 'change foo/Bar/file' -d '1000002 0'
70 71 $ echo >> quux/file.py
71 72 $ hg ci -m 'change quux/file' -d '1000003 0'
72 73 $ hg tip --quiet
73 74 3:911600dab2ae
74 75
75 76 $ cd ..
76 77 $ hg clone -r 0 a b
77 78 adding changesets
78 79 adding manifests
79 80 adding file changes
80 81 added 1 changesets with 3 changes to 3 files
81 82 new changesets 6675d58eff77
82 83 updating to branch default
83 84 3 files updated, 0 files merged, 0 files removed, 0 files unresolved
84 85
85 86 $ config=b/.hg/hgrc
86 87 $ cat >> "$config" <<EOF
87 88 > [extensions]
88 89 > posixgetuser=$TESTTMP/posixgetuser.py
89 90 > EOF
90 91
91 92 Extension disabled for lack of a hook
92 93
93 94 $ do_push fred
94 95 Pushing as user fred
95 96 hgrc = """
96 97 """
97 98 pushing to ../b
98 99 query 1; heads
99 100 searching for changes
100 101 all remote heads known locally
101 102 listing keys for "phases"
102 103 checking for updated bookmarks
103 104 listing keys for "bookmarks"
104 105 listing keys for "bookmarks"
105 106 3 changesets found
106 107 list of changesets:
107 108 ef1ea85a6374b77d6da9dcda9541f498f2d17df7
108 109 f9cafe1212c8c6fa1120d14a556e18cc44ff8bdd
109 110 911600dab2ae7a9baff75958b84fe606851ce955
110 111 bundle2-output-bundle: "HG20", 5 parts total
111 112 bundle2-output-part: "replycaps" 205 bytes payload
112 113 bundle2-output-part: "check:phases" 24 bytes payload
113 114 bundle2-output-part: "check:heads" streamed payload
114 115 bundle2-output-part: "changegroup" (params: 1 mandatory) streamed payload
115 116 bundle2-output-part: "phase-heads" 24 bytes payload
116 117 bundle2-input-bundle: with-transaction
117 118 bundle2-input-part: "replycaps" supported
118 119 bundle2-input-part: total payload size 205
119 120 bundle2-input-part: "check:phases" supported
120 121 bundle2-input-part: total payload size 24
121 122 bundle2-input-part: "check:heads" supported
122 123 bundle2-input-part: total payload size 20
123 124 bundle2-input-part: "changegroup" (params: 1 mandatory) supported
124 125 adding changesets
125 126 add changeset ef1ea85a6374
126 127 add changeset f9cafe1212c8
127 128 add changeset 911600dab2ae
128 129 adding manifests
129 130 adding file changes
130 131 adding foo/Bar/file.txt revisions
131 132 adding foo/file.txt revisions
132 133 adding quux/file.py revisions
133 134 added 3 changesets with 3 changes to 3 files
134 135 bundle2-input-part: total payload size 1553
135 136 bundle2-input-part: "phase-heads" supported
136 137 bundle2-input-part: total payload size 24
137 138 bundle2-input-bundle: 4 parts total
138 139 updating the branch cache
139 140 bundle2-output-bundle: "HG20", 1 parts total
140 141 bundle2-output-part: "reply:changegroup" (advisory) (params: 0 advisory) empty payload
141 142 bundle2-input-bundle: no-transaction
142 143 bundle2-input-part: "reply:changegroup" (advisory) (params: 0 advisory) supported
143 144 bundle2-input-bundle: 0 parts total
144 145 listing keys for "phases"
145 146 repository tip rolled back to revision 0 (undo push)
146 147 0:6675d58eff77
147 148
148 149
149 150 $ echo '[hooks]' >> $config
150 151 $ echo 'pretxnchangegroup.acl = python:hgext.acl.hook' >> $config
152 $ echo 'prepushkey.acl = python:hgext.acl.hook' >> $config
151 153
152 154 Extension disabled for lack of acl.sources
153 155
154 156 $ do_push fred
155 157 Pushing as user fred
156 158 hgrc = """
157 159 [hooks]
158 160 pretxnchangegroup.acl = python:hgext.acl.hook
161 prepushkey.acl = python:hgext.acl.hook
159 162 """
160 163 pushing to ../b
161 164 query 1; heads
162 165 searching for changes
163 166 all remote heads known locally
164 167 listing keys for "phases"
165 168 checking for updated bookmarks
166 169 listing keys for "bookmarks"
167 170 listing keys for "bookmarks"
168 171 3 changesets found
169 172 list of changesets:
170 173 ef1ea85a6374b77d6da9dcda9541f498f2d17df7
171 174 f9cafe1212c8c6fa1120d14a556e18cc44ff8bdd
172 175 911600dab2ae7a9baff75958b84fe606851ce955
173 176 bundle2-output-bundle: "HG20", 5 parts total
174 177 bundle2-output-part: "replycaps" 205 bytes payload
175 178 bundle2-output-part: "check:phases" 24 bytes payload
176 179 bundle2-output-part: "check:heads" streamed payload
177 180 bundle2-output-part: "changegroup" (params: 1 mandatory) streamed payload
178 181 bundle2-output-part: "phase-heads" 24 bytes payload
179 182 bundle2-input-bundle: with-transaction
180 183 bundle2-input-part: "replycaps" supported
181 184 bundle2-input-part: total payload size 205
182 185 bundle2-input-part: "check:phases" supported
183 186 bundle2-input-part: total payload size 24
184 187 bundle2-input-part: "check:heads" supported
185 188 bundle2-input-part: total payload size 20
186 189 bundle2-input-part: "changegroup" (params: 1 mandatory) supported
187 190 adding changesets
188 191 add changeset ef1ea85a6374
189 192 add changeset f9cafe1212c8
190 193 add changeset 911600dab2ae
191 194 adding manifests
192 195 adding file changes
193 196 adding foo/Bar/file.txt revisions
194 197 adding foo/file.txt revisions
195 198 adding quux/file.py revisions
196 199 added 3 changesets with 3 changes to 3 files
197 200 calling hook pretxnchangegroup.acl: hgext.acl.hook
198 201 acl: changes have source "push" - skipping
199 202 bundle2-input-part: total payload size 1553
200 203 bundle2-input-part: "phase-heads" supported
201 204 bundle2-input-part: total payload size 24
202 205 bundle2-input-bundle: 4 parts total
203 206 updating the branch cache
204 207 bundle2-output-bundle: "HG20", 1 parts total
205 208 bundle2-output-part: "reply:changegroup" (advisory) (params: 0 advisory) empty payload
206 209 bundle2-input-bundle: no-transaction
207 210 bundle2-input-part: "reply:changegroup" (advisory) (params: 0 advisory) supported
208 211 bundle2-input-bundle: 0 parts total
209 212 listing keys for "phases"
210 213 repository tip rolled back to revision 0 (undo push)
211 214 0:6675d58eff77
212 215
213 216
214 217 No [acl.allow]/[acl.deny]
215 218
216 219 $ echo '[acl]' >> $config
217 220 $ echo 'sources = push' >> $config
218 221 $ do_push fred
219 222 Pushing as user fred
220 223 hgrc = """
221 224 [hooks]
222 225 pretxnchangegroup.acl = python:hgext.acl.hook
226 prepushkey.acl = python:hgext.acl.hook
223 227 [acl]
224 228 sources = push
225 229 """
226 230 pushing to ../b
227 231 query 1; heads
228 232 searching for changes
229 233 all remote heads known locally
230 234 listing keys for "phases"
231 235 checking for updated bookmarks
232 236 listing keys for "bookmarks"
233 237 listing keys for "bookmarks"
234 238 3 changesets found
235 239 list of changesets:
236 240 ef1ea85a6374b77d6da9dcda9541f498f2d17df7
237 241 f9cafe1212c8c6fa1120d14a556e18cc44ff8bdd
238 242 911600dab2ae7a9baff75958b84fe606851ce955
239 243 bundle2-output-bundle: "HG20", 5 parts total
240 244 bundle2-output-part: "replycaps" 205 bytes payload
241 245 bundle2-output-part: "check:phases" 24 bytes payload
242 246 bundle2-output-part: "check:heads" streamed payload
243 247 bundle2-output-part: "changegroup" (params: 1 mandatory) streamed payload
244 248 bundle2-output-part: "phase-heads" 24 bytes payload
245 249 bundle2-input-bundle: with-transaction
246 250 bundle2-input-part: "replycaps" supported
247 251 bundle2-input-part: total payload size 205
248 252 bundle2-input-part: "check:phases" supported
249 253 bundle2-input-part: total payload size 24
250 254 bundle2-input-part: "check:heads" supported
251 255 bundle2-input-part: total payload size 20
252 256 bundle2-input-part: "changegroup" (params: 1 mandatory) supported
253 257 adding changesets
254 258 add changeset ef1ea85a6374
255 259 add changeset f9cafe1212c8
256 260 add changeset 911600dab2ae
257 261 adding manifests
258 262 adding file changes
259 263 adding foo/Bar/file.txt revisions
260 264 adding foo/file.txt revisions
261 265 adding quux/file.py revisions
262 266 added 3 changesets with 3 changes to 3 files
263 267 calling hook pretxnchangegroup.acl: hgext.acl.hook
264 268 acl: checking access for user "fred"
265 269 acl: acl.allow.branches not enabled
266 270 acl: acl.deny.branches not enabled
267 271 acl: acl.allow not enabled
268 272 acl: acl.deny not enabled
269 273 acl: branch access granted: "ef1ea85a6374" on branch "default"
270 274 acl: path access granted: "ef1ea85a6374"
271 275 acl: branch access granted: "f9cafe1212c8" on branch "default"
272 276 acl: path access granted: "f9cafe1212c8"
273 277 acl: branch access granted: "911600dab2ae" on branch "default"
274 278 acl: path access granted: "911600dab2ae"
275 279 bundle2-input-part: total payload size 1553
276 280 bundle2-input-part: "phase-heads" supported
277 281 bundle2-input-part: total payload size 24
278 282 bundle2-input-bundle: 4 parts total
279 283 updating the branch cache
280 284 bundle2-output-bundle: "HG20", 1 parts total
281 285 bundle2-output-part: "reply:changegroup" (advisory) (params: 0 advisory) empty payload
282 286 bundle2-input-bundle: no-transaction
283 287 bundle2-input-part: "reply:changegroup" (advisory) (params: 0 advisory) supported
284 288 bundle2-input-bundle: 0 parts total
285 289 listing keys for "phases"
286 290 repository tip rolled back to revision 0 (undo push)
287 291 0:6675d58eff77
288 292
289 293
290 294 Empty [acl.allow]
291 295
292 296 $ echo '[acl.allow]' >> $config
293 297 $ do_push fred
294 298 Pushing as user fred
295 299 hgrc = """
296 300 [hooks]
297 301 pretxnchangegroup.acl = python:hgext.acl.hook
302 prepushkey.acl = python:hgext.acl.hook
298 303 [acl]
299 304 sources = push
300 305 [acl.allow]
301 306 """
302 307 pushing to ../b
303 308 query 1; heads
304 309 searching for changes
305 310 all remote heads known locally
306 311 listing keys for "phases"
307 312 checking for updated bookmarks
308 313 listing keys for "bookmarks"
309 314 listing keys for "bookmarks"
310 315 3 changesets found
311 316 list of changesets:
312 317 ef1ea85a6374b77d6da9dcda9541f498f2d17df7
313 318 f9cafe1212c8c6fa1120d14a556e18cc44ff8bdd
314 319 911600dab2ae7a9baff75958b84fe606851ce955
315 320 bundle2-output-bundle: "HG20", 5 parts total
316 321 bundle2-output-part: "replycaps" 205 bytes payload
317 322 bundle2-output-part: "check:phases" 24 bytes payload
318 323 bundle2-output-part: "check:heads" streamed payload
319 324 bundle2-output-part: "changegroup" (params: 1 mandatory) streamed payload
320 325 bundle2-output-part: "phase-heads" 24 bytes payload
321 326 bundle2-input-bundle: with-transaction
322 327 bundle2-input-part: "replycaps" supported
323 328 bundle2-input-part: total payload size 205
324 329 bundle2-input-part: "check:phases" supported
325 330 bundle2-input-part: total payload size 24
326 331 bundle2-input-part: "check:heads" supported
327 332 bundle2-input-part: total payload size 20
328 333 bundle2-input-part: "changegroup" (params: 1 mandatory) supported
329 334 adding changesets
330 335 add changeset ef1ea85a6374
331 336 add changeset f9cafe1212c8
332 337 add changeset 911600dab2ae
333 338 adding manifests
334 339 adding file changes
335 340 adding foo/Bar/file.txt revisions
336 341 adding foo/file.txt revisions
337 342 adding quux/file.py revisions
338 343 added 3 changesets with 3 changes to 3 files
339 344 calling hook pretxnchangegroup.acl: hgext.acl.hook
340 345 acl: checking access for user "fred"
341 346 acl: acl.allow.branches not enabled
342 347 acl: acl.deny.branches not enabled
343 348 acl: acl.allow enabled, 0 entries for user fred
344 349 acl: acl.deny not enabled
345 350 acl: branch access granted: "ef1ea85a6374" on branch "default"
346 351 error: pretxnchangegroup.acl hook failed: acl: user "fred" not allowed on "foo/file.txt" (changeset "ef1ea85a6374")
347 352 bundle2-input-part: total payload size 1553
348 353 bundle2-input-part: total payload size 24
349 354 bundle2-input-bundle: 4 parts total
350 355 transaction abort!
351 356 rollback completed
352 357 abort: acl: user "fred" not allowed on "foo/file.txt" (changeset "ef1ea85a6374")
353 358 no rollback information available
354 359 0:6675d58eff77
355 360
356 361
357 362 fred is allowed inside foo/
358 363
359 364 $ echo 'foo/** = fred' >> $config
360 365 $ do_push fred
361 366 Pushing as user fred
362 367 hgrc = """
363 368 [hooks]
364 369 pretxnchangegroup.acl = python:hgext.acl.hook
370 prepushkey.acl = python:hgext.acl.hook
365 371 [acl]
366 372 sources = push
367 373 [acl.allow]
368 374 foo/** = fred
369 375 """
370 376 pushing to ../b
371 377 query 1; heads
372 378 searching for changes
373 379 all remote heads known locally
374 380 listing keys for "phases"
375 381 checking for updated bookmarks
376 382 listing keys for "bookmarks"
377 383 listing keys for "bookmarks"
378 384 3 changesets found
379 385 list of changesets:
380 386 ef1ea85a6374b77d6da9dcda9541f498f2d17df7
381 387 f9cafe1212c8c6fa1120d14a556e18cc44ff8bdd
382 388 911600dab2ae7a9baff75958b84fe606851ce955
383 389 bundle2-output-bundle: "HG20", 5 parts total
384 390 bundle2-output-part: "replycaps" 205 bytes payload
385 391 bundle2-output-part: "check:phases" 24 bytes payload
386 392 bundle2-output-part: "check:heads" streamed payload
387 393 bundle2-output-part: "changegroup" (params: 1 mandatory) streamed payload
388 394 bundle2-output-part: "phase-heads" 24 bytes payload
389 395 bundle2-input-bundle: with-transaction
390 396 bundle2-input-part: "replycaps" supported
391 397 bundle2-input-part: total payload size 205
392 398 bundle2-input-part: "check:phases" supported
393 399 bundle2-input-part: total payload size 24
394 400 bundle2-input-part: "check:heads" supported
395 401 bundle2-input-part: total payload size 20
396 402 bundle2-input-part: "changegroup" (params: 1 mandatory) supported
397 403 adding changesets
398 404 add changeset ef1ea85a6374
399 405 add changeset f9cafe1212c8
400 406 add changeset 911600dab2ae
401 407 adding manifests
402 408 adding file changes
403 409 adding foo/Bar/file.txt revisions
404 410 adding foo/file.txt revisions
405 411 adding quux/file.py revisions
406 412 added 3 changesets with 3 changes to 3 files
407 413 calling hook pretxnchangegroup.acl: hgext.acl.hook
408 414 acl: checking access for user "fred"
409 415 acl: acl.allow.branches not enabled
410 416 acl: acl.deny.branches not enabled
411 417 acl: acl.allow enabled, 1 entries for user fred
412 418 acl: acl.deny not enabled
413 419 acl: branch access granted: "ef1ea85a6374" on branch "default"
414 420 acl: path access granted: "ef1ea85a6374"
415 421 acl: branch access granted: "f9cafe1212c8" on branch "default"
416 422 acl: path access granted: "f9cafe1212c8"
417 423 acl: branch access granted: "911600dab2ae" on branch "default"
418 424 error: pretxnchangegroup.acl hook failed: acl: user "fred" not allowed on "quux/file.py" (changeset "911600dab2ae")
419 425 bundle2-input-part: total payload size 1553
420 426 bundle2-input-part: total payload size 24
421 427 bundle2-input-bundle: 4 parts total
422 428 transaction abort!
423 429 rollback completed
424 430 abort: acl: user "fred" not allowed on "quux/file.py" (changeset "911600dab2ae")
425 431 no rollback information available
426 432 0:6675d58eff77
427 433
428 434
429 435 Empty [acl.deny]
430 436
431 437 $ echo '[acl.deny]' >> $config
432 438 $ do_push barney
433 439 Pushing as user barney
434 440 hgrc = """
435 441 [hooks]
436 442 pretxnchangegroup.acl = python:hgext.acl.hook
443 prepushkey.acl = python:hgext.acl.hook
437 444 [acl]
438 445 sources = push
439 446 [acl.allow]
440 447 foo/** = fred
441 448 [acl.deny]
442 449 """
443 450 pushing to ../b
444 451 query 1; heads
445 452 searching for changes
446 453 all remote heads known locally
447 454 listing keys for "phases"
448 455 checking for updated bookmarks
449 456 listing keys for "bookmarks"
450 457 listing keys for "bookmarks"
451 458 3 changesets found
452 459 list of changesets:
453 460 ef1ea85a6374b77d6da9dcda9541f498f2d17df7
454 461 f9cafe1212c8c6fa1120d14a556e18cc44ff8bdd
455 462 911600dab2ae7a9baff75958b84fe606851ce955
456 463 bundle2-output-bundle: "HG20", 5 parts total
457 464 bundle2-output-part: "replycaps" 205 bytes payload
458 465 bundle2-output-part: "check:phases" 24 bytes payload
459 466 bundle2-output-part: "check:heads" streamed payload
460 467 bundle2-output-part: "changegroup" (params: 1 mandatory) streamed payload
461 468 bundle2-output-part: "phase-heads" 24 bytes payload
462 469 bundle2-input-bundle: with-transaction
463 470 bundle2-input-part: "replycaps" supported
464 471 bundle2-input-part: total payload size 205
465 472 bundle2-input-part: "check:phases" supported
466 473 bundle2-input-part: total payload size 24
467 474 bundle2-input-part: "check:heads" supported
468 475 bundle2-input-part: total payload size 20
469 476 bundle2-input-part: "changegroup" (params: 1 mandatory) supported
470 477 adding changesets
471 478 add changeset ef1ea85a6374
472 479 add changeset f9cafe1212c8
473 480 add changeset 911600dab2ae
474 481 adding manifests
475 482 adding file changes
476 483 adding foo/Bar/file.txt revisions
477 484 adding foo/file.txt revisions
478 485 adding quux/file.py revisions
479 486 added 3 changesets with 3 changes to 3 files
480 487 calling hook pretxnchangegroup.acl: hgext.acl.hook
481 488 acl: checking access for user "barney"
482 489 acl: acl.allow.branches not enabled
483 490 acl: acl.deny.branches not enabled
484 491 acl: acl.allow enabled, 0 entries for user barney
485 492 acl: acl.deny enabled, 0 entries for user barney
486 493 acl: branch access granted: "ef1ea85a6374" on branch "default"
487 494 error: pretxnchangegroup.acl hook failed: acl: user "barney" not allowed on "foo/file.txt" (changeset "ef1ea85a6374")
488 495 bundle2-input-part: total payload size 1553
489 496 bundle2-input-part: total payload size 24
490 497 bundle2-input-bundle: 4 parts total
491 498 transaction abort!
492 499 rollback completed
493 500 abort: acl: user "barney" not allowed on "foo/file.txt" (changeset "ef1ea85a6374")
494 501 no rollback information available
495 502 0:6675d58eff77
496 503
497 504
498 505 fred is allowed inside foo/, but not foo/bar/ (case matters)
499 506
500 507 $ echo 'foo/bar/** = fred' >> $config
501 508 $ do_push fred
502 509 Pushing as user fred
503 510 hgrc = """
504 511 [hooks]
505 512 pretxnchangegroup.acl = python:hgext.acl.hook
513 prepushkey.acl = python:hgext.acl.hook
506 514 [acl]
507 515 sources = push
508 516 [acl.allow]
509 517 foo/** = fred
510 518 [acl.deny]
511 519 foo/bar/** = fred
512 520 """
513 521 pushing to ../b
514 522 query 1; heads
515 523 searching for changes
516 524 all remote heads known locally
517 525 listing keys for "phases"
518 526 checking for updated bookmarks
519 527 listing keys for "bookmarks"
520 528 listing keys for "bookmarks"
521 529 3 changesets found
522 530 list of changesets:
523 531 ef1ea85a6374b77d6da9dcda9541f498f2d17df7
524 532 f9cafe1212c8c6fa1120d14a556e18cc44ff8bdd
525 533 911600dab2ae7a9baff75958b84fe606851ce955
526 534 bundle2-output-bundle: "HG20", 5 parts total
527 535 bundle2-output-part: "replycaps" 205 bytes payload
528 536 bundle2-output-part: "check:phases" 24 bytes payload
529 537 bundle2-output-part: "check:heads" streamed payload
530 538 bundle2-output-part: "changegroup" (params: 1 mandatory) streamed payload
531 539 bundle2-output-part: "phase-heads" 24 bytes payload
532 540 bundle2-input-bundle: with-transaction
533 541 bundle2-input-part: "replycaps" supported
534 542 bundle2-input-part: total payload size 205
535 543 bundle2-input-part: "check:phases" supported
536 544 bundle2-input-part: total payload size 24
537 545 bundle2-input-part: "check:heads" supported
538 546 bundle2-input-part: total payload size 20
539 547 bundle2-input-part: "changegroup" (params: 1 mandatory) supported
540 548 adding changesets
541 549 add changeset ef1ea85a6374
542 550 add changeset f9cafe1212c8
543 551 add changeset 911600dab2ae
544 552 adding manifests
545 553 adding file changes
546 554 adding foo/Bar/file.txt revisions
547 555 adding foo/file.txt revisions
548 556 adding quux/file.py revisions
549 557 added 3 changesets with 3 changes to 3 files
550 558 calling hook pretxnchangegroup.acl: hgext.acl.hook
551 559 acl: checking access for user "fred"
552 560 acl: acl.allow.branches not enabled
553 561 acl: acl.deny.branches not enabled
554 562 acl: acl.allow enabled, 1 entries for user fred
555 563 acl: acl.deny enabled, 1 entries for user fred
556 564 acl: branch access granted: "ef1ea85a6374" on branch "default"
557 565 acl: path access granted: "ef1ea85a6374"
558 566 acl: branch access granted: "f9cafe1212c8" on branch "default"
559 567 acl: path access granted: "f9cafe1212c8"
560 568 acl: branch access granted: "911600dab2ae" on branch "default"
561 569 error: pretxnchangegroup.acl hook failed: acl: user "fred" not allowed on "quux/file.py" (changeset "911600dab2ae")
562 570 bundle2-input-part: total payload size 1553
563 571 bundle2-input-part: total payload size 24
564 572 bundle2-input-bundle: 4 parts total
565 573 transaction abort!
566 574 rollback completed
567 575 abort: acl: user "fred" not allowed on "quux/file.py" (changeset "911600dab2ae")
568 576 no rollback information available
569 577 0:6675d58eff77
570 578
571 579
572 580 fred is allowed inside foo/, but not foo/Bar/
573 581
574 582 $ echo 'foo/Bar/** = fred' >> $config
575 583 $ do_push fred
576 584 Pushing as user fred
577 585 hgrc = """
578 586 [hooks]
579 587 pretxnchangegroup.acl = python:hgext.acl.hook
588 prepushkey.acl = python:hgext.acl.hook
580 589 [acl]
581 590 sources = push
582 591 [acl.allow]
583 592 foo/** = fred
584 593 [acl.deny]
585 594 foo/bar/** = fred
586 595 foo/Bar/** = fred
587 596 """
588 597 pushing to ../b
589 598 query 1; heads
590 599 searching for changes
591 600 all remote heads known locally
592 601 listing keys for "phases"
593 602 checking for updated bookmarks
594 603 listing keys for "bookmarks"
595 604 listing keys for "bookmarks"
596 605 3 changesets found
597 606 list of changesets:
598 607 ef1ea85a6374b77d6da9dcda9541f498f2d17df7
599 608 f9cafe1212c8c6fa1120d14a556e18cc44ff8bdd
600 609 911600dab2ae7a9baff75958b84fe606851ce955
601 610 bundle2-output-bundle: "HG20", 5 parts total
602 611 bundle2-output-part: "replycaps" 205 bytes payload
603 612 bundle2-output-part: "check:phases" 24 bytes payload
604 613 bundle2-output-part: "check:heads" streamed payload
605 614 bundle2-output-part: "changegroup" (params: 1 mandatory) streamed payload
606 615 bundle2-output-part: "phase-heads" 24 bytes payload
607 616 bundle2-input-bundle: with-transaction
608 617 bundle2-input-part: "replycaps" supported
609 618 bundle2-input-part: total payload size 205
610 619 bundle2-input-part: "check:phases" supported
611 620 bundle2-input-part: total payload size 24
612 621 bundle2-input-part: "check:heads" supported
613 622 bundle2-input-part: total payload size 20
614 623 bundle2-input-part: "changegroup" (params: 1 mandatory) supported
615 624 adding changesets
616 625 add changeset ef1ea85a6374
617 626 add changeset f9cafe1212c8
618 627 add changeset 911600dab2ae
619 628 adding manifests
620 629 adding file changes
621 630 adding foo/Bar/file.txt revisions
622 631 adding foo/file.txt revisions
623 632 adding quux/file.py revisions
624 633 added 3 changesets with 3 changes to 3 files
625 634 calling hook pretxnchangegroup.acl: hgext.acl.hook
626 635 acl: checking access for user "fred"
627 636 acl: acl.allow.branches not enabled
628 637 acl: acl.deny.branches not enabled
629 638 acl: acl.allow enabled, 1 entries for user fred
630 639 acl: acl.deny enabled, 2 entries for user fred
631 640 acl: branch access granted: "ef1ea85a6374" on branch "default"
632 641 acl: path access granted: "ef1ea85a6374"
633 642 acl: branch access granted: "f9cafe1212c8" on branch "default"
634 643 error: pretxnchangegroup.acl hook failed: acl: user "fred" denied on "foo/Bar/file.txt" (changeset "f9cafe1212c8")
635 644 bundle2-input-part: total payload size 1553
636 645 bundle2-input-part: total payload size 24
637 646 bundle2-input-bundle: 4 parts total
638 647 transaction abort!
639 648 rollback completed
640 649 abort: acl: user "fred" denied on "foo/Bar/file.txt" (changeset "f9cafe1212c8")
641 650 no rollback information available
642 651 0:6675d58eff77
643 652
644 653
645 654 $ echo 'barney is not mentioned => not allowed anywhere'
646 655 barney is not mentioned => not allowed anywhere
647 656 $ do_push barney
648 657 Pushing as user barney
649 658 hgrc = """
650 659 [hooks]
651 660 pretxnchangegroup.acl = python:hgext.acl.hook
661 prepushkey.acl = python:hgext.acl.hook
652 662 [acl]
653 663 sources = push
654 664 [acl.allow]
655 665 foo/** = fred
656 666 [acl.deny]
657 667 foo/bar/** = fred
658 668 foo/Bar/** = fred
659 669 """
660 670 pushing to ../b
661 671 query 1; heads
662 672 searching for changes
663 673 all remote heads known locally
664 674 listing keys for "phases"
665 675 checking for updated bookmarks
666 676 listing keys for "bookmarks"
667 677 listing keys for "bookmarks"
668 678 3 changesets found
669 679 list of changesets:
670 680 ef1ea85a6374b77d6da9dcda9541f498f2d17df7
671 681 f9cafe1212c8c6fa1120d14a556e18cc44ff8bdd
672 682 911600dab2ae7a9baff75958b84fe606851ce955
673 683 bundle2-output-bundle: "HG20", 5 parts total
674 684 bundle2-output-part: "replycaps" 205 bytes payload
675 685 bundle2-output-part: "check:phases" 24 bytes payload
676 686 bundle2-output-part: "check:heads" streamed payload
677 687 bundle2-output-part: "changegroup" (params: 1 mandatory) streamed payload
678 688 bundle2-output-part: "phase-heads" 24 bytes payload
679 689 bundle2-input-bundle: with-transaction
680 690 bundle2-input-part: "replycaps" supported
681 691 bundle2-input-part: total payload size 205
682 692 bundle2-input-part: "check:phases" supported
683 693 bundle2-input-part: total payload size 24
684 694 bundle2-input-part: "check:heads" supported
685 695 bundle2-input-part: total payload size 20
686 696 bundle2-input-part: "changegroup" (params: 1 mandatory) supported
687 697 adding changesets
688 698 add changeset ef1ea85a6374
689 699 add changeset f9cafe1212c8
690 700 add changeset 911600dab2ae
691 701 adding manifests
692 702 adding file changes
693 703 adding foo/Bar/file.txt revisions
694 704 adding foo/file.txt revisions
695 705 adding quux/file.py revisions
696 706 added 3 changesets with 3 changes to 3 files
697 707 calling hook pretxnchangegroup.acl: hgext.acl.hook
698 708 acl: checking access for user "barney"
699 709 acl: acl.allow.branches not enabled
700 710 acl: acl.deny.branches not enabled
701 711 acl: acl.allow enabled, 0 entries for user barney
702 712 acl: acl.deny enabled, 0 entries for user barney
703 713 acl: branch access granted: "ef1ea85a6374" on branch "default"
704 714 error: pretxnchangegroup.acl hook failed: acl: user "barney" not allowed on "foo/file.txt" (changeset "ef1ea85a6374")
705 715 bundle2-input-part: total payload size 1553
706 716 bundle2-input-part: total payload size 24
707 717 bundle2-input-bundle: 4 parts total
708 718 transaction abort!
709 719 rollback completed
710 720 abort: acl: user "barney" not allowed on "foo/file.txt" (changeset "ef1ea85a6374")
711 721 no rollback information available
712 722 0:6675d58eff77
713 723
714 724
725 fred is not blocked from moving bookmarks
726
727 $ hg -R a book -q moving-bookmark -r 1
728 $ hg -R b book -q moving-bookmark -r 0
729 $ cp $config normalconfig
730 $ do_push fred -r 1
731 Pushing as user fred
732 hgrc = """
733 [hooks]
734 pretxnchangegroup.acl = python:hgext.acl.hook
735 prepushkey.acl = python:hgext.acl.hook
736 [acl]
737 sources = push
738 [acl.allow]
739 foo/** = fred
740 [acl.deny]
741 foo/bar/** = fred
742 foo/Bar/** = fred
743 """
744 pushing to ../b
745 query 1; heads
746 searching for changes
747 all remote heads known locally
748 listing keys for "phases"
749 checking for updated bookmarks
750 listing keys for "bookmarks"
751 listing keys for "bookmarks"
752 1 changesets found
753 list of changesets:
754 ef1ea85a6374b77d6da9dcda9541f498f2d17df7
755 bundle2-output-bundle: "HG20", 7 parts total
756 bundle2-output-part: "replycaps" 205 bytes payload
757 bundle2-output-part: "check:bookmarks" 37 bytes payload
758 bundle2-output-part: "check:phases" 24 bytes payload
759 bundle2-output-part: "check:heads" streamed payload
760 bundle2-output-part: "changegroup" (params: 1 mandatory) streamed payload
761 bundle2-output-part: "phase-heads" 24 bytes payload
762 bundle2-output-part: "bookmarks" 37 bytes payload
763 bundle2-input-bundle: with-transaction
764 bundle2-input-part: "replycaps" supported
765 bundle2-input-part: total payload size 205
766 bundle2-input-part: "check:bookmarks" supported
767 bundle2-input-part: total payload size 37
768 bundle2-input-part: "check:phases" supported
769 bundle2-input-part: total payload size 24
770 bundle2-input-part: "check:heads" supported
771 bundle2-input-part: total payload size 20
772 bundle2-input-part: "changegroup" (params: 1 mandatory) supported
773 adding changesets
774 add changeset ef1ea85a6374
775 adding manifests
776 adding file changes
777 adding foo/file.txt revisions
778 added 1 changesets with 1 changes to 1 files
779 calling hook pretxnchangegroup.acl: hgext.acl.hook
780 acl: checking access for user "fred"
781 acl: acl.allow.branches not enabled
782 acl: acl.deny.branches not enabled
783 acl: acl.allow enabled, 1 entries for user fred
784 acl: acl.deny enabled, 2 entries for user fred
785 acl: branch access granted: "ef1ea85a6374" on branch "default"
786 acl: path access granted: "ef1ea85a6374"
787 bundle2-input-part: total payload size 520
788 bundle2-input-part: "phase-heads" supported
789 bundle2-input-part: total payload size 24
790 bundle2-input-part: "bookmarks" supported
791 bundle2-input-part: total payload size 37
792 calling hook prepushkey.acl: hgext.acl.hook
793 acl: checking access for user "fred"
794 acl: acl.allow.bookmarks not enabled
795 acl: acl.deny.bookmarks not enabled
796 acl: bookmark access granted: "ef1ea85a6374b77d6da9dcda9541f498f2d17df7" on bookmark "moving-bookmark"
797 bundle2-input-bundle: 6 parts total
798 updating the branch cache
799 bundle2-output-bundle: "HG20", 1 parts total
800 bundle2-output-part: "reply:changegroup" (advisory) (params: 0 advisory) empty payload
801 bundle2-input-bundle: no-transaction
802 bundle2-input-part: "reply:changegroup" (advisory) (params: 0 advisory) supported
803 bundle2-input-bundle: 0 parts total
804 updating bookmark moving-bookmark
805 listing keys for "phases"
806 repository tip rolled back to revision 0 (undo push)
807 0:6675d58eff77
808
809
810 fred is not allowed to move bookmarks
811
812 $ echo '[acl.deny.bookmarks]' >> $config
813 $ echo '* = fred' >> $config
814 $ do_push fred -r 1
815 Pushing as user fred
816 hgrc = """
817 [hooks]
818 pretxnchangegroup.acl = python:hgext.acl.hook
819 prepushkey.acl = python:hgext.acl.hook
820 [acl]
821 sources = push
822 [acl.allow]
823 foo/** = fred
824 [acl.deny]
825 foo/bar/** = fred
826 foo/Bar/** = fred
827 [acl.deny.bookmarks]
828 * = fred
829 """
830 pushing to ../b
831 query 1; heads
832 searching for changes
833 all remote heads known locally
834 listing keys for "phases"
835 checking for updated bookmarks
836 listing keys for "bookmarks"
837 listing keys for "bookmarks"
838 1 changesets found
839 list of changesets:
840 ef1ea85a6374b77d6da9dcda9541f498f2d17df7
841 bundle2-output-bundle: "HG20", 7 parts total
842 bundle2-output-part: "replycaps" 205 bytes payload
843 bundle2-output-part: "check:bookmarks" 37 bytes payload
844 bundle2-output-part: "check:phases" 24 bytes payload
845 bundle2-output-part: "check:heads" streamed payload
846 bundle2-output-part: "changegroup" (params: 1 mandatory) streamed payload
847 bundle2-output-part: "phase-heads" 24 bytes payload
848 bundle2-output-part: "bookmarks" 37 bytes payload
849 bundle2-input-bundle: with-transaction
850 bundle2-input-part: "replycaps" supported
851 bundle2-input-part: total payload size 205
852 bundle2-input-part: "check:bookmarks" supported
853 bundle2-input-part: total payload size 37
854 bundle2-input-part: "check:phases" supported
855 bundle2-input-part: total payload size 24
856 bundle2-input-part: "check:heads" supported
857 bundle2-input-part: total payload size 20
858 bundle2-input-part: "changegroup" (params: 1 mandatory) supported
859 adding changesets
860 add changeset ef1ea85a6374
861 adding manifests
862 adding file changes
863 adding foo/file.txt revisions
864 added 1 changesets with 1 changes to 1 files
865 calling hook pretxnchangegroup.acl: hgext.acl.hook
866 acl: checking access for user "fred"
867 acl: acl.allow.branches not enabled
868 acl: acl.deny.branches not enabled
869 acl: acl.allow enabled, 1 entries for user fred
870 acl: acl.deny enabled, 2 entries for user fred
871 acl: branch access granted: "ef1ea85a6374" on branch "default"
872 acl: path access granted: "ef1ea85a6374"
873 bundle2-input-part: total payload size 520
874 bundle2-input-part: "phase-heads" supported
875 bundle2-input-part: total payload size 24
876 bundle2-input-part: "bookmarks" supported
877 bundle2-input-part: total payload size 37
878 calling hook prepushkey.acl: hgext.acl.hook
879 acl: checking access for user "fred"
880 acl: acl.allow.bookmarks not enabled
881 acl: acl.deny.bookmarks enabled, 1 entries for user fred
882 error: prepushkey.acl hook failed: acl: user "fred" denied on bookmark "moving-bookmark" (changeset "ef1ea85a6374b77d6da9dcda9541f498f2d17df7")
883 bundle2-input-bundle: 6 parts total
884 transaction abort!
885 rollback completed
886 abort: acl: user "fred" denied on bookmark "moving-bookmark" (changeset "ef1ea85a6374b77d6da9dcda9541f498f2d17df7")
887 no rollback information available
888 0:6675d58eff77
889
890
891 cleanup bookmark stuff
892
893 $ hg book -R a -d moving-bookmark
894 $ hg book -R b -d moving-bookmark
895 $ cp normalconfig $config
896
715 897 barney is allowed everywhere
716 898
717 899 $ echo '[acl.allow]' >> $config
718 900 $ echo '** = barney' >> $config
719 901 $ do_push barney
720 902 Pushing as user barney
721 903 hgrc = """
722 904 [hooks]
723 905 pretxnchangegroup.acl = python:hgext.acl.hook
906 prepushkey.acl = python:hgext.acl.hook
724 907 [acl]
725 908 sources = push
726 909 [acl.allow]
727 910 foo/** = fred
728 911 [acl.deny]
729 912 foo/bar/** = fred
730 913 foo/Bar/** = fred
731 914 [acl.allow]
732 915 ** = barney
733 916 """
734 917 pushing to ../b
735 918 query 1; heads
736 919 searching for changes
737 920 all remote heads known locally
738 921 listing keys for "phases"
739 922 checking for updated bookmarks
740 923 listing keys for "bookmarks"
741 924 listing keys for "bookmarks"
742 925 3 changesets found
743 926 list of changesets:
744 927 ef1ea85a6374b77d6da9dcda9541f498f2d17df7
745 928 f9cafe1212c8c6fa1120d14a556e18cc44ff8bdd
746 929 911600dab2ae7a9baff75958b84fe606851ce955
747 930 bundle2-output-bundle: "HG20", 5 parts total
748 931 bundle2-output-part: "replycaps" 205 bytes payload
749 932 bundle2-output-part: "check:phases" 24 bytes payload
750 933 bundle2-output-part: "check:heads" streamed payload
751 934 bundle2-output-part: "changegroup" (params: 1 mandatory) streamed payload
752 935 bundle2-output-part: "phase-heads" 24 bytes payload
753 936 bundle2-input-bundle: with-transaction
754 937 bundle2-input-part: "replycaps" supported
755 938 bundle2-input-part: total payload size 205
756 939 bundle2-input-part: "check:phases" supported
757 940 bundle2-input-part: total payload size 24
758 941 bundle2-input-part: "check:heads" supported
759 942 bundle2-input-part: total payload size 20
760 943 bundle2-input-part: "changegroup" (params: 1 mandatory) supported
761 944 adding changesets
762 945 add changeset ef1ea85a6374
763 946 add changeset f9cafe1212c8
764 947 add changeset 911600dab2ae
765 948 adding manifests
766 949 adding file changes
767 950 adding foo/Bar/file.txt revisions
768 951 adding foo/file.txt revisions
769 952 adding quux/file.py revisions
770 953 added 3 changesets with 3 changes to 3 files
771 954 calling hook pretxnchangegroup.acl: hgext.acl.hook
772 955 acl: checking access for user "barney"
773 956 acl: acl.allow.branches not enabled
774 957 acl: acl.deny.branches not enabled
775 958 acl: acl.allow enabled, 1 entries for user barney
776 959 acl: acl.deny enabled, 0 entries for user barney
777 960 acl: branch access granted: "ef1ea85a6374" on branch "default"
778 961 acl: path access granted: "ef1ea85a6374"
779 962 acl: branch access granted: "f9cafe1212c8" on branch "default"
780 963 acl: path access granted: "f9cafe1212c8"
781 964 acl: branch access granted: "911600dab2ae" on branch "default"
782 965 acl: path access granted: "911600dab2ae"
783 966 bundle2-input-part: total payload size 1553
784 967 bundle2-input-part: "phase-heads" supported
785 968 bundle2-input-part: total payload size 24
786 969 bundle2-input-bundle: 4 parts total
787 970 updating the branch cache
788 971 bundle2-output-bundle: "HG20", 1 parts total
789 972 bundle2-output-part: "reply:changegroup" (advisory) (params: 0 advisory) empty payload
790 973 bundle2-input-bundle: no-transaction
791 974 bundle2-input-part: "reply:changegroup" (advisory) (params: 0 advisory) supported
792 975 bundle2-input-bundle: 0 parts total
793 976 listing keys for "phases"
794 977 repository tip rolled back to revision 0 (undo push)
795 978 0:6675d58eff77
796 979
797 980
798 981 wilma can change files with a .txt extension
799 982
800 983 $ echo '**/*.txt = wilma' >> $config
801 984 $ do_push wilma
802 985 Pushing as user wilma
803 986 hgrc = """
804 987 [hooks]
805 988 pretxnchangegroup.acl = python:hgext.acl.hook
989 prepushkey.acl = python:hgext.acl.hook
806 990 [acl]
807 991 sources = push
808 992 [acl.allow]
809 993 foo/** = fred
810 994 [acl.deny]
811 995 foo/bar/** = fred
812 996 foo/Bar/** = fred
813 997 [acl.allow]
814 998 ** = barney
815 999 **/*.txt = wilma
816 1000 """
817 1001 pushing to ../b
818 1002 query 1; heads
819 1003 searching for changes
820 1004 all remote heads known locally
821 1005 listing keys for "phases"
822 1006 checking for updated bookmarks
823 1007 listing keys for "bookmarks"
824 1008 listing keys for "bookmarks"
825 1009 3 changesets found
826 1010 list of changesets:
827 1011 ef1ea85a6374b77d6da9dcda9541f498f2d17df7
828 1012 f9cafe1212c8c6fa1120d14a556e18cc44ff8bdd
829 1013 911600dab2ae7a9baff75958b84fe606851ce955
830 1014 bundle2-output-bundle: "HG20", 5 parts total
831 1015 bundle2-output-part: "replycaps" 205 bytes payload
832 1016 bundle2-output-part: "check:phases" 24 bytes payload
833 1017 bundle2-output-part: "check:heads" streamed payload
834 1018 bundle2-output-part: "changegroup" (params: 1 mandatory) streamed payload
835 1019 bundle2-output-part: "phase-heads" 24 bytes payload
836 1020 bundle2-input-bundle: with-transaction
837 1021 bundle2-input-part: "replycaps" supported
838 1022 bundle2-input-part: total payload size 205
839 1023 bundle2-input-part: "check:phases" supported
840 1024 bundle2-input-part: total payload size 24
841 1025 bundle2-input-part: "check:heads" supported
842 1026 bundle2-input-part: total payload size 20
843 1027 bundle2-input-part: "changegroup" (params: 1 mandatory) supported
844 1028 adding changesets
845 1029 add changeset ef1ea85a6374
846 1030 add changeset f9cafe1212c8
847 1031 add changeset 911600dab2ae
848 1032 adding manifests
849 1033 adding file changes
850 1034 adding foo/Bar/file.txt revisions
851 1035 adding foo/file.txt revisions
852 1036 adding quux/file.py revisions
853 1037 added 3 changesets with 3 changes to 3 files
854 1038 calling hook pretxnchangegroup.acl: hgext.acl.hook
855 1039 acl: checking access for user "wilma"
856 1040 acl: acl.allow.branches not enabled
857 1041 acl: acl.deny.branches not enabled
858 1042 acl: acl.allow enabled, 1 entries for user wilma
859 1043 acl: acl.deny enabled, 0 entries for user wilma
860 1044 acl: branch access granted: "ef1ea85a6374" on branch "default"
861 1045 acl: path access granted: "ef1ea85a6374"
862 1046 acl: branch access granted: "f9cafe1212c8" on branch "default"
863 1047 acl: path access granted: "f9cafe1212c8"
864 1048 acl: branch access granted: "911600dab2ae" on branch "default"
865 1049 error: pretxnchangegroup.acl hook failed: acl: user "wilma" not allowed on "quux/file.py" (changeset "911600dab2ae")
866 1050 bundle2-input-part: total payload size 1553
867 1051 bundle2-input-part: total payload size 24
868 1052 bundle2-input-bundle: 4 parts total
869 1053 transaction abort!
870 1054 rollback completed
871 1055 abort: acl: user "wilma" not allowed on "quux/file.py" (changeset "911600dab2ae")
872 1056 no rollback information available
873 1057 0:6675d58eff77
874 1058
875 1059
876 1060 file specified by acl.config does not exist
877 1061
878 1062 $ echo '[acl]' >> $config
879 1063 $ echo 'config = ../acl.config' >> $config
880 1064 $ do_push barney
881 1065 Pushing as user barney
882 1066 hgrc = """
883 1067 [hooks]
884 1068 pretxnchangegroup.acl = python:hgext.acl.hook
1069 prepushkey.acl = python:hgext.acl.hook
885 1070 [acl]
886 1071 sources = push
887 1072 [acl.allow]
888 1073 foo/** = fred
889 1074 [acl.deny]
890 1075 foo/bar/** = fred
891 1076 foo/Bar/** = fred
892 1077 [acl.allow]
893 1078 ** = barney
894 1079 **/*.txt = wilma
895 1080 [acl]
896 1081 config = ../acl.config
897 1082 """
898 1083 pushing to ../b
899 1084 query 1; heads
900 1085 searching for changes
901 1086 all remote heads known locally
902 1087 listing keys for "phases"
903 1088 checking for updated bookmarks
904 1089 listing keys for "bookmarks"
905 1090 listing keys for "bookmarks"
906 1091 3 changesets found
907 1092 list of changesets:
908 1093 ef1ea85a6374b77d6da9dcda9541f498f2d17df7
909 1094 f9cafe1212c8c6fa1120d14a556e18cc44ff8bdd
910 1095 911600dab2ae7a9baff75958b84fe606851ce955
911 1096 bundle2-output-bundle: "HG20", 5 parts total
912 1097 bundle2-output-part: "replycaps" 205 bytes payload
913 1098 bundle2-output-part: "check:phases" 24 bytes payload
914 1099 bundle2-output-part: "check:heads" streamed payload
915 1100 bundle2-output-part: "changegroup" (params: 1 mandatory) streamed payload
916 1101 bundle2-output-part: "phase-heads" 24 bytes payload
917 1102 bundle2-input-bundle: with-transaction
918 1103 bundle2-input-part: "replycaps" supported
919 1104 bundle2-input-part: total payload size 205
920 1105 bundle2-input-part: "check:phases" supported
921 1106 bundle2-input-part: total payload size 24
922 1107 bundle2-input-part: "check:heads" supported
923 1108 bundle2-input-part: total payload size 20
924 1109 bundle2-input-part: "changegroup" (params: 1 mandatory) supported
925 1110 adding changesets
926 1111 add changeset ef1ea85a6374
927 1112 add changeset f9cafe1212c8
928 1113 add changeset 911600dab2ae
929 1114 adding manifests
930 1115 adding file changes
931 1116 adding foo/Bar/file.txt revisions
932 1117 adding foo/file.txt revisions
933 1118 adding quux/file.py revisions
934 1119 added 3 changesets with 3 changes to 3 files
935 1120 calling hook pretxnchangegroup.acl: hgext.acl.hook
936 1121 acl: checking access for user "barney"
937 1122 error: pretxnchangegroup.acl hook raised an exception: [Errno *] * (glob)
938 1123 bundle2-input-part: total payload size 1553
939 1124 bundle2-input-part: total payload size 24
940 1125 bundle2-input-bundle: 4 parts total
941 1126 transaction abort!
942 1127 rollback completed
943 1128 abort: $ENOENT$: ../acl.config
944 1129 no rollback information available
945 1130 0:6675d58eff77
946 1131
947 1132
948 1133 betty is allowed inside foo/ by a acl.config file
949 1134
950 1135 $ echo '[acl.allow]' >> acl.config
951 1136 $ echo 'foo/** = betty' >> acl.config
952 1137 $ do_push betty
953 1138 Pushing as user betty
954 1139 hgrc = """
955 1140 [hooks]
956 1141 pretxnchangegroup.acl = python:hgext.acl.hook
1142 prepushkey.acl = python:hgext.acl.hook
957 1143 [acl]
958 1144 sources = push
959 1145 [acl.allow]
960 1146 foo/** = fred
961 1147 [acl.deny]
962 1148 foo/bar/** = fred
963 1149 foo/Bar/** = fred
964 1150 [acl.allow]
965 1151 ** = barney
966 1152 **/*.txt = wilma
967 1153 [acl]
968 1154 config = ../acl.config
969 1155 """
970 1156 acl.config = """
971 1157 [acl.allow]
972 1158 foo/** = betty
973 1159 """
974 1160 pushing to ../b
975 1161 query 1; heads
976 1162 searching for changes
977 1163 all remote heads known locally
978 1164 listing keys for "phases"
979 1165 checking for updated bookmarks
980 1166 listing keys for "bookmarks"
981 1167 listing keys for "bookmarks"
982 1168 3 changesets found
983 1169 list of changesets:
984 1170 ef1ea85a6374b77d6da9dcda9541f498f2d17df7
985 1171 f9cafe1212c8c6fa1120d14a556e18cc44ff8bdd
986 1172 911600dab2ae7a9baff75958b84fe606851ce955
987 1173 bundle2-output-bundle: "HG20", 5 parts total
988 1174 bundle2-output-part: "replycaps" 205 bytes payload
989 1175 bundle2-output-part: "check:phases" 24 bytes payload
990 1176 bundle2-output-part: "check:heads" streamed payload
991 1177 bundle2-output-part: "changegroup" (params: 1 mandatory) streamed payload
992 1178 bundle2-output-part: "phase-heads" 24 bytes payload
993 1179 bundle2-input-bundle: with-transaction
994 1180 bundle2-input-part: "replycaps" supported
995 1181 bundle2-input-part: total payload size 205
996 1182 bundle2-input-part: "check:phases" supported
997 1183 bundle2-input-part: total payload size 24
998 1184 bundle2-input-part: "check:heads" supported
999 1185 bundle2-input-part: total payload size 20
1000 1186 bundle2-input-part: "changegroup" (params: 1 mandatory) supported
1001 1187 adding changesets
1002 1188 add changeset ef1ea85a6374
1003 1189 add changeset f9cafe1212c8
1004 1190 add changeset 911600dab2ae
1005 1191 adding manifests
1006 1192 adding file changes
1007 1193 adding foo/Bar/file.txt revisions
1008 1194 adding foo/file.txt revisions
1009 1195 adding quux/file.py revisions
1010 1196 added 3 changesets with 3 changes to 3 files
1011 1197 calling hook pretxnchangegroup.acl: hgext.acl.hook
1012 1198 acl: checking access for user "betty"
1013 1199 acl: acl.allow.branches not enabled
1014 1200 acl: acl.deny.branches not enabled
1015 1201 acl: acl.allow enabled, 1 entries for user betty
1016 1202 acl: acl.deny enabled, 0 entries for user betty
1017 1203 acl: branch access granted: "ef1ea85a6374" on branch "default"
1018 1204 acl: path access granted: "ef1ea85a6374"
1019 1205 acl: branch access granted: "f9cafe1212c8" on branch "default"
1020 1206 acl: path access granted: "f9cafe1212c8"
1021 1207 acl: branch access granted: "911600dab2ae" on branch "default"
1022 1208 error: pretxnchangegroup.acl hook failed: acl: user "betty" not allowed on "quux/file.py" (changeset "911600dab2ae")
1023 1209 bundle2-input-part: total payload size 1553
1024 1210 bundle2-input-part: total payload size 24
1025 1211 bundle2-input-bundle: 4 parts total
1026 1212 transaction abort!
1027 1213 rollback completed
1028 1214 abort: acl: user "betty" not allowed on "quux/file.py" (changeset "911600dab2ae")
1029 1215 no rollback information available
1030 1216 0:6675d58eff77
1031 1217
1032 1218
1033 1219 acl.config can set only [acl.allow]/[acl.deny]
1034 1220
1035 1221 $ echo '[hooks]' >> acl.config
1036 1222 $ echo 'changegroup.acl = false' >> acl.config
1037 1223 $ do_push barney
1038 1224 Pushing as user barney
1039 1225 hgrc = """
1040 1226 [hooks]
1041 1227 pretxnchangegroup.acl = python:hgext.acl.hook
1228 prepushkey.acl = python:hgext.acl.hook
1042 1229 [acl]
1043 1230 sources = push
1044 1231 [acl.allow]
1045 1232 foo/** = fred
1046 1233 [acl.deny]
1047 1234 foo/bar/** = fred
1048 1235 foo/Bar/** = fred
1049 1236 [acl.allow]
1050 1237 ** = barney
1051 1238 **/*.txt = wilma
1052 1239 [acl]
1053 1240 config = ../acl.config
1054 1241 """
1055 1242 acl.config = """
1056 1243 [acl.allow]
1057 1244 foo/** = betty
1058 1245 [hooks]
1059 1246 changegroup.acl = false
1060 1247 """
1061 1248 pushing to ../b
1062 1249 query 1; heads
1063 1250 searching for changes
1064 1251 all remote heads known locally
1065 1252 listing keys for "phases"
1066 1253 checking for updated bookmarks
1067 1254 listing keys for "bookmarks"
1068 1255 listing keys for "bookmarks"
1069 1256 3 changesets found
1070 1257 list of changesets:
1071 1258 ef1ea85a6374b77d6da9dcda9541f498f2d17df7
1072 1259 f9cafe1212c8c6fa1120d14a556e18cc44ff8bdd
1073 1260 911600dab2ae7a9baff75958b84fe606851ce955
1074 1261 bundle2-output-bundle: "HG20", 5 parts total
1075 1262 bundle2-output-part: "replycaps" 205 bytes payload
1076 1263 bundle2-output-part: "check:phases" 24 bytes payload
1077 1264 bundle2-output-part: "check:heads" streamed payload
1078 1265 bundle2-output-part: "changegroup" (params: 1 mandatory) streamed payload
1079 1266 bundle2-output-part: "phase-heads" 24 bytes payload
1080 1267 bundle2-input-bundle: with-transaction
1081 1268 bundle2-input-part: "replycaps" supported
1082 1269 bundle2-input-part: total payload size 205
1083 1270 bundle2-input-part: "check:phases" supported
1084 1271 bundle2-input-part: total payload size 24
1085 1272 bundle2-input-part: "check:heads" supported
1086 1273 bundle2-input-part: total payload size 20
1087 1274 bundle2-input-part: "changegroup" (params: 1 mandatory) supported
1088 1275 adding changesets
1089 1276 add changeset ef1ea85a6374
1090 1277 add changeset f9cafe1212c8
1091 1278 add changeset 911600dab2ae
1092 1279 adding manifests
1093 1280 adding file changes
1094 1281 adding foo/Bar/file.txt revisions
1095 1282 adding foo/file.txt revisions
1096 1283 adding quux/file.py revisions
1097 1284 added 3 changesets with 3 changes to 3 files
1098 1285 calling hook pretxnchangegroup.acl: hgext.acl.hook
1099 1286 acl: checking access for user "barney"
1100 1287 acl: acl.allow.branches not enabled
1101 1288 acl: acl.deny.branches not enabled
1102 1289 acl: acl.allow enabled, 1 entries for user barney
1103 1290 acl: acl.deny enabled, 0 entries for user barney
1104 1291 acl: branch access granted: "ef1ea85a6374" on branch "default"
1105 1292 acl: path access granted: "ef1ea85a6374"
1106 1293 acl: branch access granted: "f9cafe1212c8" on branch "default"
1107 1294 acl: path access granted: "f9cafe1212c8"
1108 1295 acl: branch access granted: "911600dab2ae" on branch "default"
1109 1296 acl: path access granted: "911600dab2ae"
1110 1297 bundle2-input-part: total payload size 1553
1111 1298 bundle2-input-part: "phase-heads" supported
1112 1299 bundle2-input-part: total payload size 24
1113 1300 bundle2-input-bundle: 4 parts total
1114 1301 updating the branch cache
1115 1302 bundle2-output-bundle: "HG20", 1 parts total
1116 1303 bundle2-output-part: "reply:changegroup" (advisory) (params: 0 advisory) empty payload
1117 1304 bundle2-input-bundle: no-transaction
1118 1305 bundle2-input-part: "reply:changegroup" (advisory) (params: 0 advisory) supported
1119 1306 bundle2-input-bundle: 0 parts total
1120 1307 listing keys for "phases"
1121 1308 repository tip rolled back to revision 0 (undo push)
1122 1309 0:6675d58eff77
1123 1310
1124 1311
1125 1312 asterisk
1126 1313
1127 1314 $ init_config
1128 1315
1129 1316 asterisk test
1130 1317
1131 1318 $ echo '[acl.allow]' >> $config
1132 1319 $ echo "** = fred" >> $config
1133 1320
1134 1321 fred is always allowed
1135 1322
1136 1323 $ do_push fred
1137 1324 Pushing as user fred
1138 1325 hgrc = """
1139 1326 [hooks]
1140 1327 pretxnchangegroup.acl = python:hgext.acl.hook
1328 prepushkey.acl = python:hgext.acl.hook
1141 1329 [acl]
1142 1330 sources = push
1143 1331 [extensions]
1144 1332 posixgetuser=$TESTTMP/posixgetuser.py
1145 1333 [acl.allow]
1146 1334 ** = fred
1147 1335 """
1148 1336 pushing to ../b
1149 1337 query 1; heads
1150 1338 searching for changes
1151 1339 all remote heads known locally
1152 1340 listing keys for "phases"
1153 1341 checking for updated bookmarks
1154 1342 listing keys for "bookmarks"
1155 1343 listing keys for "bookmarks"
1156 1344 3 changesets found
1157 1345 list of changesets:
1158 1346 ef1ea85a6374b77d6da9dcda9541f498f2d17df7
1159 1347 f9cafe1212c8c6fa1120d14a556e18cc44ff8bdd
1160 1348 911600dab2ae7a9baff75958b84fe606851ce955
1161 1349 bundle2-output-bundle: "HG20", 5 parts total
1162 1350 bundle2-output-part: "replycaps" 205 bytes payload
1163 1351 bundle2-output-part: "check:phases" 24 bytes payload
1164 1352 bundle2-output-part: "check:heads" streamed payload
1165 1353 bundle2-output-part: "changegroup" (params: 1 mandatory) streamed payload
1166 1354 bundle2-output-part: "phase-heads" 24 bytes payload
1167 1355 bundle2-input-bundle: with-transaction
1168 1356 bundle2-input-part: "replycaps" supported
1169 1357 bundle2-input-part: total payload size 205
1170 1358 bundle2-input-part: "check:phases" supported
1171 1359 bundle2-input-part: total payload size 24
1172 1360 bundle2-input-part: "check:heads" supported
1173 1361 bundle2-input-part: total payload size 20
1174 1362 bundle2-input-part: "changegroup" (params: 1 mandatory) supported
1175 1363 adding changesets
1176 1364 add changeset ef1ea85a6374
1177 1365 add changeset f9cafe1212c8
1178 1366 add changeset 911600dab2ae
1179 1367 adding manifests
1180 1368 adding file changes
1181 1369 adding foo/Bar/file.txt revisions
1182 1370 adding foo/file.txt revisions
1183 1371 adding quux/file.py revisions
1184 1372 added 3 changesets with 3 changes to 3 files
1185 1373 calling hook pretxnchangegroup.acl: hgext.acl.hook
1186 1374 acl: checking access for user "fred"
1187 1375 acl: acl.allow.branches not enabled
1188 1376 acl: acl.deny.branches not enabled
1189 1377 acl: acl.allow enabled, 1 entries for user fred
1190 1378 acl: acl.deny not enabled
1191 1379 acl: branch access granted: "ef1ea85a6374" on branch "default"
1192 1380 acl: path access granted: "ef1ea85a6374"
1193 1381 acl: branch access granted: "f9cafe1212c8" on branch "default"
1194 1382 acl: path access granted: "f9cafe1212c8"
1195 1383 acl: branch access granted: "911600dab2ae" on branch "default"
1196 1384 acl: path access granted: "911600dab2ae"
1197 1385 bundle2-input-part: total payload size 1553
1198 1386 bundle2-input-part: "phase-heads" supported
1199 1387 bundle2-input-part: total payload size 24
1200 1388 bundle2-input-bundle: 4 parts total
1201 1389 updating the branch cache
1202 1390 bundle2-output-bundle: "HG20", 1 parts total
1203 1391 bundle2-output-part: "reply:changegroup" (advisory) (params: 0 advisory) empty payload
1204 1392 bundle2-input-bundle: no-transaction
1205 1393 bundle2-input-part: "reply:changegroup" (advisory) (params: 0 advisory) supported
1206 1394 bundle2-input-bundle: 0 parts total
1207 1395 listing keys for "phases"
1208 1396 repository tip rolled back to revision 0 (undo push)
1209 1397 0:6675d58eff77
1210 1398
1211 1399
1212 1400 $ echo '[acl.deny]' >> $config
1213 1401 $ echo "foo/Bar/** = *" >> $config
1214 1402
1215 1403 no one is allowed inside foo/Bar/
1216 1404
1217 1405 $ do_push fred
1218 1406 Pushing as user fred
1219 1407 hgrc = """
1220 1408 [hooks]
1221 1409 pretxnchangegroup.acl = python:hgext.acl.hook
1410 prepushkey.acl = python:hgext.acl.hook
1222 1411 [acl]
1223 1412 sources = push
1224 1413 [extensions]
1225 1414 posixgetuser=$TESTTMP/posixgetuser.py
1226 1415 [acl.allow]
1227 1416 ** = fred
1228 1417 [acl.deny]
1229 1418 foo/Bar/** = *
1230 1419 """
1231 1420 pushing to ../b
1232 1421 query 1; heads
1233 1422 searching for changes
1234 1423 all remote heads known locally
1235 1424 listing keys for "phases"
1236 1425 checking for updated bookmarks
1237 1426 listing keys for "bookmarks"
1238 1427 listing keys for "bookmarks"
1239 1428 3 changesets found
1240 1429 list of changesets:
1241 1430 ef1ea85a6374b77d6da9dcda9541f498f2d17df7
1242 1431 f9cafe1212c8c6fa1120d14a556e18cc44ff8bdd
1243 1432 911600dab2ae7a9baff75958b84fe606851ce955
1244 1433 bundle2-output-bundle: "HG20", 5 parts total
1245 1434 bundle2-output-part: "replycaps" 205 bytes payload
1246 1435 bundle2-output-part: "check:phases" 24 bytes payload
1247 1436 bundle2-output-part: "check:heads" streamed payload
1248 1437 bundle2-output-part: "changegroup" (params: 1 mandatory) streamed payload
1249 1438 bundle2-output-part: "phase-heads" 24 bytes payload
1250 1439 bundle2-input-bundle: with-transaction
1251 1440 bundle2-input-part: "replycaps" supported
1252 1441 bundle2-input-part: total payload size 205
1253 1442 bundle2-input-part: "check:phases" supported
1254 1443 bundle2-input-part: total payload size 24
1255 1444 bundle2-input-part: "check:heads" supported
1256 1445 bundle2-input-part: total payload size 20
1257 1446 bundle2-input-part: "changegroup" (params: 1 mandatory) supported
1258 1447 adding changesets
1259 1448 add changeset ef1ea85a6374
1260 1449 add changeset f9cafe1212c8
1261 1450 add changeset 911600dab2ae
1262 1451 adding manifests
1263 1452 adding file changes
1264 1453 adding foo/Bar/file.txt revisions
1265 1454 adding foo/file.txt revisions
1266 1455 adding quux/file.py revisions
1267 1456 added 3 changesets with 3 changes to 3 files
1268 1457 calling hook pretxnchangegroup.acl: hgext.acl.hook
1269 1458 acl: checking access for user "fred"
1270 1459 acl: acl.allow.branches not enabled
1271 1460 acl: acl.deny.branches not enabled
1272 1461 acl: acl.allow enabled, 1 entries for user fred
1273 1462 acl: acl.deny enabled, 1 entries for user fred
1274 1463 acl: branch access granted: "ef1ea85a6374" on branch "default"
1275 1464 acl: path access granted: "ef1ea85a6374"
1276 1465 acl: branch access granted: "f9cafe1212c8" on branch "default"
1277 1466 error: pretxnchangegroup.acl hook failed: acl: user "fred" denied on "foo/Bar/file.txt" (changeset "f9cafe1212c8")
1278 1467 bundle2-input-part: total payload size 1553
1279 1468 bundle2-input-part: total payload size 24
1280 1469 bundle2-input-bundle: 4 parts total
1281 1470 transaction abort!
1282 1471 rollback completed
1283 1472 abort: acl: user "fred" denied on "foo/Bar/file.txt" (changeset "f9cafe1212c8")
1284 1473 no rollback information available
1285 1474 0:6675d58eff77
1286 1475
1287 1476
1288 1477 Groups
1289 1478
1290 1479 $ init_config
1291 1480
1292 1481 OS-level groups
1293 1482
1294 1483 $ echo '[acl.allow]' >> $config
1295 1484 $ echo "** = @group1" >> $config
1296 1485
1297 1486 @group1 is always allowed
1298 1487
1299 1488 $ do_push fred
1300 1489 Pushing as user fred
1301 1490 hgrc = """
1302 1491 [hooks]
1303 1492 pretxnchangegroup.acl = python:hgext.acl.hook
1493 prepushkey.acl = python:hgext.acl.hook
1304 1494 [acl]
1305 1495 sources = push
1306 1496 [extensions]
1307 1497 posixgetuser=$TESTTMP/posixgetuser.py
1308 1498 [acl.allow]
1309 1499 ** = @group1
1310 1500 """
1311 1501 pushing to ../b
1312 1502 query 1; heads
1313 1503 searching for changes
1314 1504 all remote heads known locally
1315 1505 listing keys for "phases"
1316 1506 checking for updated bookmarks
1317 1507 listing keys for "bookmarks"
1318 1508 listing keys for "bookmarks"
1319 1509 3 changesets found
1320 1510 list of changesets:
1321 1511 ef1ea85a6374b77d6da9dcda9541f498f2d17df7
1322 1512 f9cafe1212c8c6fa1120d14a556e18cc44ff8bdd
1323 1513 911600dab2ae7a9baff75958b84fe606851ce955
1324 1514 bundle2-output-bundle: "HG20", 5 parts total
1325 1515 bundle2-output-part: "replycaps" 205 bytes payload
1326 1516 bundle2-output-part: "check:phases" 24 bytes payload
1327 1517 bundle2-output-part: "check:heads" streamed payload
1328 1518 bundle2-output-part: "changegroup" (params: 1 mandatory) streamed payload
1329 1519 bundle2-output-part: "phase-heads" 24 bytes payload
1330 1520 bundle2-input-bundle: with-transaction
1331 1521 bundle2-input-part: "replycaps" supported
1332 1522 bundle2-input-part: total payload size 205
1333 1523 bundle2-input-part: "check:phases" supported
1334 1524 bundle2-input-part: total payload size 24
1335 1525 bundle2-input-part: "check:heads" supported
1336 1526 bundle2-input-part: total payload size 20
1337 1527 bundle2-input-part: "changegroup" (params: 1 mandatory) supported
1338 1528 adding changesets
1339 1529 add changeset ef1ea85a6374
1340 1530 add changeset f9cafe1212c8
1341 1531 add changeset 911600dab2ae
1342 1532 adding manifests
1343 1533 adding file changes
1344 1534 adding foo/Bar/file.txt revisions
1345 1535 adding foo/file.txt revisions
1346 1536 adding quux/file.py revisions
1347 1537 added 3 changesets with 3 changes to 3 files
1348 1538 calling hook pretxnchangegroup.acl: hgext.acl.hook
1349 1539 acl: checking access for user "fred"
1350 1540 acl: acl.allow.branches not enabled
1351 1541 acl: acl.deny.branches not enabled
1352 1542 acl: "group1" not defined in [acl.groups]
1353 1543 acl: acl.allow enabled, 1 entries for user fred
1354 1544 acl: acl.deny not enabled
1355 1545 acl: branch access granted: "ef1ea85a6374" on branch "default"
1356 1546 acl: path access granted: "ef1ea85a6374"
1357 1547 acl: branch access granted: "f9cafe1212c8" on branch "default"
1358 1548 acl: path access granted: "f9cafe1212c8"
1359 1549 acl: branch access granted: "911600dab2ae" on branch "default"
1360 1550 acl: path access granted: "911600dab2ae"
1361 1551 bundle2-input-part: total payload size 1553
1362 1552 bundle2-input-part: "phase-heads" supported
1363 1553 bundle2-input-part: total payload size 24
1364 1554 bundle2-input-bundle: 4 parts total
1365 1555 updating the branch cache
1366 1556 bundle2-output-bundle: "HG20", 1 parts total
1367 1557 bundle2-output-part: "reply:changegroup" (advisory) (params: 0 advisory) empty payload
1368 1558 bundle2-input-bundle: no-transaction
1369 1559 bundle2-input-part: "reply:changegroup" (advisory) (params: 0 advisory) supported
1370 1560 bundle2-input-bundle: 0 parts total
1371 1561 listing keys for "phases"
1372 1562 repository tip rolled back to revision 0 (undo push)
1373 1563 0:6675d58eff77
1374 1564
1375 1565
1376 1566 $ echo '[acl.deny]' >> $config
1377 1567 $ echo "foo/Bar/** = @group1" >> $config
1378 1568
1379 1569 @group is allowed inside anything but foo/Bar/
1380 1570
1381 1571 $ do_push fred
1382 1572 Pushing as user fred
1383 1573 hgrc = """
1384 1574 [hooks]
1385 1575 pretxnchangegroup.acl = python:hgext.acl.hook
1576 prepushkey.acl = python:hgext.acl.hook
1386 1577 [acl]
1387 1578 sources = push
1388 1579 [extensions]
1389 1580 posixgetuser=$TESTTMP/posixgetuser.py
1390 1581 [acl.allow]
1391 1582 ** = @group1
1392 1583 [acl.deny]
1393 1584 foo/Bar/** = @group1
1394 1585 """
1395 1586 pushing to ../b
1396 1587 query 1; heads
1397 1588 searching for changes
1398 1589 all remote heads known locally
1399 1590 listing keys for "phases"
1400 1591 checking for updated bookmarks
1401 1592 listing keys for "bookmarks"
1402 1593 listing keys for "bookmarks"
1403 1594 3 changesets found
1404 1595 list of changesets:
1405 1596 ef1ea85a6374b77d6da9dcda9541f498f2d17df7
1406 1597 f9cafe1212c8c6fa1120d14a556e18cc44ff8bdd
1407 1598 911600dab2ae7a9baff75958b84fe606851ce955
1408 1599 bundle2-output-bundle: "HG20", 5 parts total
1409 1600 bundle2-output-part: "replycaps" 205 bytes payload
1410 1601 bundle2-output-part: "check:phases" 24 bytes payload
1411 1602 bundle2-output-part: "check:heads" streamed payload
1412 1603 bundle2-output-part: "changegroup" (params: 1 mandatory) streamed payload
1413 1604 bundle2-output-part: "phase-heads" 24 bytes payload
1414 1605 bundle2-input-bundle: with-transaction
1415 1606 bundle2-input-part: "replycaps" supported
1416 1607 bundle2-input-part: total payload size 205
1417 1608 bundle2-input-part: "check:phases" supported
1418 1609 bundle2-input-part: total payload size 24
1419 1610 bundle2-input-part: "check:heads" supported
1420 1611 bundle2-input-part: total payload size 20
1421 1612 bundle2-input-part: "changegroup" (params: 1 mandatory) supported
1422 1613 adding changesets
1423 1614 add changeset ef1ea85a6374
1424 1615 add changeset f9cafe1212c8
1425 1616 add changeset 911600dab2ae
1426 1617 adding manifests
1427 1618 adding file changes
1428 1619 adding foo/Bar/file.txt revisions
1429 1620 adding foo/file.txt revisions
1430 1621 adding quux/file.py revisions
1431 1622 added 3 changesets with 3 changes to 3 files
1432 1623 calling hook pretxnchangegroup.acl: hgext.acl.hook
1433 1624 acl: checking access for user "fred"
1434 1625 acl: acl.allow.branches not enabled
1435 1626 acl: acl.deny.branches not enabled
1436 1627 acl: "group1" not defined in [acl.groups]
1437 1628 acl: acl.allow enabled, 1 entries for user fred
1438 1629 acl: "group1" not defined in [acl.groups]
1439 1630 acl: acl.deny enabled, 1 entries for user fred
1440 1631 acl: branch access granted: "ef1ea85a6374" on branch "default"
1441 1632 acl: path access granted: "ef1ea85a6374"
1442 1633 acl: branch access granted: "f9cafe1212c8" on branch "default"
1443 1634 error: pretxnchangegroup.acl hook failed: acl: user "fred" denied on "foo/Bar/file.txt" (changeset "f9cafe1212c8")
1444 1635 bundle2-input-part: total payload size 1553
1445 1636 bundle2-input-part: total payload size 24
1446 1637 bundle2-input-bundle: 4 parts total
1447 1638 transaction abort!
1448 1639 rollback completed
1449 1640 abort: acl: user "fred" denied on "foo/Bar/file.txt" (changeset "f9cafe1212c8")
1450 1641 no rollback information available
1451 1642 0:6675d58eff77
1452 1643
1453 1644
1454 1645 Invalid group
1455 1646
1456 1647 Disable the fakegroups trick to get real failures
1457 1648
1458 1649 $ grep -v fakegroups $config > config.tmp
1459 1650 $ mv config.tmp $config
1460 1651 $ echo '[acl.allow]' >> $config
1461 1652 $ echo "** = @unlikelytoexist" >> $config
1462 1653 $ do_push fred 2>&1 | grep unlikelytoexist
1463 1654 ** = @unlikelytoexist
1464 1655 acl: "unlikelytoexist" not defined in [acl.groups]
1465 1656 error: pretxnchangegroup.acl hook failed: group 'unlikelytoexist' is undefined
1466 1657 abort: group 'unlikelytoexist' is undefined
1467 1658
1468 1659
1469 1660 Branch acl tests setup
1470 1661
1471 1662 $ init_config
1472 1663 $ cd b
1473 1664 $ hg up
1474 1665 0 files updated, 0 files merged, 0 files removed, 0 files unresolved
1475 1666 $ hg branch foobar
1476 1667 marked working directory as branch foobar
1477 1668 (branches are permanent and global, did you want a bookmark?)
1478 1669 $ hg commit -m 'create foobar'
1479 1670 $ echo 'foo contents' > abc.txt
1480 1671 $ hg add abc.txt
1481 1672 $ hg commit -m 'foobar contents'
1482 1673 $ cd ..
1483 1674 $ hg --cwd a pull ../b
1484 1675 pulling from ../b
1485 1676 searching for changes
1486 1677 adding changesets
1487 1678 adding manifests
1488 1679 adding file changes
1489 1680 added 2 changesets with 1 changes to 1 files (+1 heads)
1490 1681 new changesets 81fbf4469322:fb35475503ef
1491 1682 (run 'hg heads' to see heads)
1492 1683
1493 1684 Create additional changeset on foobar branch
1494 1685
1495 1686 $ cd a
1496 1687 $ hg up -C foobar
1497 1688 4 files updated, 0 files merged, 0 files removed, 0 files unresolved
1498 1689 $ echo 'foo contents2' > abc.txt
1499 1690 $ hg commit -m 'foobar contents2'
1500 1691 $ cd ..
1501 1692
1502 1693
1503 1694 No branch acls specified
1504 1695
1505 1696 $ do_push astro
1506 1697 Pushing as user astro
1507 1698 hgrc = """
1508 1699 [hooks]
1509 1700 pretxnchangegroup.acl = python:hgext.acl.hook
1701 prepushkey.acl = python:hgext.acl.hook
1510 1702 [acl]
1511 1703 sources = push
1512 1704 [extensions]
1513 1705 posixgetuser=$TESTTMP/posixgetuser.py
1514 1706 """
1515 1707 pushing to ../b
1516 1708 query 1; heads
1517 1709 searching for changes
1518 1710 all remote heads known locally
1519 1711 listing keys for "phases"
1520 1712 checking for updated bookmarks
1521 1713 listing keys for "bookmarks"
1522 1714 listing keys for "bookmarks"
1523 1715 4 changesets found
1524 1716 list of changesets:
1525 1717 ef1ea85a6374b77d6da9dcda9541f498f2d17df7
1526 1718 f9cafe1212c8c6fa1120d14a556e18cc44ff8bdd
1527 1719 911600dab2ae7a9baff75958b84fe606851ce955
1528 1720 e8fc755d4d8217ee5b0c2bb41558c40d43b92c01
1529 1721 bundle2-output-bundle: "HG20", 5 parts total
1530 1722 bundle2-output-part: "replycaps" 205 bytes payload
1531 1723 bundle2-output-part: "check:phases" 48 bytes payload
1532 1724 bundle2-output-part: "check:heads" streamed payload
1533 1725 bundle2-output-part: "changegroup" (params: 1 mandatory) streamed payload
1534 1726 bundle2-output-part: "phase-heads" 48 bytes payload
1535 1727 bundle2-input-bundle: with-transaction
1536 1728 bundle2-input-part: "replycaps" supported
1537 1729 bundle2-input-part: total payload size 205
1538 1730 bundle2-input-part: "check:phases" supported
1539 1731 bundle2-input-part: total payload size 48
1540 1732 bundle2-input-part: "check:heads" supported
1541 1733 bundle2-input-part: total payload size 20
1542 1734 bundle2-input-part: "changegroup" (params: 1 mandatory) supported
1543 1735 adding changesets
1544 1736 add changeset ef1ea85a6374
1545 1737 add changeset f9cafe1212c8
1546 1738 add changeset 911600dab2ae
1547 1739 add changeset e8fc755d4d82
1548 1740 adding manifests
1549 1741 adding file changes
1550 1742 adding abc.txt revisions
1551 1743 adding foo/Bar/file.txt revisions
1552 1744 adding foo/file.txt revisions
1553 1745 adding quux/file.py revisions
1554 1746 added 4 changesets with 4 changes to 4 files (+1 heads)
1555 1747 calling hook pretxnchangegroup.acl: hgext.acl.hook
1556 1748 acl: checking access for user "astro"
1557 1749 acl: acl.allow.branches not enabled
1558 1750 acl: acl.deny.branches not enabled
1559 1751 acl: acl.allow not enabled
1560 1752 acl: acl.deny not enabled
1561 1753 acl: branch access granted: "ef1ea85a6374" on branch "default"
1562 1754 acl: path access granted: "ef1ea85a6374"
1563 1755 acl: branch access granted: "f9cafe1212c8" on branch "default"
1564 1756 acl: path access granted: "f9cafe1212c8"
1565 1757 acl: branch access granted: "911600dab2ae" on branch "default"
1566 1758 acl: path access granted: "911600dab2ae"
1567 1759 acl: branch access granted: "e8fc755d4d82" on branch "foobar"
1568 1760 acl: path access granted: "e8fc755d4d82"
1569 1761 bundle2-input-part: total payload size 2068
1570 1762 bundle2-input-part: "phase-heads" supported
1571 1763 bundle2-input-part: total payload size 48
1572 1764 bundle2-input-bundle: 4 parts total
1573 1765 updating the branch cache
1574 1766 bundle2-output-bundle: "HG20", 1 parts total
1575 1767 bundle2-output-part: "reply:changegroup" (advisory) (params: 0 advisory) empty payload
1576 1768 bundle2-input-bundle: no-transaction
1577 1769 bundle2-input-part: "reply:changegroup" (advisory) (params: 0 advisory) supported
1578 1770 bundle2-input-bundle: 0 parts total
1579 1771 listing keys for "phases"
1580 1772 repository tip rolled back to revision 2 (undo push)
1581 1773 2:fb35475503ef
1582 1774
1583 1775
1584 1776 Branch acl deny test
1585 1777
1586 1778 $ echo "[acl.deny.branches]" >> $config
1587 1779 $ echo "foobar = *" >> $config
1588 1780 $ do_push astro
1589 1781 Pushing as user astro
1590 1782 hgrc = """
1591 1783 [hooks]
1592 1784 pretxnchangegroup.acl = python:hgext.acl.hook
1785 prepushkey.acl = python:hgext.acl.hook
1593 1786 [acl]
1594 1787 sources = push
1595 1788 [extensions]
1596 1789 posixgetuser=$TESTTMP/posixgetuser.py
1597 1790 [acl.deny.branches]
1598 1791 foobar = *
1599 1792 """
1600 1793 pushing to ../b
1601 1794 query 1; heads
1602 1795 searching for changes
1603 1796 all remote heads known locally
1604 1797 listing keys for "phases"
1605 1798 checking for updated bookmarks
1606 1799 listing keys for "bookmarks"
1607 1800 listing keys for "bookmarks"
1608 1801 4 changesets found
1609 1802 list of changesets:
1610 1803 ef1ea85a6374b77d6da9dcda9541f498f2d17df7
1611 1804 f9cafe1212c8c6fa1120d14a556e18cc44ff8bdd
1612 1805 911600dab2ae7a9baff75958b84fe606851ce955
1613 1806 e8fc755d4d8217ee5b0c2bb41558c40d43b92c01
1614 1807 bundle2-output-bundle: "HG20", 5 parts total
1615 1808 bundle2-output-part: "replycaps" 205 bytes payload
1616 1809 bundle2-output-part: "check:phases" 48 bytes payload
1617 1810 bundle2-output-part: "check:heads" streamed payload
1618 1811 bundle2-output-part: "changegroup" (params: 1 mandatory) streamed payload
1619 1812 bundle2-output-part: "phase-heads" 48 bytes payload
1620 1813 bundle2-input-bundle: with-transaction
1621 1814 bundle2-input-part: "replycaps" supported
1622 1815 bundle2-input-part: total payload size 205
1623 1816 bundle2-input-part: "check:phases" supported
1624 1817 bundle2-input-part: total payload size 48
1625 1818 bundle2-input-part: "check:heads" supported
1626 1819 bundle2-input-part: total payload size 20
1627 1820 bundle2-input-part: "changegroup" (params: 1 mandatory) supported
1628 1821 adding changesets
1629 1822 add changeset ef1ea85a6374
1630 1823 add changeset f9cafe1212c8
1631 1824 add changeset 911600dab2ae
1632 1825 add changeset e8fc755d4d82
1633 1826 adding manifests
1634 1827 adding file changes
1635 1828 adding abc.txt revisions
1636 1829 adding foo/Bar/file.txt revisions
1637 1830 adding foo/file.txt revisions
1638 1831 adding quux/file.py revisions
1639 1832 added 4 changesets with 4 changes to 4 files (+1 heads)
1640 1833 calling hook pretxnchangegroup.acl: hgext.acl.hook
1641 1834 acl: checking access for user "astro"
1642 1835 acl: acl.allow.branches not enabled
1643 1836 acl: acl.deny.branches enabled, 1 entries for user astro
1644 1837 acl: acl.allow not enabled
1645 1838 acl: acl.deny not enabled
1646 1839 acl: branch access granted: "ef1ea85a6374" on branch "default"
1647 1840 acl: path access granted: "ef1ea85a6374"
1648 1841 acl: branch access granted: "f9cafe1212c8" on branch "default"
1649 1842 acl: path access granted: "f9cafe1212c8"
1650 1843 acl: branch access granted: "911600dab2ae" on branch "default"
1651 1844 acl: path access granted: "911600dab2ae"
1652 1845 error: pretxnchangegroup.acl hook failed: acl: user "astro" denied on branch "foobar" (changeset "e8fc755d4d82")
1653 1846 bundle2-input-part: total payload size 2068
1654 1847 bundle2-input-part: total payload size 48
1655 1848 bundle2-input-bundle: 4 parts total
1656 1849 transaction abort!
1657 1850 rollback completed
1658 1851 abort: acl: user "astro" denied on branch "foobar" (changeset "e8fc755d4d82")
1659 1852 no rollback information available
1660 1853 2:fb35475503ef
1661 1854
1662 1855
1663 1856 Branch acl empty allow test
1664 1857
1665 1858 $ init_config
1666 1859 $ echo "[acl.allow.branches]" >> $config
1667 1860 $ do_push astro
1668 1861 Pushing as user astro
1669 1862 hgrc = """
1670 1863 [hooks]
1671 1864 pretxnchangegroup.acl = python:hgext.acl.hook
1865 prepushkey.acl = python:hgext.acl.hook
1672 1866 [acl]
1673 1867 sources = push
1674 1868 [extensions]
1675 1869 posixgetuser=$TESTTMP/posixgetuser.py
1676 1870 [acl.allow.branches]
1677 1871 """
1678 1872 pushing to ../b
1679 1873 query 1; heads
1680 1874 searching for changes
1681 1875 all remote heads known locally
1682 1876 listing keys for "phases"
1683 1877 checking for updated bookmarks
1684 1878 listing keys for "bookmarks"
1685 1879 listing keys for "bookmarks"
1686 1880 4 changesets found
1687 1881 list of changesets:
1688 1882 ef1ea85a6374b77d6da9dcda9541f498f2d17df7
1689 1883 f9cafe1212c8c6fa1120d14a556e18cc44ff8bdd
1690 1884 911600dab2ae7a9baff75958b84fe606851ce955
1691 1885 e8fc755d4d8217ee5b0c2bb41558c40d43b92c01
1692 1886 bundle2-output-bundle: "HG20", 5 parts total
1693 1887 bundle2-output-part: "replycaps" 205 bytes payload
1694 1888 bundle2-output-part: "check:phases" 48 bytes payload
1695 1889 bundle2-output-part: "check:heads" streamed payload
1696 1890 bundle2-output-part: "changegroup" (params: 1 mandatory) streamed payload
1697 1891 bundle2-output-part: "phase-heads" 48 bytes payload
1698 1892 bundle2-input-bundle: with-transaction
1699 1893 bundle2-input-part: "replycaps" supported
1700 1894 bundle2-input-part: total payload size 205
1701 1895 bundle2-input-part: "check:phases" supported
1702 1896 bundle2-input-part: total payload size 48
1703 1897 bundle2-input-part: "check:heads" supported
1704 1898 bundle2-input-part: total payload size 20
1705 1899 bundle2-input-part: "changegroup" (params: 1 mandatory) supported
1706 1900 adding changesets
1707 1901 add changeset ef1ea85a6374
1708 1902 add changeset f9cafe1212c8
1709 1903 add changeset 911600dab2ae
1710 1904 add changeset e8fc755d4d82
1711 1905 adding manifests
1712 1906 adding file changes
1713 1907 adding abc.txt revisions
1714 1908 adding foo/Bar/file.txt revisions
1715 1909 adding foo/file.txt revisions
1716 1910 adding quux/file.py revisions
1717 1911 added 4 changesets with 4 changes to 4 files (+1 heads)
1718 1912 calling hook pretxnchangegroup.acl: hgext.acl.hook
1719 1913 acl: checking access for user "astro"
1720 1914 acl: acl.allow.branches enabled, 0 entries for user astro
1721 1915 acl: acl.deny.branches not enabled
1722 1916 acl: acl.allow not enabled
1723 1917 acl: acl.deny not enabled
1724 1918 error: pretxnchangegroup.acl hook failed: acl: user "astro" not allowed on branch "default" (changeset "ef1ea85a6374")
1725 1919 bundle2-input-part: total payload size 2068
1726 1920 bundle2-input-part: total payload size 48
1727 1921 bundle2-input-bundle: 4 parts total
1728 1922 transaction abort!
1729 1923 rollback completed
1730 1924 abort: acl: user "astro" not allowed on branch "default" (changeset "ef1ea85a6374")
1731 1925 no rollback information available
1732 1926 2:fb35475503ef
1733 1927
1734 1928
1735 1929 Branch acl allow other
1736 1930
1737 1931 $ init_config
1738 1932 $ echo "[acl.allow.branches]" >> $config
1739 1933 $ echo "* = george" >> $config
1740 1934 $ do_push astro
1741 1935 Pushing as user astro
1742 1936 hgrc = """
1743 1937 [hooks]
1744 1938 pretxnchangegroup.acl = python:hgext.acl.hook
1939 prepushkey.acl = python:hgext.acl.hook
1745 1940 [acl]
1746 1941 sources = push
1747 1942 [extensions]
1748 1943 posixgetuser=$TESTTMP/posixgetuser.py
1749 1944 [acl.allow.branches]
1750 1945 * = george
1751 1946 """
1752 1947 pushing to ../b
1753 1948 query 1; heads
1754 1949 searching for changes
1755 1950 all remote heads known locally
1756 1951 listing keys for "phases"
1757 1952 checking for updated bookmarks
1758 1953 listing keys for "bookmarks"
1759 1954 listing keys for "bookmarks"
1760 1955 4 changesets found
1761 1956 list of changesets:
1762 1957 ef1ea85a6374b77d6da9dcda9541f498f2d17df7
1763 1958 f9cafe1212c8c6fa1120d14a556e18cc44ff8bdd
1764 1959 911600dab2ae7a9baff75958b84fe606851ce955
1765 1960 e8fc755d4d8217ee5b0c2bb41558c40d43b92c01
1766 1961 bundle2-output-bundle: "HG20", 5 parts total
1767 1962 bundle2-output-part: "replycaps" 205 bytes payload
1768 1963 bundle2-output-part: "check:phases" 48 bytes payload
1769 1964 bundle2-output-part: "check:heads" streamed payload
1770 1965 bundle2-output-part: "changegroup" (params: 1 mandatory) streamed payload
1771 1966 bundle2-output-part: "phase-heads" 48 bytes payload
1772 1967 bundle2-input-bundle: with-transaction
1773 1968 bundle2-input-part: "replycaps" supported
1774 1969 bundle2-input-part: total payload size 205
1775 1970 bundle2-input-part: "check:phases" supported
1776 1971 bundle2-input-part: total payload size 48
1777 1972 bundle2-input-part: "check:heads" supported
1778 1973 bundle2-input-part: total payload size 20
1779 1974 bundle2-input-part: "changegroup" (params: 1 mandatory) supported
1780 1975 adding changesets
1781 1976 add changeset ef1ea85a6374
1782 1977 add changeset f9cafe1212c8
1783 1978 add changeset 911600dab2ae
1784 1979 add changeset e8fc755d4d82
1785 1980 adding manifests
1786 1981 adding file changes
1787 1982 adding abc.txt revisions
1788 1983 adding foo/Bar/file.txt revisions
1789 1984 adding foo/file.txt revisions
1790 1985 adding quux/file.py revisions
1791 1986 added 4 changesets with 4 changes to 4 files (+1 heads)
1792 1987 calling hook pretxnchangegroup.acl: hgext.acl.hook
1793 1988 acl: checking access for user "astro"
1794 1989 acl: acl.allow.branches enabled, 0 entries for user astro
1795 1990 acl: acl.deny.branches not enabled
1796 1991 acl: acl.allow not enabled
1797 1992 acl: acl.deny not enabled
1798 1993 error: pretxnchangegroup.acl hook failed: acl: user "astro" not allowed on branch "default" (changeset "ef1ea85a6374")
1799 1994 bundle2-input-part: total payload size 2068
1800 1995 bundle2-input-part: total payload size 48
1801 1996 bundle2-input-bundle: 4 parts total
1802 1997 transaction abort!
1803 1998 rollback completed
1804 1999 abort: acl: user "astro" not allowed on branch "default" (changeset "ef1ea85a6374")
1805 2000 no rollback information available
1806 2001 2:fb35475503ef
1807 2002
1808 2003 $ do_push george
1809 2004 Pushing as user george
1810 2005 hgrc = """
1811 2006 [hooks]
1812 2007 pretxnchangegroup.acl = python:hgext.acl.hook
2008 prepushkey.acl = python:hgext.acl.hook
1813 2009 [acl]
1814 2010 sources = push
1815 2011 [extensions]
1816 2012 posixgetuser=$TESTTMP/posixgetuser.py
1817 2013 [acl.allow.branches]
1818 2014 * = george
1819 2015 """
1820 2016 pushing to ../b
1821 2017 query 1; heads
1822 2018 searching for changes
1823 2019 all remote heads known locally
1824 2020 listing keys for "phases"
1825 2021 checking for updated bookmarks
1826 2022 listing keys for "bookmarks"
1827 2023 listing keys for "bookmarks"
1828 2024 4 changesets found
1829 2025 list of changesets:
1830 2026 ef1ea85a6374b77d6da9dcda9541f498f2d17df7
1831 2027 f9cafe1212c8c6fa1120d14a556e18cc44ff8bdd
1832 2028 911600dab2ae7a9baff75958b84fe606851ce955
1833 2029 e8fc755d4d8217ee5b0c2bb41558c40d43b92c01
1834 2030 bundle2-output-bundle: "HG20", 5 parts total
1835 2031 bundle2-output-part: "replycaps" 205 bytes payload
1836 2032 bundle2-output-part: "check:phases" 48 bytes payload
1837 2033 bundle2-output-part: "check:heads" streamed payload
1838 2034 bundle2-output-part: "changegroup" (params: 1 mandatory) streamed payload
1839 2035 bundle2-output-part: "phase-heads" 48 bytes payload
1840 2036 bundle2-input-bundle: with-transaction
1841 2037 bundle2-input-part: "replycaps" supported
1842 2038 bundle2-input-part: total payload size 205
1843 2039 bundle2-input-part: "check:phases" supported
1844 2040 bundle2-input-part: total payload size 48
1845 2041 bundle2-input-part: "check:heads" supported
1846 2042 bundle2-input-part: total payload size 20
1847 2043 bundle2-input-part: "changegroup" (params: 1 mandatory) supported
1848 2044 adding changesets
1849 2045 add changeset ef1ea85a6374
1850 2046 add changeset f9cafe1212c8
1851 2047 add changeset 911600dab2ae
1852 2048 add changeset e8fc755d4d82
1853 2049 adding manifests
1854 2050 adding file changes
1855 2051 adding abc.txt revisions
1856 2052 adding foo/Bar/file.txt revisions
1857 2053 adding foo/file.txt revisions
1858 2054 adding quux/file.py revisions
1859 2055 added 4 changesets with 4 changes to 4 files (+1 heads)
1860 2056 calling hook pretxnchangegroup.acl: hgext.acl.hook
1861 2057 acl: checking access for user "george"
1862 2058 acl: acl.allow.branches enabled, 1 entries for user george
1863 2059 acl: acl.deny.branches not enabled
1864 2060 acl: acl.allow not enabled
1865 2061 acl: acl.deny not enabled
1866 2062 acl: branch access granted: "ef1ea85a6374" on branch "default"
1867 2063 acl: path access granted: "ef1ea85a6374"
1868 2064 acl: branch access granted: "f9cafe1212c8" on branch "default"
1869 2065 acl: path access granted: "f9cafe1212c8"
1870 2066 acl: branch access granted: "911600dab2ae" on branch "default"
1871 2067 acl: path access granted: "911600dab2ae"
1872 2068 acl: branch access granted: "e8fc755d4d82" on branch "foobar"
1873 2069 acl: path access granted: "e8fc755d4d82"
1874 2070 bundle2-input-part: total payload size 2068
1875 2071 bundle2-input-part: "phase-heads" supported
1876 2072 bundle2-input-part: total payload size 48
1877 2073 bundle2-input-bundle: 4 parts total
1878 2074 updating the branch cache
1879 2075 bundle2-output-bundle: "HG20", 1 parts total
1880 2076 bundle2-output-part: "reply:changegroup" (advisory) (params: 0 advisory) empty payload
1881 2077 bundle2-input-bundle: no-transaction
1882 2078 bundle2-input-part: "reply:changegroup" (advisory) (params: 0 advisory) supported
1883 2079 bundle2-input-bundle: 0 parts total
1884 2080 listing keys for "phases"
1885 2081 repository tip rolled back to revision 2 (undo push)
1886 2082 2:fb35475503ef
1887 2083
1888 2084
1889 2085 Branch acl conflicting allow
1890 2086 asterisk ends up applying to all branches and allowing george to
1891 2087 push foobar into the remote
1892 2088
1893 2089 $ init_config
1894 2090 $ echo "[acl.allow.branches]" >> $config
1895 2091 $ echo "foobar = astro" >> $config
1896 2092 $ echo "* = george" >> $config
1897 2093 $ do_push george
1898 2094 Pushing as user george
1899 2095 hgrc = """
1900 2096 [hooks]
1901 2097 pretxnchangegroup.acl = python:hgext.acl.hook
2098 prepushkey.acl = python:hgext.acl.hook
1902 2099 [acl]
1903 2100 sources = push
1904 2101 [extensions]
1905 2102 posixgetuser=$TESTTMP/posixgetuser.py
1906 2103 [acl.allow.branches]
1907 2104 foobar = astro
1908 2105 * = george
1909 2106 """
1910 2107 pushing to ../b
1911 2108 query 1; heads
1912 2109 searching for changes
1913 2110 all remote heads known locally
1914 2111 listing keys for "phases"
1915 2112 checking for updated bookmarks
1916 2113 listing keys for "bookmarks"
1917 2114 listing keys for "bookmarks"
1918 2115 4 changesets found
1919 2116 list of changesets:
1920 2117 ef1ea85a6374b77d6da9dcda9541f498f2d17df7
1921 2118 f9cafe1212c8c6fa1120d14a556e18cc44ff8bdd
1922 2119 911600dab2ae7a9baff75958b84fe606851ce955
1923 2120 e8fc755d4d8217ee5b0c2bb41558c40d43b92c01
1924 2121 bundle2-output-bundle: "HG20", 5 parts total
1925 2122 bundle2-output-part: "replycaps" 205 bytes payload
1926 2123 bundle2-output-part: "check:phases" 48 bytes payload
1927 2124 bundle2-output-part: "check:heads" streamed payload
1928 2125 bundle2-output-part: "changegroup" (params: 1 mandatory) streamed payload
1929 2126 bundle2-output-part: "phase-heads" 48 bytes payload
1930 2127 bundle2-input-bundle: with-transaction
1931 2128 bundle2-input-part: "replycaps" supported
1932 2129 bundle2-input-part: total payload size 205
1933 2130 bundle2-input-part: "check:phases" supported
1934 2131 bundle2-input-part: total payload size 48
1935 2132 bundle2-input-part: "check:heads" supported
1936 2133 bundle2-input-part: total payload size 20
1937 2134 bundle2-input-part: "changegroup" (params: 1 mandatory) supported
1938 2135 adding changesets
1939 2136 add changeset ef1ea85a6374
1940 2137 add changeset f9cafe1212c8
1941 2138 add changeset 911600dab2ae
1942 2139 add changeset e8fc755d4d82
1943 2140 adding manifests
1944 2141 adding file changes
1945 2142 adding abc.txt revisions
1946 2143 adding foo/Bar/file.txt revisions
1947 2144 adding foo/file.txt revisions
1948 2145 adding quux/file.py revisions
1949 2146 added 4 changesets with 4 changes to 4 files (+1 heads)
1950 2147 calling hook pretxnchangegroup.acl: hgext.acl.hook
1951 2148 acl: checking access for user "george"
1952 2149 acl: acl.allow.branches enabled, 1 entries for user george
1953 2150 acl: acl.deny.branches not enabled
1954 2151 acl: acl.allow not enabled
1955 2152 acl: acl.deny not enabled
1956 2153 acl: branch access granted: "ef1ea85a6374" on branch "default"
1957 2154 acl: path access granted: "ef1ea85a6374"
1958 2155 acl: branch access granted: "f9cafe1212c8" on branch "default"
1959 2156 acl: path access granted: "f9cafe1212c8"
1960 2157 acl: branch access granted: "911600dab2ae" on branch "default"
1961 2158 acl: path access granted: "911600dab2ae"
1962 2159 acl: branch access granted: "e8fc755d4d82" on branch "foobar"
1963 2160 acl: path access granted: "e8fc755d4d82"
1964 2161 bundle2-input-part: total payload size 2068
1965 2162 bundle2-input-part: "phase-heads" supported
1966 2163 bundle2-input-part: total payload size 48
1967 2164 bundle2-input-bundle: 4 parts total
1968 2165 updating the branch cache
1969 2166 bundle2-output-bundle: "HG20", 1 parts total
1970 2167 bundle2-output-part: "reply:changegroup" (advisory) (params: 0 advisory) empty payload
1971 2168 bundle2-input-bundle: no-transaction
1972 2169 bundle2-input-part: "reply:changegroup" (advisory) (params: 0 advisory) supported
1973 2170 bundle2-input-bundle: 0 parts total
1974 2171 listing keys for "phases"
1975 2172 repository tip rolled back to revision 2 (undo push)
1976 2173 2:fb35475503ef
1977 2174
1978 2175 Branch acl conflicting deny
1979 2176
1980 2177 $ init_config
1981 2178 $ echo "[acl.deny.branches]" >> $config
1982 2179 $ echo "foobar = astro" >> $config
1983 2180 $ echo "default = astro" >> $config
1984 2181 $ echo "* = george" >> $config
1985 2182 $ do_push george
1986 2183 Pushing as user george
1987 2184 hgrc = """
1988 2185 [hooks]
1989 2186 pretxnchangegroup.acl = python:hgext.acl.hook
2187 prepushkey.acl = python:hgext.acl.hook
1990 2188 [acl]
1991 2189 sources = push
1992 2190 [extensions]
1993 2191 posixgetuser=$TESTTMP/posixgetuser.py
1994 2192 [acl.deny.branches]
1995 2193 foobar = astro
1996 2194 default = astro
1997 2195 * = george
1998 2196 """
1999 2197 pushing to ../b
2000 2198 query 1; heads
2001 2199 searching for changes
2002 2200 all remote heads known locally
2003 2201 listing keys for "phases"
2004 2202 checking for updated bookmarks
2005 2203 listing keys for "bookmarks"
2006 2204 listing keys for "bookmarks"
2007 2205 4 changesets found
2008 2206 list of changesets:
2009 2207 ef1ea85a6374b77d6da9dcda9541f498f2d17df7
2010 2208 f9cafe1212c8c6fa1120d14a556e18cc44ff8bdd
2011 2209 911600dab2ae7a9baff75958b84fe606851ce955
2012 2210 e8fc755d4d8217ee5b0c2bb41558c40d43b92c01
2013 2211 bundle2-output-bundle: "HG20", 5 parts total
2014 2212 bundle2-output-part: "replycaps" 205 bytes payload
2015 2213 bundle2-output-part: "check:phases" 48 bytes payload
2016 2214 bundle2-output-part: "check:heads" streamed payload
2017 2215 bundle2-output-part: "changegroup" (params: 1 mandatory) streamed payload
2018 2216 bundle2-output-part: "phase-heads" 48 bytes payload
2019 2217 bundle2-input-bundle: with-transaction
2020 2218 bundle2-input-part: "replycaps" supported
2021 2219 bundle2-input-part: total payload size 205
2022 2220 bundle2-input-part: "check:phases" supported
2023 2221 bundle2-input-part: total payload size 48
2024 2222 bundle2-input-part: "check:heads" supported
2025 2223 bundle2-input-part: total payload size 20
2026 2224 bundle2-input-part: "changegroup" (params: 1 mandatory) supported
2027 2225 adding changesets
2028 2226 add changeset ef1ea85a6374
2029 2227 add changeset f9cafe1212c8
2030 2228 add changeset 911600dab2ae
2031 2229 add changeset e8fc755d4d82
2032 2230 adding manifests
2033 2231 adding file changes
2034 2232 adding abc.txt revisions
2035 2233 adding foo/Bar/file.txt revisions
2036 2234 adding foo/file.txt revisions
2037 2235 adding quux/file.py revisions
2038 2236 added 4 changesets with 4 changes to 4 files (+1 heads)
2039 2237 calling hook pretxnchangegroup.acl: hgext.acl.hook
2040 2238 acl: checking access for user "george"
2041 2239 acl: acl.allow.branches not enabled
2042 2240 acl: acl.deny.branches enabled, 1 entries for user george
2043 2241 acl: acl.allow not enabled
2044 2242 acl: acl.deny not enabled
2045 2243 error: pretxnchangegroup.acl hook failed: acl: user "george" denied on branch "default" (changeset "ef1ea85a6374")
2046 2244 bundle2-input-part: total payload size 2068
2047 2245 bundle2-input-part: total payload size 48
2048 2246 bundle2-input-bundle: 4 parts total
2049 2247 transaction abort!
2050 2248 rollback completed
2051 2249 abort: acl: user "george" denied on branch "default" (changeset "ef1ea85a6374")
2052 2250 no rollback information available
2053 2251 2:fb35475503ef
2054 2252
2055 2253 User 'astro' must not be denied
2056 2254
2057 2255 $ init_config
2058 2256 $ echo "[acl.deny.branches]" >> $config
2059 2257 $ echo "default = !astro" >> $config
2060 2258 $ do_push astro
2061 2259 Pushing as user astro
2062 2260 hgrc = """
2063 2261 [hooks]
2064 2262 pretxnchangegroup.acl = python:hgext.acl.hook
2263 prepushkey.acl = python:hgext.acl.hook
2065 2264 [acl]
2066 2265 sources = push
2067 2266 [extensions]
2068 2267 posixgetuser=$TESTTMP/posixgetuser.py
2069 2268 [acl.deny.branches]
2070 2269 default = !astro
2071 2270 """
2072 2271 pushing to ../b
2073 2272 query 1; heads
2074 2273 searching for changes
2075 2274 all remote heads known locally
2076 2275 listing keys for "phases"
2077 2276 checking for updated bookmarks
2078 2277 listing keys for "bookmarks"
2079 2278 listing keys for "bookmarks"
2080 2279 4 changesets found
2081 2280 list of changesets:
2082 2281 ef1ea85a6374b77d6da9dcda9541f498f2d17df7
2083 2282 f9cafe1212c8c6fa1120d14a556e18cc44ff8bdd
2084 2283 911600dab2ae7a9baff75958b84fe606851ce955
2085 2284 e8fc755d4d8217ee5b0c2bb41558c40d43b92c01
2086 2285 bundle2-output-bundle: "HG20", 5 parts total
2087 2286 bundle2-output-part: "replycaps" 205 bytes payload
2088 2287 bundle2-output-part: "check:phases" 48 bytes payload
2089 2288 bundle2-output-part: "check:heads" streamed payload
2090 2289 bundle2-output-part: "changegroup" (params: 1 mandatory) streamed payload
2091 2290 bundle2-output-part: "phase-heads" 48 bytes payload
2092 2291 bundle2-input-bundle: with-transaction
2093 2292 bundle2-input-part: "replycaps" supported
2094 2293 bundle2-input-part: total payload size 205
2095 2294 bundle2-input-part: "check:phases" supported
2096 2295 bundle2-input-part: total payload size 48
2097 2296 bundle2-input-part: "check:heads" supported
2098 2297 bundle2-input-part: total payload size 20
2099 2298 bundle2-input-part: "changegroup" (params: 1 mandatory) supported
2100 2299 adding changesets
2101 2300 add changeset ef1ea85a6374
2102 2301 add changeset f9cafe1212c8
2103 2302 add changeset 911600dab2ae
2104 2303 add changeset e8fc755d4d82
2105 2304 adding manifests
2106 2305 adding file changes
2107 2306 adding abc.txt revisions
2108 2307 adding foo/Bar/file.txt revisions
2109 2308 adding foo/file.txt revisions
2110 2309 adding quux/file.py revisions
2111 2310 added 4 changesets with 4 changes to 4 files (+1 heads)
2112 2311 calling hook pretxnchangegroup.acl: hgext.acl.hook
2113 2312 acl: checking access for user "astro"
2114 2313 acl: acl.allow.branches not enabled
2115 2314 acl: acl.deny.branches enabled, 0 entries for user astro
2116 2315 acl: acl.allow not enabled
2117 2316 acl: acl.deny not enabled
2118 2317 acl: branch access granted: "ef1ea85a6374" on branch "default"
2119 2318 acl: path access granted: "ef1ea85a6374"
2120 2319 acl: branch access granted: "f9cafe1212c8" on branch "default"
2121 2320 acl: path access granted: "f9cafe1212c8"
2122 2321 acl: branch access granted: "911600dab2ae" on branch "default"
2123 2322 acl: path access granted: "911600dab2ae"
2124 2323 acl: branch access granted: "e8fc755d4d82" on branch "foobar"
2125 2324 acl: path access granted: "e8fc755d4d82"
2126 2325 bundle2-input-part: total payload size 2068
2127 2326 bundle2-input-part: "phase-heads" supported
2128 2327 bundle2-input-part: total payload size 48
2129 2328 bundle2-input-bundle: 4 parts total
2130 2329 updating the branch cache
2131 2330 bundle2-output-bundle: "HG20", 1 parts total
2132 2331 bundle2-output-part: "reply:changegroup" (advisory) (params: 0 advisory) empty payload
2133 2332 bundle2-input-bundle: no-transaction
2134 2333 bundle2-input-part: "reply:changegroup" (advisory) (params: 0 advisory) supported
2135 2334 bundle2-input-bundle: 0 parts total
2136 2335 listing keys for "phases"
2137 2336 repository tip rolled back to revision 2 (undo push)
2138 2337 2:fb35475503ef
2139 2338
2140 2339
2141 2340 Non-astro users must be denied
2142 2341
2143 2342 $ do_push george
2144 2343 Pushing as user george
2145 2344 hgrc = """
2146 2345 [hooks]
2147 2346 pretxnchangegroup.acl = python:hgext.acl.hook
2347 prepushkey.acl = python:hgext.acl.hook
2148 2348 [acl]
2149 2349 sources = push
2150 2350 [extensions]
2151 2351 posixgetuser=$TESTTMP/posixgetuser.py
2152 2352 [acl.deny.branches]
2153 2353 default = !astro
2154 2354 """
2155 2355 pushing to ../b
2156 2356 query 1; heads
2157 2357 searching for changes
2158 2358 all remote heads known locally
2159 2359 listing keys for "phases"
2160 2360 checking for updated bookmarks
2161 2361 listing keys for "bookmarks"
2162 2362 listing keys for "bookmarks"
2163 2363 4 changesets found
2164 2364 list of changesets:
2165 2365 ef1ea85a6374b77d6da9dcda9541f498f2d17df7
2166 2366 f9cafe1212c8c6fa1120d14a556e18cc44ff8bdd
2167 2367 911600dab2ae7a9baff75958b84fe606851ce955
2168 2368 e8fc755d4d8217ee5b0c2bb41558c40d43b92c01
2169 2369 bundle2-output-bundle: "HG20", 5 parts total
2170 2370 bundle2-output-part: "replycaps" 205 bytes payload
2171 2371 bundle2-output-part: "check:phases" 48 bytes payload
2172 2372 bundle2-output-part: "check:heads" streamed payload
2173 2373 bundle2-output-part: "changegroup" (params: 1 mandatory) streamed payload
2174 2374 bundle2-output-part: "phase-heads" 48 bytes payload
2175 2375 bundle2-input-bundle: with-transaction
2176 2376 bundle2-input-part: "replycaps" supported
2177 2377 bundle2-input-part: total payload size 205
2178 2378 bundle2-input-part: "check:phases" supported
2179 2379 bundle2-input-part: total payload size 48
2180 2380 bundle2-input-part: "check:heads" supported
2181 2381 bundle2-input-part: total payload size 20
2182 2382 bundle2-input-part: "changegroup" (params: 1 mandatory) supported
2183 2383 adding changesets
2184 2384 add changeset ef1ea85a6374
2185 2385 add changeset f9cafe1212c8
2186 2386 add changeset 911600dab2ae
2187 2387 add changeset e8fc755d4d82
2188 2388 adding manifests
2189 2389 adding file changes
2190 2390 adding abc.txt revisions
2191 2391 adding foo/Bar/file.txt revisions
2192 2392 adding foo/file.txt revisions
2193 2393 adding quux/file.py revisions
2194 2394 added 4 changesets with 4 changes to 4 files (+1 heads)
2195 2395 calling hook pretxnchangegroup.acl: hgext.acl.hook
2196 2396 acl: checking access for user "george"
2197 2397 acl: acl.allow.branches not enabled
2198 2398 acl: acl.deny.branches enabled, 1 entries for user george
2199 2399 acl: acl.allow not enabled
2200 2400 acl: acl.deny not enabled
2201 2401 error: pretxnchangegroup.acl hook failed: acl: user "george" denied on branch "default" (changeset "ef1ea85a6374")
2202 2402 bundle2-input-part: total payload size 2068
2203 2403 bundle2-input-part: total payload size 48
2204 2404 bundle2-input-bundle: 4 parts total
2205 2405 transaction abort!
2206 2406 rollback completed
2207 2407 abort: acl: user "george" denied on branch "default" (changeset "ef1ea85a6374")
2208 2408 no rollback information available
2209 2409 2:fb35475503ef
2210 2410
2211 2411
General Comments 0
You need to be logged in to leave comments. Login now