Show More
| @@ -110,6 +110,28 b' def geturlcgivars(baseurl, port):' | |||||
| 110 |
|
110 | |||
| 111 | return name, pycompat.bytestr(port), path |
|
111 | return name, pycompat.bytestr(port), path | |
| 112 |
|
112 | |||
|
|
113 | def readallowed(ui, req): | |||
|
|
114 | """Check allow_read and deny_read config options of a repo's ui object | |||
|
|
115 | to determine user permissions. By default, with neither option set (or | |||
|
|
116 | both empty), allow all users to read the repo. There are two ways a | |||
|
|
117 | user can be denied read access: (1) deny_read is not empty, and the | |||
|
|
118 | user is unauthenticated or deny_read contains user (or *), and (2) | |||
|
|
119 | allow_read is not empty and the user is not in allow_read. Return True | |||
|
|
120 | if user is allowed to read the repo, else return False.""" | |||
|
|
121 | ||||
|
|
122 | user = req.remoteuser | |||
|
|
123 | ||||
|
|
124 | deny_read = ui.configlist('web', 'deny_read', untrusted=True) | |||
|
|
125 | if deny_read and (not user or ismember(ui, user, deny_read)): | |||
|
|
126 | return False | |||
|
|
127 | ||||
|
|
128 | allow_read = ui.configlist('web', 'allow_read', untrusted=True) | |||
|
|
129 | # by default, allow reading if no allow_read option has been set | |||
|
|
130 | if not allow_read or ismember(ui, user, allow_read): | |||
|
|
131 | return True | |||
|
|
132 | ||||
|
|
133 | return False | |||
|
|
134 | ||||
| 113 | class hgwebdir(object): |
|
135 | class hgwebdir(object): | |
| 114 | """HTTP server for multiple repositories. |
|
136 | """HTTP server for multiple repositories. | |
| 115 |
|
137 | |||
| @@ -200,28 +222,6 b' class hgwebdir(object):' | |||||
| 200 | wsgireq = requestmod.wsgirequest(env, respond) |
|
222 | wsgireq = requestmod.wsgirequest(env, respond) | |
| 201 | return self.run_wsgi(wsgireq) |
|
223 | return self.run_wsgi(wsgireq) | |
| 202 |
|
224 | |||
| 203 | def readallowed(self, ui, req): |
|
|||
| 204 | """Check allow_read and deny_read config options of a repo's ui object |
|
|||
| 205 | to determine user permissions. By default, with neither option set (or |
|
|||
| 206 | both empty), allow all users to read the repo. There are two ways a |
|
|||
| 207 | user can be denied read access: (1) deny_read is not empty, and the |
|
|||
| 208 | user is unauthenticated or deny_read contains user (or *), and (2) |
|
|||
| 209 | allow_read is not empty and the user is not in allow_read. Return True |
|
|||
| 210 | if user is allowed to read the repo, else return False.""" |
|
|||
| 211 |
|
||||
| 212 | user = req.remoteuser |
|
|||
| 213 |
|
||||
| 214 | deny_read = ui.configlist('web', 'deny_read', untrusted=True) |
|
|||
| 215 | if deny_read and (not user or ismember(ui, user, deny_read)): |
|
|||
| 216 | return False |
|
|||
| 217 |
|
||||
| 218 | allow_read = ui.configlist('web', 'allow_read', untrusted=True) |
|
|||
| 219 | # by default, allow reading if no allow_read option has been set |
|
|||
| 220 | if (not allow_read) or ismember(ui, user, allow_read): |
|
|||
| 221 | return True |
|
|||
| 222 |
|
||||
| 223 | return False |
|
|||
| 224 |
|
||||
| 225 | def run_wsgi(self, wsgireq): |
|
225 | def run_wsgi(self, wsgireq): | |
| 226 | profile = self.ui.configbool('profiling', 'enabled') |
|
226 | profile = self.ui.configbool('profiling', 'enabled') | |
| 227 | with profiling.profile(self.ui, enabled=profile): |
|
227 | with profiling.profile(self.ui, enabled=profile): | |
| @@ -429,7 +429,7 b' class hgwebdir(object):' | |||||
| 429 | if u.configbool("web", "hidden", untrusted=True): |
|
429 | if u.configbool("web", "hidden", untrusted=True): | |
| 430 | continue |
|
430 | continue | |
| 431 |
|
431 | |||
| 432 |
if not |
|
432 | if not readallowed(u, req): | |
| 433 | continue |
|
433 | continue | |
| 434 |
|
434 | |||
| 435 | # update time with local timezone |
|
435 | # update time with local timezone | |
General Comments 0
You need to be logged in to leave comments.
Login now