Show More
| @@ -110,6 +110,28 b' def geturlcgivars(baseurl, port):' | |||
|
|
110 | 110 | |
|
|
111 | 111 | return name, pycompat.bytestr(port), path |
|
|
112 | 112 | |
|
|
113 | def readallowed(ui, req): | |
|
|
114 | """Check allow_read and deny_read config options of a repo's ui object | |
|
|
115 | to determine user permissions. By default, with neither option set (or | |
|
|
116 | both empty), allow all users to read the repo. There are two ways a | |
|
|
117 | user can be denied read access: (1) deny_read is not empty, and the | |
|
|
118 | user is unauthenticated or deny_read contains user (or *), and (2) | |
|
|
119 | allow_read is not empty and the user is not in allow_read. Return True | |
|
|
120 | if user is allowed to read the repo, else return False.""" | |
|
|
121 | ||
|
|
122 | user = req.remoteuser | |
|
|
123 | ||
|
|
124 | deny_read = ui.configlist('web', 'deny_read', untrusted=True) | |
|
|
125 | if deny_read and (not user or ismember(ui, user, deny_read)): | |
|
|
126 | return False | |
|
|
127 | ||
|
|
128 | allow_read = ui.configlist('web', 'allow_read', untrusted=True) | |
|
|
129 | # by default, allow reading if no allow_read option has been set | |
|
|
130 | if not allow_read or ismember(ui, user, allow_read): | |
|
|
131 | return True | |
|
|
132 | ||
|
|
133 | return False | |
|
|
134 | ||
|
|
113 | 135 | class hgwebdir(object): |
|
|
114 | 136 | """HTTP server for multiple repositories. |
|
|
115 | 137 | |
| @@ -200,28 +222,6 b' class hgwebdir(object):' | |||
|
|
200 | 222 | wsgireq = requestmod.wsgirequest(env, respond) |
|
|
201 | 223 | return self.run_wsgi(wsgireq) |
|
|
202 | 224 | |
|
|
203 | def readallowed(self, ui, req): | |
|
|
204 | """Check allow_read and deny_read config options of a repo's ui object | |
|
|
205 | to determine user permissions. By default, with neither option set (or | |
|
|
206 | both empty), allow all users to read the repo. There are two ways a | |
|
|
207 | user can be denied read access: (1) deny_read is not empty, and the | |
|
|
208 | user is unauthenticated or deny_read contains user (or *), and (2) | |
|
|
209 | allow_read is not empty and the user is not in allow_read. Return True | |
|
|
210 | if user is allowed to read the repo, else return False.""" | |
|
|
211 | ||
|
|
212 | user = req.remoteuser | |
|
|
213 | ||
|
|
214 | deny_read = ui.configlist('web', 'deny_read', untrusted=True) | |
|
|
215 | if deny_read and (not user or ismember(ui, user, deny_read)): | |
|
|
216 | return False | |
|
|
217 | ||
|
|
218 | allow_read = ui.configlist('web', 'allow_read', untrusted=True) | |
|
|
219 | # by default, allow reading if no allow_read option has been set | |
|
|
220 | if (not allow_read) or ismember(ui, user, allow_read): | |
|
|
221 | return True | |
|
|
222 | ||
|
|
223 | return False | |
|
|
224 | ||
|
|
225 | 225 | def run_wsgi(self, wsgireq): |
|
|
226 | 226 | profile = self.ui.configbool('profiling', 'enabled') |
|
|
227 | 227 | with profiling.profile(self.ui, enabled=profile): |
| @@ -429,7 +429,7 b' class hgwebdir(object):' | |||
|
|
429 | 429 | if u.configbool("web", "hidden", untrusted=True): |
|
|
430 | 430 | continue |
|
|
431 | 431 | |
|
|
432 |
if not |
|
|
|
432 | if not readallowed(u, req): | |
|
|
433 | 433 | continue |
|
|
434 | 434 | |
|
|
435 | 435 | # update time with local timezone |
General Comments 0
You need to be logged in to leave comments.
Login now