##// END OF EJS Templates
upstream » mercurial-mirror
RSS

Clone from https://www.mercurial-scm.org/repo/hg-all

inotify: server: new data structure to keep track of changes....
inotify: server: new data structure to keep track of changes. == Rationale for the new structure == Current structure was a dictionary tree. One directory was tracked as a dictionary: - keys: file/subdir name - values: - for a file, the status (a/r/m/...) - for a subdir, the directory representing the subdir It allowed efficient lookups, no matter of the type of the terminal leaf: for part in path.split('/'): tree = tree[part] However, there is no way to represent a directory and a file with the same name because keys are conflicting in the dictionary. Concrete example: Initial state: root dir |- foo (file) |- bar (file) # data state is: {'foo': 'n', 'bar': 'n'} Remove foo: root dir |- bar (file) # Data becomes {'foo': 'r'} until next commit. Add foo, as a directory, and foo/barbar file: root dir |- bar (file) |-> foo (dir) |- barbar (file) # New state should be represented as: {'foo': {'barbar': 'a'}, 'bar': 'n'} however, the key "foo" is already used and represents the old file. The dirstate: D foo A foo/barbar cannot be represented, hence the need for a new structure. == The new structure == 'directory' class. Represents one directory level. * Notable attributes: Two dictionaries: - 'files' Maps filename -> status for the current dir. - 'dirs' Maps subdir's name -> directory object representing the subdir * methods - walk(), formerly server.walk - lookup(), old server.lookup - dir(), old server.dir This new class allows embedding all the tree walks/lookups in its own class, instead of having everything mixed together in server. Incidently, since files and directories are not stored in the same dictionaries, we are solving the previous key conflict problem. The small drawback is that lookup operation is a bit more complex: for a path a/b/c/d/e we have to check twice the leaf, if e is a directory or a file.
Martin Geisler - - Load All Authors

File last commit:

r9052:1344e607 default
r9115:b55d4471 default
Show More
acl.py
105 lines | 3.8 KiB | text/x-python | PythonLexer
/ hgext / acl.py
History | Annotation | Raw |Copy content |Copy permalink
# acl.py - changeset access control for mercurial
#
# Copyright 2006 Vadim Gelfer <vadim.gelfer@gmail.com>
#
# This software may be used and distributed according to the terms of the
# GNU General Public License version 2, incorporated herein by reference.
#
'''hooks for controlling repository access
This hook makes it possible to allow or deny write access to portions of a
repository when receiving incoming changesets.
The authorization is matched based on the local user name on the system where
the hook runs, and not the committer of the original changeset (since the
latter is merely informative).
The acl hook is best used along with a restricted shell like hgsh, preventing
authenticating users from doing anything other than pushing or pulling. The
hook is not safe to use if users have interactive shell access, as they can
then disable the hook. Nor is it safe if remote users share an account,
because then there is no way to distinguish them.
To use this hook, configure the acl extension in your hgrc like this:
[extensions]
hgext.acl =
[hooks]
pretxnchangegroup.acl = python:hgext.acl.hook
[acl]
# Check whether the source of incoming changes is in this list
# ("serve" == ssh or http, "push", "pull", "bundle")
sources = serve
The allow and deny sections take a subtree pattern as key (with a glob syntax
by default), and a comma separated list of users as the corresponding value.
The deny list is checked before the allow list is.
[acl.allow]
# If acl.allow is not present, all users are allowed by default.
# An empty acl.allow section means no users allowed.
docs/** = doc_writer
.hgtags = release_engineer
[acl.deny]
# If acl.deny is not present, no users are refused by default.
# An empty acl.deny section means all users allowed.
glob pattern = user4, user5
** = user6
'''
from mercurial.i18n import _
from mercurial import util, match
import getpass, urllib
def buildmatch(ui, repo, user, key):
'''return tuple of (match function, list enabled).'''
if not ui.has_section(key):
ui.debug(_('acl: %s not enabled\n') % key)
return None
pats = [pat for pat, users in ui.configitems(key)
if user in users.replace(',', ' ').split()]
ui.debug(_('acl: %s enabled, %d entries for user %s\n') %
(key, len(pats), user))
if pats:
return match.match(repo.root, '', pats)
return match.exact(repo.root, '', [])
def hook(ui, repo, hooktype, node=None, source=None, **kwargs):
if hooktype != 'pretxnchangegroup':
raise util.Abort(_('config error - hook type "%s" cannot stop '
'incoming changesets') % hooktype)
if source not in ui.config('acl', 'sources', 'serve').split():
ui.debug(_('acl: changes have source "%s" - skipping\n') % source)
return
user = None
if source == 'serve' and 'url' in kwargs:
url = kwargs['url'].split(':')
if url[0] == 'remote' and url[1].startswith('http'):
user = urllib.unquote(url[3])
if user is None:
user = getpass.getuser()
cfg = ui.config('acl', 'config')
if cfg:
ui.readconfig(cfg, sections = ['acl.allow', 'acl.deny'])
allow = buildmatch(ui, repo, user, 'acl.allow')
deny = buildmatch(ui, repo, user, 'acl.deny')
for rev in xrange(repo[node], len(repo)):
ctx = repo[rev]
for f in ctx.files():
if deny and deny(f):
ui.debug(_('acl: user %s denied on %s\n') % (user, f))
raise util.Abort(_('acl: access denied for changeset %s') % ctx)
if allow and not allow(f):
ui.debug(_('acl: user %s not allowed on %s\n') % (user, f))
raise util.Abort(_('acl: access denied for changeset %s') % ctx)
ui.debug(_('acl: allowing changeset %s\n') % ctx)