src/mercurialserver/access.py
author Paul Crowley <paul@lshift.net>
Thu, 17 Dec 2009 16:28:43 +0000
changeset 238 4747f2920666
parent 77 8d14aac93b5d
child 241 4af1e1ccf75b
permissions -rw-r--r--
Use wildcard in rule to match instructions
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
50
77d97aa18f29 update dates and copyright notices
Paul Crowley <paul@lshift.net>
parents: 41
diff changeset
     1
# Copyright 2008-2009 LShift Ltd
17
4c98440de851 Started work on acl.py replacement - currently broken.
Paul Crowley <paul@ciphergoth.org>
parents:
diff changeset
     2
# Copyright 2006 Vadim Gelfer <vadim.gelfer@gmail.com>
4c98440de851 Started work on acl.py replacement - currently broken.
Paul Crowley <paul@ciphergoth.org>
parents:
diff changeset
     3
#
18
538d6b198f4a Big change to support file conditions; format of hg-ssh-access.conf
Paul Crowley <paul@lshift.net>
parents: 17
diff changeset
     4
# Authors:
538d6b198f4a Big change to support file conditions; format of hg-ssh-access.conf
Paul Crowley <paul@lshift.net>
parents: 17
diff changeset
     5
# Paul Crowley <paul@lshift.net>
538d6b198f4a Big change to support file conditions; format of hg-ssh-access.conf
Paul Crowley <paul@lshift.net>
parents: 17
diff changeset
     6
# Vadim Gelfer <vadim.gelfer@gmail.com>
538d6b198f4a Big change to support file conditions; format of hg-ssh-access.conf
Paul Crowley <paul@lshift.net>
parents: 17
diff changeset
     7
#
17
4c98440de851 Started work on acl.py replacement - currently broken.
Paul Crowley <paul@ciphergoth.org>
parents:
diff changeset
     8
# This software may be used and distributed according to the terms
4c98440de851 Started work on acl.py replacement - currently broken.
Paul Crowley <paul@ciphergoth.org>
parents:
diff changeset
     9
# of the GNU General Public License, incorporated herein by reference.
4c98440de851 Started work on acl.py replacement - currently broken.
Paul Crowley <paul@ciphergoth.org>
parents:
diff changeset
    10
4c98440de851 Started work on acl.py replacement - currently broken.
Paul Crowley <paul@ciphergoth.org>
parents:
diff changeset
    11
from mercurial.i18n import _
51
d87eeeae29a5 Use the context API
Paul Crowley <paul@lshift.net>
parents: 50
diff changeset
    12
import mercurial.util
53
853444c5d393 small fix
Paul Crowley <paul@lshift.net>
parents: 52
diff changeset
    13
import mercurial.node
17
4c98440de851 Started work on acl.py replacement - currently broken.
Paul Crowley <paul@ciphergoth.org>
parents:
diff changeset
    14
4c98440de851 Started work on acl.py replacement - currently broken.
Paul Crowley <paul@ciphergoth.org>
parents:
diff changeset
    15
import os
67
fd16d9a1234b Put .py files into a directory of their own
Paul Crowley <paul@lshift.net>
parents: 62
diff changeset
    16
from mercurialserver import ruleset
fd16d9a1234b Put .py files into a directory of their own
Paul Crowley <paul@lshift.net>
parents: 62
diff changeset
    17
from mercurialserver import changes
17
4c98440de851 Started work on acl.py replacement - currently broken.
Paul Crowley <paul@ciphergoth.org>
parents:
diff changeset
    18
4c98440de851 Started work on acl.py replacement - currently broken.
Paul Crowley <paul@ciphergoth.org>
parents:
diff changeset
    19
class Checker(object):
4c98440de851 Started work on acl.py replacement - currently broken.
Paul Crowley <paul@ciphergoth.org>
parents:
diff changeset
    20
    '''acl checker.'''
4c98440de851 Started work on acl.py replacement - currently broken.
Paul Crowley <paul@ciphergoth.org>
parents:
diff changeset
    21
4c98440de851 Started work on acl.py replacement - currently broken.
Paul Crowley <paul@ciphergoth.org>
parents:
diff changeset
    22
    def __init__(self, ui, repo):
4c98440de851 Started work on acl.py replacement - currently broken.
Paul Crowley <paul@ciphergoth.org>
parents:
diff changeset
    23
        self.ui = ui
4c98440de851 Started work on acl.py replacement - currently broken.
Paul Crowley <paul@ciphergoth.org>
parents:
diff changeset
    24
        self.repo = repo
39
f5055ce263c7 New system. No breaking in, just putting files in /etc/mercurial-server
Paul Crowley <paul@lshift.net>
parents: 33
diff changeset
    25
        
51
d87eeeae29a5 Use the context API
Paul Crowley <paul@lshift.net>
parents: 50
diff changeset
    26
    def allow(self, ctx):
20
f4daa224dc7e Add support for locking by branch, and document breaking in.
Paul Crowley <paul@ciphergoth.org>
parents: 18
diff changeset
    27
        branch = ctx.branch()
77
8d14aac93b5d Most of the way through abolishing env vars
Paul Crowley <paul@lshift.net>
parents: 67
diff changeset
    28
        if not ruleset.rules.allow("write", branch=branch, file=None):
20
f4daa224dc7e Add support for locking by branch, and document breaking in.
Paul Crowley <paul@ciphergoth.org>
parents: 18
diff changeset
    29
            return False
f4daa224dc7e Add support for locking by branch, and document breaking in.
Paul Crowley <paul@ciphergoth.org>
parents: 18
diff changeset
    30
        for f in ctx.files():
77
8d14aac93b5d Most of the way through abolishing env vars
Paul Crowley <paul@lshift.net>
parents: 67
diff changeset
    31
            if not ruleset.rules.allow("write", branch=branch, file=f):
20
f4daa224dc7e Add support for locking by branch, and document breaking in.
Paul Crowley <paul@ciphergoth.org>
parents: 18
diff changeset
    32
                return False
f4daa224dc7e Add support for locking by branch, and document breaking in.
Paul Crowley <paul@ciphergoth.org>
parents: 18
diff changeset
    33
        return True
17
4c98440de851 Started work on acl.py replacement - currently broken.
Paul Crowley <paul@ciphergoth.org>
parents:
diff changeset
    34
51
d87eeeae29a5 Use the context API
Paul Crowley <paul@lshift.net>
parents: 50
diff changeset
    35
    def check(self, ctx):
d87eeeae29a5 Use the context API
Paul Crowley <paul@lshift.net>
parents: 50
diff changeset
    36
        '''return if access allowed, raise exception if not.'''
d87eeeae29a5 Use the context API
Paul Crowley <paul@lshift.net>
parents: 50
diff changeset
    37
        if not self.allow(ctx):
d87eeeae29a5 Use the context API
Paul Crowley <paul@lshift.net>
parents: 50
diff changeset
    38
            raise mercurial.util.Abort(_('%s: access denied for changeset %s') %
53
853444c5d393 small fix
Paul Crowley <paul@lshift.net>
parents: 52
diff changeset
    39
                (__name__, mercurial.node.short(ctx.node())))
20
f4daa224dc7e Add support for locking by branch, and document breaking in.
Paul Crowley <paul@ciphergoth.org>
parents: 18
diff changeset
    40
17
4c98440de851 Started work on acl.py replacement - currently broken.
Paul Crowley <paul@ciphergoth.org>
parents:
diff changeset
    41
def hook(ui, repo, hooktype, node=None, source=None, **kwargs):
4c98440de851 Started work on acl.py replacement - currently broken.
Paul Crowley <paul@ciphergoth.org>
parents:
diff changeset
    42
    if hooktype != 'pretxnchangegroup':
51
d87eeeae29a5 Use the context API
Paul Crowley <paul@lshift.net>
parents: 50
diff changeset
    43
        raise mercurial.util.Abort(_('config error - hook type "%s" cannot stop '
17
4c98440de851 Started work on acl.py replacement - currently broken.
Paul Crowley <paul@ciphergoth.org>
parents:
diff changeset
    44
                           'incoming changesets') % hooktype)
18
538d6b198f4a Big change to support file conditions; format of hg-ssh-access.conf
Paul Crowley <paul@lshift.net>
parents: 17
diff changeset
    45
    c = Checker(ui, repo)
52
f9eb98bb0791 Encapsulate change finding with backwards compatibility
Paul Crowley <paul@lshift.net>
parents: 51
diff changeset
    46
    for ctx in changes.changes(repo, node):
f9eb98bb0791 Encapsulate change finding with backwards compatibility
Paul Crowley <paul@lshift.net>
parents: 51
diff changeset
    47
        c.check(ctx)