src/mercurialserver/ruleset.py
author Paul Crowley <paul@lshift.net>
Thu, 17 Dec 2009 16:28:43 +0000
changeset 238 4747f2920666
parent 237 d30f3f312ece
child 242 03d8f07230b3
permissions -rw-r--r--
Use wildcard in rule to match instructions
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
50
77d97aa18f29 update dates and copyright notices
Paul Crowley <paul@lshift.net>
parents: 48
diff changeset
     1
# Copyright 2008-2009 LShift Ltd
18
538d6b198f4a Big change to support file conditions; format of hg-ssh-access.conf
Paul Crowley <paul@lshift.net>
parents:
diff changeset
     2
# Author(s):
538d6b198f4a Big change to support file conditions; format of hg-ssh-access.conf
Paul Crowley <paul@lshift.net>
parents:
diff changeset
     3
# Paul Crowley <paul@lshift.net>
538d6b198f4a Big change to support file conditions; format of hg-ssh-access.conf
Paul Crowley <paul@lshift.net>
parents:
diff changeset
     4
#
538d6b198f4a Big change to support file conditions; format of hg-ssh-access.conf
Paul Crowley <paul@lshift.net>
parents:
diff changeset
     5
# This software may be used and distributed according to the terms
538d6b198f4a Big change to support file conditions; format of hg-ssh-access.conf
Paul Crowley <paul@lshift.net>
parents:
diff changeset
     6
# of the GNU General Public License, incorporated herein by reference.
538d6b198f4a Big change to support file conditions; format of hg-ssh-access.conf
Paul Crowley <paul@lshift.net>
parents:
diff changeset
     7
32
4059dbe9f26a new break-in system
Paul Crowley <paul@lshift.net>
parents: 23
diff changeset
     8
import sys
18
538d6b198f4a Big change to support file conditions; format of hg-ssh-access.conf
Paul Crowley <paul@lshift.net>
parents:
diff changeset
     9
import re
39
f5055ce263c7 New system. No breaking in, just putting files in /etc/mercurial-server
Paul Crowley <paul@lshift.net>
parents: 33
diff changeset
    10
import os
f5055ce263c7 New system. No breaking in, just putting files in /etc/mercurial-server
Paul Crowley <paul@lshift.net>
parents: 33
diff changeset
    11
import os.path
18
538d6b198f4a Big change to support file conditions; format of hg-ssh-access.conf
Paul Crowley <paul@lshift.net>
parents:
diff changeset
    12
538d6b198f4a Big change to support file conditions; format of hg-ssh-access.conf
Paul Crowley <paul@lshift.net>
parents:
diff changeset
    13
def globmatcher(pattern):
106
0519745e7a57 Much less strict about most things
Paul Crowley <paul@lshift.net>
parents: 78
diff changeset
    14
    p = "[^/]*".join(re.escape(c) for c in pattern.split("*"))
0519745e7a57 Much less strict about most things
Paul Crowley <paul@lshift.net>
parents: 78
diff changeset
    15
    # ** means "match recursively" ie "ignore directories"
237
d30f3f312ece Handle maybe matches properly
Paul Crowley <paul@lshift.net>
parents: 109
diff changeset
    16
    return re.compile(p.replace("[^/]*[^/]*", ".*") + "$")
18
538d6b198f4a Big change to support file conditions; format of hg-ssh-access.conf
Paul Crowley <paul@lshift.net>
parents:
diff changeset
    17
237
d30f3f312ece Handle maybe matches properly
Paul Crowley <paul@lshift.net>
parents: 109
diff changeset
    18
# Returns True for a definite match
d30f3f312ece Handle maybe matches properly
Paul Crowley <paul@lshift.net>
parents: 109
diff changeset
    19
# False for a definite non-match
d30f3f312ece Handle maybe matches properly
Paul Crowley <paul@lshift.net>
parents: 109
diff changeset
    20
# None where we can't be sure because a key is None
18
538d6b198f4a Big change to support file conditions; format of hg-ssh-access.conf
Paul Crowley <paul@lshift.net>
parents:
diff changeset
    21
def rule(pairs):
538d6b198f4a Big change to support file conditions; format of hg-ssh-access.conf
Paul Crowley <paul@lshift.net>
parents:
diff changeset
    22
    matchers = [(k, globmatcher(v)) for k, v in pairs]
48
f0cb7ad9e4ab Don't use keyword arguments everywhere
Paul Crowley <paul@lshift.net>
parents: 45
diff changeset
    23
    def c(kw):
18
538d6b198f4a Big change to support file conditions; format of hg-ssh-access.conf
Paul Crowley <paul@lshift.net>
parents:
diff changeset
    24
        for k, m in matchers:
237
d30f3f312ece Handle maybe matches properly
Paul Crowley <paul@lshift.net>
parents: 109
diff changeset
    25
            if k not in kw:
d30f3f312ece Handle maybe matches properly
Paul Crowley <paul@lshift.net>
parents: 109
diff changeset
    26
                return False
d30f3f312ece Handle maybe matches properly
Paul Crowley <paul@lshift.net>
parents: 109
diff changeset
    27
            kkw = kw[k]
d30f3f312ece Handle maybe matches properly
Paul Crowley <paul@lshift.net>
parents: 109
diff changeset
    28
            if kkw is None:
d30f3f312ece Handle maybe matches properly
Paul Crowley <paul@lshift.net>
parents: 109
diff changeset
    29
                return None
d30f3f312ece Handle maybe matches properly
Paul Crowley <paul@lshift.net>
parents: 109
diff changeset
    30
            if m.match(kkw) is None:
18
538d6b198f4a Big change to support file conditions; format of hg-ssh-access.conf
Paul Crowley <paul@lshift.net>
parents:
diff changeset
    31
                return False
538d6b198f4a Big change to support file conditions; format of hg-ssh-access.conf
Paul Crowley <paul@lshift.net>
parents:
diff changeset
    32
        return True
538d6b198f4a Big change to support file conditions; format of hg-ssh-access.conf
Paul Crowley <paul@lshift.net>
parents:
diff changeset
    33
    return c
538d6b198f4a Big change to support file conditions; format of hg-ssh-access.conf
Paul Crowley <paul@lshift.net>
parents:
diff changeset
    34
538d6b198f4a Big change to support file conditions; format of hg-ssh-access.conf
Paul Crowley <paul@lshift.net>
parents:
diff changeset
    35
class Ruleset(object):
538d6b198f4a Big change to support file conditions; format of hg-ssh-access.conf
Paul Crowley <paul@lshift.net>
parents:
diff changeset
    36
    '''Class representing the rules in a rule file'''
538d6b198f4a Big change to support file conditions; format of hg-ssh-access.conf
Paul Crowley <paul@lshift.net>
parents:
diff changeset
    37
    
538d6b198f4a Big change to support file conditions; format of hg-ssh-access.conf
Paul Crowley <paul@lshift.net>
parents:
diff changeset
    38
    levels = ["init", "write", "read", "deny"]
538d6b198f4a Big change to support file conditions; format of hg-ssh-access.conf
Paul Crowley <paul@lshift.net>
parents:
diff changeset
    39
538d6b198f4a Big change to support file conditions; format of hg-ssh-access.conf
Paul Crowley <paul@lshift.net>
parents:
diff changeset
    40
    def __init__(self):
48
f0cb7ad9e4ab Don't use keyword arguments everywhere
Paul Crowley <paul@lshift.net>
parents: 45
diff changeset
    41
        self.rules = []
21
59540181a4bb simplify by allowing some params to be preset in rules
Paul Crowley <paul@ciphergoth.org>
parents: 18
diff changeset
    42
        self.preset = {}
18
538d6b198f4a Big change to support file conditions; format of hg-ssh-access.conf
Paul Crowley <paul@lshift.net>
parents:
diff changeset
    43
538d6b198f4a Big change to support file conditions; format of hg-ssh-access.conf
Paul Crowley <paul@lshift.net>
parents:
diff changeset
    44
    def add(self, action, conditions):
538d6b198f4a Big change to support file conditions; format of hg-ssh-access.conf
Paul Crowley <paul@lshift.net>
parents:
diff changeset
    45
        self.rules.append((action, conditions))
538d6b198f4a Big change to support file conditions; format of hg-ssh-access.conf
Paul Crowley <paul@lshift.net>
parents:
diff changeset
    46
21
59540181a4bb simplify by allowing some params to be preset in rules
Paul Crowley <paul@ciphergoth.org>
parents: 18
diff changeset
    47
    def set(self, **kw):
59540181a4bb simplify by allowing some params to be preset in rules
Paul Crowley <paul@ciphergoth.org>
parents: 18
diff changeset
    48
        self.preset.update(kw)
59540181a4bb simplify by allowing some params to be preset in rules
Paul Crowley <paul@ciphergoth.org>
parents: 18
diff changeset
    49
        
78
2a3407a14654 Replaced env vars with Python globals
Paul Crowley <paul@lshift.net>
parents: 77
diff changeset
    50
    def get(self, k):
2a3407a14654 Replaced env vars with Python globals
Paul Crowley <paul@lshift.net>
parents: 77
diff changeset
    51
        return self.preset.get(k, None)
2a3407a14654 Replaced env vars with Python globals
Paul Crowley <paul@lshift.net>
parents: 77
diff changeset
    52
        
237
d30f3f312ece Handle maybe matches properly
Paul Crowley <paul@lshift.net>
parents: 109
diff changeset
    53
    def matchrules(self, kw):
21
59540181a4bb simplify by allowing some params to be preset in rules
Paul Crowley <paul@ciphergoth.org>
parents: 18
diff changeset
    54
        d = self.preset.copy()
48
f0cb7ad9e4ab Don't use keyword arguments everywhere
Paul Crowley <paul@lshift.net>
parents: 45
diff changeset
    55
        d.update(kw)
237
d30f3f312ece Handle maybe matches properly
Paul Crowley <paul@lshift.net>
parents: 109
diff changeset
    56
        res = set()
18
538d6b198f4a Big change to support file conditions; format of hg-ssh-access.conf
Paul Crowley <paul@lshift.net>
parents:
diff changeset
    57
        for a, c in self.rules:
237
d30f3f312ece Handle maybe matches properly
Paul Crowley <paul@lshift.net>
parents: 109
diff changeset
    58
            m = c(d)
d30f3f312ece Handle maybe matches properly
Paul Crowley <paul@lshift.net>
parents: 109
diff changeset
    59
            if m is None:
d30f3f312ece Handle maybe matches properly
Paul Crowley <paul@lshift.net>
parents: 109
diff changeset
    60
                # "Maybe match" - add it and carry on
d30f3f312ece Handle maybe matches properly
Paul Crowley <paul@lshift.net>
parents: 109
diff changeset
    61
                res.add(a)
d30f3f312ece Handle maybe matches properly
Paul Crowley <paul@lshift.net>
parents: 109
diff changeset
    62
            elif m:
d30f3f312ece Handle maybe matches properly
Paul Crowley <paul@lshift.net>
parents: 109
diff changeset
    63
                # Definite match - add it and stop
d30f3f312ece Handle maybe matches properly
Paul Crowley <paul@lshift.net>
parents: 109
diff changeset
    64
                res.add(a)
d30f3f312ece Handle maybe matches properly
Paul Crowley <paul@lshift.net>
parents: 109
diff changeset
    65
                break
d30f3f312ece Handle maybe matches properly
Paul Crowley <paul@lshift.net>
parents: 109
diff changeset
    66
        return res
18
538d6b198f4a Big change to support file conditions; format of hg-ssh-access.conf
Paul Crowley <paul@lshift.net>
parents:
diff changeset
    67
538d6b198f4a Big change to support file conditions; format of hg-ssh-access.conf
Paul Crowley <paul@lshift.net>
parents:
diff changeset
    68
    def allow(self, level, **kw):
237
d30f3f312ece Handle maybe matches properly
Paul Crowley <paul@lshift.net>
parents: 109
diff changeset
    69
        for a in self.matchrules(kw):
d30f3f312ece Handle maybe matches properly
Paul Crowley <paul@lshift.net>
parents: 109
diff changeset
    70
            if a in self.levels:
d30f3f312ece Handle maybe matches properly
Paul Crowley <paul@lshift.net>
parents: 109
diff changeset
    71
                if self.levels.index(a) <= self.levels.index(level):
d30f3f312ece Handle maybe matches properly
Paul Crowley <paul@lshift.net>
parents: 109
diff changeset
    72
                    return True
d30f3f312ece Handle maybe matches properly
Paul Crowley <paul@lshift.net>
parents: 109
diff changeset
    73
        return False
18
538d6b198f4a Big change to support file conditions; format of hg-ssh-access.conf
Paul Crowley <paul@lshift.net>
parents:
diff changeset
    74
    
39
f5055ce263c7 New system. No breaking in, just putting files in /etc/mercurial-server
Paul Crowley <paul@lshift.net>
parents: 33
diff changeset
    75
    def readfile(self, fn):
237
d30f3f312ece Handle maybe matches properly
Paul Crowley <paul@lshift.net>
parents: 109
diff changeset
    76
        f = open(fn)
18
538d6b198f4a Big change to support file conditions; format of hg-ssh-access.conf
Paul Crowley <paul@lshift.net>
parents:
diff changeset
    77
        try:
237
d30f3f312ece Handle maybe matches properly
Paul Crowley <paul@lshift.net>
parents: 109
diff changeset
    78
            for l in f:
d30f3f312ece Handle maybe matches properly
Paul Crowley <paul@lshift.net>
parents: 109
diff changeset
    79
                l = l.strip()
d30f3f312ece Handle maybe matches properly
Paul Crowley <paul@lshift.net>
parents: 109
diff changeset
    80
                if len(l) == 0 or l.startswith("#"):
d30f3f312ece Handle maybe matches properly
Paul Crowley <paul@lshift.net>
parents: 109
diff changeset
    81
                    continue
d30f3f312ece Handle maybe matches properly
Paul Crowley <paul@lshift.net>
parents: 109
diff changeset
    82
                l = l.split()
d30f3f312ece Handle maybe matches properly
Paul Crowley <paul@lshift.net>
parents: 109
diff changeset
    83
                self.add(l[0], rule([c.split("=", 1) for c in l[1:]]))
d30f3f312ece Handle maybe matches properly
Paul Crowley <paul@lshift.net>
parents: 109
diff changeset
    84
        finally:
d30f3f312ece Handle maybe matches properly
Paul Crowley <paul@lshift.net>
parents: 109
diff changeset
    85
            f.close()
32
4059dbe9f26a new break-in system
Paul Crowley <paul@lshift.net>
parents: 23
diff changeset
    86
77
8d14aac93b5d Most of the way through abolishing env vars
Paul Crowley <paul@lshift.net>
parents: 67
diff changeset
    87
rules = Ruleset()
8d14aac93b5d Most of the way through abolishing env vars
Paul Crowley <paul@lshift.net>
parents: 67
diff changeset
    88