author | Paul Crowley <paul@lshift.net> |
Fri, 20 Feb 2009 11:37:58 +0000 | |
changeset 47 | ebcc230f21e4 |
parent 41 | de0c61b778fa |
child 50 | 77d97aa18f29 |
permissions | -rw-r--r-- |
18
538d6b198f4a
Big change to support file conditions; format of hg-ssh-access.conf
Paul Crowley <paul@lshift.net>
parents:
17
diff
changeset
|
1 |
# Copyright 2008 LShift Ltd |
17
4c98440de851
Started work on acl.py replacement - currently broken.
Paul Crowley <paul@ciphergoth.org>
parents:
diff
changeset
|
2 |
# Copyright 2006 Vadim Gelfer <vadim.gelfer@gmail.com> |
4c98440de851
Started work on acl.py replacement - currently broken.
Paul Crowley <paul@ciphergoth.org>
parents:
diff
changeset
|
3 |
# |
18
538d6b198f4a
Big change to support file conditions; format of hg-ssh-access.conf
Paul Crowley <paul@lshift.net>
parents:
17
diff
changeset
|
4 |
# Authors: |
538d6b198f4a
Big change to support file conditions; format of hg-ssh-access.conf
Paul Crowley <paul@lshift.net>
parents:
17
diff
changeset
|
5 |
# Paul Crowley <paul@lshift.net> |
538d6b198f4a
Big change to support file conditions; format of hg-ssh-access.conf
Paul Crowley <paul@lshift.net>
parents:
17
diff
changeset
|
6 |
# Vadim Gelfer <vadim.gelfer@gmail.com> |
538d6b198f4a
Big change to support file conditions; format of hg-ssh-access.conf
Paul Crowley <paul@lshift.net>
parents:
17
diff
changeset
|
7 |
# |
17
4c98440de851
Started work on acl.py replacement - currently broken.
Paul Crowley <paul@ciphergoth.org>
parents:
diff
changeset
|
8 |
# This software may be used and distributed according to the terms |
4c98440de851
Started work on acl.py replacement - currently broken.
Paul Crowley <paul@ciphergoth.org>
parents:
diff
changeset
|
9 |
# of the GNU General Public License, incorporated herein by reference. |
4c98440de851
Started work on acl.py replacement - currently broken.
Paul Crowley <paul@ciphergoth.org>
parents:
diff
changeset
|
10 |
|
4c98440de851
Started work on acl.py replacement - currently broken.
Paul Crowley <paul@ciphergoth.org>
parents:
diff
changeset
|
11 |
from mercurial.i18n import _ |
4c98440de851
Started work on acl.py replacement - currently broken.
Paul Crowley <paul@ciphergoth.org>
parents:
diff
changeset
|
12 |
from mercurial.node import * |
4c98440de851
Started work on acl.py replacement - currently broken.
Paul Crowley <paul@ciphergoth.org>
parents:
diff
changeset
|
13 |
from mercurial import util |
4c98440de851
Started work on acl.py replacement - currently broken.
Paul Crowley <paul@ciphergoth.org>
parents:
diff
changeset
|
14 |
|
4c98440de851
Started work on acl.py replacement - currently broken.
Paul Crowley <paul@ciphergoth.org>
parents:
diff
changeset
|
15 |
import os |
19
62ee928ac9b3
fixes following actual testing
Paul Crowley <paul@lshift.net>
parents:
18
diff
changeset
|
16 |
import ruleset |
17
4c98440de851
Started work on acl.py replacement - currently broken.
Paul Crowley <paul@ciphergoth.org>
parents:
diff
changeset
|
17 |
|
4c98440de851
Started work on acl.py replacement - currently broken.
Paul Crowley <paul@ciphergoth.org>
parents:
diff
changeset
|
18 |
class Checker(object): |
4c98440de851
Started work on acl.py replacement - currently broken.
Paul Crowley <paul@ciphergoth.org>
parents:
diff
changeset
|
19 |
'''acl checker.''' |
4c98440de851
Started work on acl.py replacement - currently broken.
Paul Crowley <paul@ciphergoth.org>
parents:
diff
changeset
|
20 |
|
4c98440de851
Started work on acl.py replacement - currently broken.
Paul Crowley <paul@ciphergoth.org>
parents:
diff
changeset
|
21 |
def __init__(self, ui, repo): |
4c98440de851
Started work on acl.py replacement - currently broken.
Paul Crowley <paul@ciphergoth.org>
parents:
diff
changeset
|
22 |
self.ui = ui |
4c98440de851
Started work on acl.py replacement - currently broken.
Paul Crowley <paul@ciphergoth.org>
parents:
diff
changeset
|
23 |
self.repo = repo |
39
f5055ce263c7
New system. No breaking in, just putting files in /etc/mercurial-server
Paul Crowley <paul@lshift.net>
parents:
33
diff
changeset
|
24 |
|
f5055ce263c7
New system. No breaking in, just putting files in /etc/mercurial-server
Paul Crowley <paul@lshift.net>
parents:
33
diff
changeset
|
25 |
self.rules = ruleset.rules_from_env() |
21
59540181a4bb
simplify by allowing some params to be preset in rules
Paul Crowley <paul@ciphergoth.org>
parents:
20
diff
changeset
|
26 |
self.rules.set(user = os.environ['REMOTE_USER']) |
59540181a4bb
simplify by allowing some params to be preset in rules
Paul Crowley <paul@ciphergoth.org>
parents:
20
diff
changeset
|
27 |
self.rules.set(repo = os.environ['HG_REPO_PATH']) |
17
4c98440de851
Started work on acl.py replacement - currently broken.
Paul Crowley <paul@ciphergoth.org>
parents:
diff
changeset
|
28 |
|
20
f4daa224dc7e
Add support for locking by branch, and document breaking in.
Paul Crowley <paul@ciphergoth.org>
parents:
18
diff
changeset
|
29 |
def allow(self, node): |
17
4c98440de851
Started work on acl.py replacement - currently broken.
Paul Crowley <paul@ciphergoth.org>
parents:
diff
changeset
|
30 |
'''return if access allowed, raise exception if not.''' |
20
f4daa224dc7e
Add support for locking by branch, and document breaking in.
Paul Crowley <paul@ciphergoth.org>
parents:
18
diff
changeset
|
31 |
ctx = self.repo.changectx(node) |
f4daa224dc7e
Add support for locking by branch, and document breaking in.
Paul Crowley <paul@ciphergoth.org>
parents:
18
diff
changeset
|
32 |
branch = ctx.branch() |
22
578555227599
branch is local not member
Paul Crowley <paul@ciphergoth.org>
parents:
21
diff
changeset
|
33 |
if not self.rules.allow("write", branch=branch, file=None): |
20
f4daa224dc7e
Add support for locking by branch, and document breaking in.
Paul Crowley <paul@ciphergoth.org>
parents:
18
diff
changeset
|
34 |
return False |
f4daa224dc7e
Add support for locking by branch, and document breaking in.
Paul Crowley <paul@ciphergoth.org>
parents:
18
diff
changeset
|
35 |
for f in ctx.files(): |
22
578555227599
branch is local not member
Paul Crowley <paul@ciphergoth.org>
parents:
21
diff
changeset
|
36 |
if not self.rules.allow("write", branch=branch, file=f): |
20
f4daa224dc7e
Add support for locking by branch, and document breaking in.
Paul Crowley <paul@ciphergoth.org>
parents:
18
diff
changeset
|
37 |
return False |
17
4c98440de851
Started work on acl.py replacement - currently broken.
Paul Crowley <paul@ciphergoth.org>
parents:
diff
changeset
|
38 |
self.ui.debug(_('%s: allowing changeset %s\n') % (__name__, short(node))) |
20
f4daa224dc7e
Add support for locking by branch, and document breaking in.
Paul Crowley <paul@ciphergoth.org>
parents:
18
diff
changeset
|
39 |
return True |
17
4c98440de851
Started work on acl.py replacement - currently broken.
Paul Crowley <paul@ciphergoth.org>
parents:
diff
changeset
|
40 |
|
20
f4daa224dc7e
Add support for locking by branch, and document breaking in.
Paul Crowley <paul@ciphergoth.org>
parents:
18
diff
changeset
|
41 |
def check(self, node): |
24
9f8e11ede780
fix changeset handling, remove broken debug statements
Paul Crowley <paul@lshift.net>
parents:
23
diff
changeset
|
42 |
if not self.allow(node): |
20
f4daa224dc7e
Add support for locking by branch, and document breaking in.
Paul Crowley <paul@ciphergoth.org>
parents:
18
diff
changeset
|
43 |
raise util.Abort(_('%s: access denied for changeset %s') % |
f4daa224dc7e
Add support for locking by branch, and document breaking in.
Paul Crowley <paul@ciphergoth.org>
parents:
18
diff
changeset
|
44 |
(__name__, short(node))) |
f4daa224dc7e
Add support for locking by branch, and document breaking in.
Paul Crowley <paul@ciphergoth.org>
parents:
18
diff
changeset
|
45 |
|
f4daa224dc7e
Add support for locking by branch, and document breaking in.
Paul Crowley <paul@ciphergoth.org>
parents:
18
diff
changeset
|
46 |
|
17
4c98440de851
Started work on acl.py replacement - currently broken.
Paul Crowley <paul@ciphergoth.org>
parents:
diff
changeset
|
47 |
def hook(ui, repo, hooktype, node=None, source=None, **kwargs): |
4c98440de851
Started work on acl.py replacement - currently broken.
Paul Crowley <paul@ciphergoth.org>
parents:
diff
changeset
|
48 |
if hooktype != 'pretxnchangegroup': |
4c98440de851
Started work on acl.py replacement - currently broken.
Paul Crowley <paul@ciphergoth.org>
parents:
diff
changeset
|
49 |
raise util.Abort(_('config error - hook type "%s" cannot stop ' |
4c98440de851
Started work on acl.py replacement - currently broken.
Paul Crowley <paul@ciphergoth.org>
parents:
diff
changeset
|
50 |
'incoming changesets') % hooktype) |
18
538d6b198f4a
Big change to support file conditions; format of hg-ssh-access.conf
Paul Crowley <paul@lshift.net>
parents:
17
diff
changeset
|
51 |
c = Checker(ui, repo) |
17
4c98440de851
Started work on acl.py replacement - currently broken.
Paul Crowley <paul@ciphergoth.org>
parents:
diff
changeset
|
52 |
start = repo.changelog.rev(bin(node)) |
41
de0c61b778fa
Fix from belinda.lawson@onair.aero
Paul Crowley <paul@lshift.net>
parents:
39
diff
changeset
|
53 |
end = len(repo.changelog) |
17
4c98440de851
Started work on acl.py replacement - currently broken.
Paul Crowley <paul@ciphergoth.org>
parents:
diff
changeset
|
54 |
for rev in xrange(start, end): |
4c98440de851
Started work on acl.py replacement - currently broken.
Paul Crowley <paul@ciphergoth.org>
parents:
diff
changeset
|
55 |
c.check(repo.changelog.node(rev)) |
4c98440de851
Started work on acl.py replacement - currently broken.
Paul Crowley <paul@ciphergoth.org>
parents:
diff
changeset
|
56 |