| author | Paul Crowley <paul@lshift.net> |
| Fri, 06 Mar 2009 09:15:00 +0000 | |
| changeset 67 | fd16d9a1234b |
| parent 62 | src/access.py@f1e319d3672a |
| child 77 | 8d14aac93b5d |
| permissions | -rw-r--r-- |
|
50
77d97aa18f29
update dates and copyright notices
Paul Crowley <paul@lshift.net>
parents:
41
diff
changeset
|
1 |
# Copyright 2008-2009 LShift Ltd |
|
17
4c98440de851
Started work on acl.py replacement - currently broken.
Paul Crowley <paul@ciphergoth.org>
parents:
diff
changeset
|
2 |
# Copyright 2006 Vadim Gelfer <vadim.gelfer@gmail.com> |
|
4c98440de851
Started work on acl.py replacement - currently broken.
Paul Crowley <paul@ciphergoth.org>
parents:
diff
changeset
|
3 |
# |
|
18
538d6b198f4a
Big change to support file conditions; format of hg-ssh-access.conf
Paul Crowley <paul@lshift.net>
parents:
17
diff
changeset
|
4 |
# Authors: |
|
538d6b198f4a
Big change to support file conditions; format of hg-ssh-access.conf
Paul Crowley <paul@lshift.net>
parents:
17
diff
changeset
|
5 |
# Paul Crowley <paul@lshift.net> |
|
538d6b198f4a
Big change to support file conditions; format of hg-ssh-access.conf
Paul Crowley <paul@lshift.net>
parents:
17
diff
changeset
|
6 |
# Vadim Gelfer <vadim.gelfer@gmail.com> |
|
538d6b198f4a
Big change to support file conditions; format of hg-ssh-access.conf
Paul Crowley <paul@lshift.net>
parents:
17
diff
changeset
|
7 |
# |
|
17
4c98440de851
Started work on acl.py replacement - currently broken.
Paul Crowley <paul@ciphergoth.org>
parents:
diff
changeset
|
8 |
# This software may be used and distributed according to the terms |
|
4c98440de851
Started work on acl.py replacement - currently broken.
Paul Crowley <paul@ciphergoth.org>
parents:
diff
changeset
|
9 |
# of the GNU General Public License, incorporated herein by reference. |
|
4c98440de851
Started work on acl.py replacement - currently broken.
Paul Crowley <paul@ciphergoth.org>
parents:
diff
changeset
|
10 |
|
|
4c98440de851
Started work on acl.py replacement - currently broken.
Paul Crowley <paul@ciphergoth.org>
parents:
diff
changeset
|
11 |
from mercurial.i18n import _ |
| 51 | 12 |
import mercurial.util |
| 53 | 13 |
import mercurial.node |
|
17
4c98440de851
Started work on acl.py replacement - currently broken.
Paul Crowley <paul@ciphergoth.org>
parents:
diff
changeset
|
14 |
|
|
4c98440de851
Started work on acl.py replacement - currently broken.
Paul Crowley <paul@ciphergoth.org>
parents:
diff
changeset
|
15 |
import os |
|
67
fd16d9a1234b
Put .py files into a directory of their own
Paul Crowley <paul@lshift.net>
parents:
62
diff
changeset
|
16 |
from mercurialserver import ruleset |
|
fd16d9a1234b
Put .py files into a directory of their own
Paul Crowley <paul@lshift.net>
parents:
62
diff
changeset
|
17 |
from mercurialserver import changes |
|
17
4c98440de851
Started work on acl.py replacement - currently broken.
Paul Crowley <paul@ciphergoth.org>
parents:
diff
changeset
|
18 |
|
|
4c98440de851
Started work on acl.py replacement - currently broken.
Paul Crowley <paul@ciphergoth.org>
parents:
diff
changeset
|
19 |
class Checker(object): |
|
4c98440de851
Started work on acl.py replacement - currently broken.
Paul Crowley <paul@ciphergoth.org>
parents:
diff
changeset
|
20 |
'''acl checker.''' |
|
4c98440de851
Started work on acl.py replacement - currently broken.
Paul Crowley <paul@ciphergoth.org>
parents:
diff
changeset
|
21 |
|
|
4c98440de851
Started work on acl.py replacement - currently broken.
Paul Crowley <paul@ciphergoth.org>
parents:
diff
changeset
|
22 |
def __init__(self, ui, repo): |
|
4c98440de851
Started work on acl.py replacement - currently broken.
Paul Crowley <paul@ciphergoth.org>
parents:
diff
changeset
|
23 |
self.ui = ui |
|
4c98440de851
Started work on acl.py replacement - currently broken.
Paul Crowley <paul@ciphergoth.org>
parents:
diff
changeset
|
24 |
self.repo = repo |
|
39
f5055ce263c7
New system. No breaking in, just putting files in /etc/mercurial-server
Paul Crowley <paul@lshift.net>
parents:
33
diff
changeset
|
25 |
|
|
f5055ce263c7
New system. No breaking in, just putting files in /etc/mercurial-server
Paul Crowley <paul@lshift.net>
parents:
33
diff
changeset
|
26 |
self.rules = ruleset.rules_from_env() |
|
21
59540181a4bb
simplify by allowing some params to be preset in rules
Paul Crowley <paul@ciphergoth.org>
parents:
20
diff
changeset
|
27 |
self.rules.set(user = os.environ['REMOTE_USER']) |
|
59540181a4bb
simplify by allowing some params to be preset in rules
Paul Crowley <paul@ciphergoth.org>
parents:
20
diff
changeset
|
28 |
self.rules.set(repo = os.environ['HG_REPO_PATH']) |
|
17
4c98440de851
Started work on acl.py replacement - currently broken.
Paul Crowley <paul@ciphergoth.org>
parents:
diff
changeset
|
29 |
|
| 51 | 30 |
def allow(self, ctx): |
|
20
f4daa224dc7e
Add support for locking by branch, and document breaking in.
Paul Crowley <paul@ciphergoth.org>
parents:
18
diff
changeset
|
31 |
branch = ctx.branch() |
|
22
578555227599
branch is local not member
Paul Crowley <paul@ciphergoth.org>
parents:
21
diff
changeset
|
32 |
if not self.rules.allow("write", branch=branch, file=None):
|
|
20
f4daa224dc7e
Add support for locking by branch, and document breaking in.
Paul Crowley <paul@ciphergoth.org>
parents:
18
diff
changeset
|
33 |
return False |
|
f4daa224dc7e
Add support for locking by branch, and document breaking in.
Paul Crowley <paul@ciphergoth.org>
parents:
18
diff
changeset
|
34 |
for f in ctx.files(): |
|
22
578555227599
branch is local not member
Paul Crowley <paul@ciphergoth.org>
parents:
21
diff
changeset
|
35 |
if not self.rules.allow("write", branch=branch, file=f):
|
|
20
f4daa224dc7e
Add support for locking by branch, and document breaking in.
Paul Crowley <paul@ciphergoth.org>
parents:
18
diff
changeset
|
36 |
return False |
|
f4daa224dc7e
Add support for locking by branch, and document breaking in.
Paul Crowley <paul@ciphergoth.org>
parents:
18
diff
changeset
|
37 |
return True |
|
17
4c98440de851
Started work on acl.py replacement - currently broken.
Paul Crowley <paul@ciphergoth.org>
parents:
diff
changeset
|
38 |
|
| 51 | 39 |
def check(self, ctx): |
40 |
'''return if access allowed, raise exception if not.''' |
|
41 |
if not self.allow(ctx): |
|
42 |
raise mercurial.util.Abort(_('%s: access denied for changeset %s') %
|
|
| 53 | 43 |
(__name__, mercurial.node.short(ctx.node()))) |
|
20
f4daa224dc7e
Add support for locking by branch, and document breaking in.
Paul Crowley <paul@ciphergoth.org>
parents:
18
diff
changeset
|
44 |
|
|
17
4c98440de851
Started work on acl.py replacement - currently broken.
Paul Crowley <paul@ciphergoth.org>
parents:
diff
changeset
|
45 |
def hook(ui, repo, hooktype, node=None, source=None, **kwargs): |
|
4c98440de851
Started work on acl.py replacement - currently broken.
Paul Crowley <paul@ciphergoth.org>
parents:
diff
changeset
|
46 |
if hooktype != 'pretxnchangegroup': |
| 51 | 47 |
raise mercurial.util.Abort(_('config error - hook type "%s" cannot stop '
|
|
17
4c98440de851
Started work on acl.py replacement - currently broken.
Paul Crowley <paul@ciphergoth.org>
parents:
diff
changeset
|
48 |
'incoming changesets') % hooktype) |
|
18
538d6b198f4a
Big change to support file conditions; format of hg-ssh-access.conf
Paul Crowley <paul@lshift.net>
parents:
17
diff
changeset
|
49 |
c = Checker(ui, repo) |
|
52
f9eb98bb0791
Encapsulate change finding with backwards compatibility
Paul Crowley <paul@lshift.net>
parents:
51
diff
changeset
|
50 |
for ctx in changes.changes(repo, node): |
|
f9eb98bb0791
Encapsulate change finding with backwards compatibility
Paul Crowley <paul@lshift.net>
parents:
51
diff
changeset
|
51 |
c.check(ctx) |