mercurial-server: comparison src/mercurialserver/ruleset.py

equal deleted inserted replaced

-:cd3da73cdf63
+:0519745e7a57
 import os
 import os.path
 allowedchars = "A-Za-z0-9_-"
-goodpathre = re.compile("([%s]+/)*[%s]+$" % (allowedchars, allowedchars))
-def goodpath(path):
-return goodpathre.match(path) is not None
-goodglobre = re.compile("[*/%s]+$" % allowedchars)
-def goodglob(pattern):
-return goodglobre.match(pattern) is not None
-# Don't put anything except *A-Za-z0-9_- in rule globs or
-# it will match nothing.  No regexp metachars, not even .
-# We may fix this later.
 def globmatcher(pattern):
-if not goodglob(pattern):
+p = "[^/]*".join(re.escape(c) for c in pattern.split("*"))
-#fail("Bad glob pattern in auth config: %s" % pattern)
+# ** means "match recursively" ie "ignore directories"
-# FIXME: report it somehow
+rex = re.compile(p.replace("[^/]*[^/]*", ".*") + "$")
-return lambda x: False
-# Substitution cunning so ** can be different from *
-pattern = pattern.replace("*", "[]")
-pattern = pattern.replace("[][]", "[/%s]*" % allowedchars)
-pattern = pattern.replace("[]", "[%s]*" % allowedchars)
-rex = re.compile(pattern + "$")
 # None matches everything
 return lambda x: x is None or rex.match(x) is not None
 def rule(pairs):
 matchers = [(k, globmatcher(v)) for k, v in pairs]
 for k, m in matchers:
 if k not in kw or not m(kw[k]):
 return False
 return True
 return c
+class AccessException(Exception):
+pass
 class Ruleset(object):
 '''Class representing the rules in a rule file'''
 levels = ["init", "write", "read", "deny"]
 def allow(self, level, **kw):
 a = self.matchrule(kw)
 return a in self.levels and self.levels.index(a) <= self.levels.index(level)
+def check(self, level, **kw):
+if not self.allow(level, **kw):
+raise AccessException()
 def readfile(self, fn):
 try:
 f = open(fn)
 try:
 for l in f:

changeset 106	0519745e7a57
parent 78	2a3407a14654
child 109	72100d3ed1bd