1 # Copyright 2008-2009 LShift Ltd |
1 """Mercurial access control hook""" |
2 # Copyright 2006 Vadim Gelfer <vadim.gelfer@gmail.com> |
|
3 # |
|
4 # Authors: |
|
5 # Paul Crowley <paul@lshift.net> |
|
6 # Vadim Gelfer <vadim.gelfer@gmail.com> |
|
7 # |
|
8 # This software may be used and distributed according to the terms |
|
9 # of the GNU General Public License, incorporated herein by reference. |
|
10 |
2 |
11 from mercurial.i18n import _ |
3 from mercurial.i18n import _ |
12 import mercurial.util |
4 import mercurial.util |
13 import mercurial.node |
5 import mercurial.node |
14 |
6 |
15 import os |
7 import os |
16 from mercurialserver import ruleset |
8 from mercurialserver import ruleset |
17 from mercurialserver import changes |
9 from mercurialserver import changes |
18 |
10 |
19 class Checker(object): |
11 def allow(ctx): |
20 '''acl checker.''' |
12 branch = ctx.branch() |
21 |
13 if not ruleset.rules.allow("write", branch=branch, file=None): |
22 def __init__(self, ui, repo): |
14 return False |
23 self.ui = ui |
15 for f in ctx.files(): |
24 self.repo = repo |
16 if not ruleset.rules.allow("write", branch=branch, file=f): |
25 |
|
26 def allow(self, ctx): |
|
27 branch = ctx.branch() |
|
28 if not ruleset.rules.allow("write", branch=branch, file=None): |
|
29 return False |
17 return False |
30 for f in ctx.files(): |
18 return True |
31 if not ruleset.rules.allow("write", branch=branch, file=f): |
|
32 return False |
|
33 return True |
|
34 |
|
35 def check(self, ctx): |
|
36 '''return if access allowed, raise exception if not.''' |
|
37 if not self.allow(ctx): |
|
38 raise mercurial.util.Abort(_('%s: access denied for changeset %s') % |
|
39 (__name__, mercurial.node.short(ctx.node()))) |
|
40 |
19 |
41 def hook(ui, repo, hooktype, node=None, source=None, **kwargs): |
20 def hook(ui, repo, hooktype, node=None, source=None, **kwargs): |
42 if hooktype != 'pretxnchangegroup': |
21 if hooktype != 'pretxnchangegroup': |
43 raise mercurial.util.Abort(_('config error - hook type "%s" cannot stop ' |
22 raise mercurial.util.Abort(_('config error - hook type "%s" cannot stop ' |
44 'incoming changesets') % hooktype) |
23 'incoming changesets') % hooktype) |
45 c = Checker(ui, repo) |
|
46 for ctx in changes.changes(repo, node): |
24 for ctx in changes.changes(repo, node): |
47 c.check(ctx) |
25 if not allow(ctx): |
|
26 raise mercurial.util.Abort(_('%s: access denied for changeset %s') % |
|
27 (__name__, mercurial.node.short(ctx.node()))) |
|
28 |