1 # Copyright 2008 LShift Ltd |
|
2 # Copyright 2006 Vadim Gelfer <vadim.gelfer@gmail.com> |
|
3 # |
|
4 # Authors: |
|
5 # Paul Crowley <paul@lshift.net> |
|
6 # Vadim Gelfer <vadim.gelfer@gmail.com> |
|
7 # |
|
8 # This software may be used and distributed according to the terms |
|
9 # of the GNU General Public License, incorporated herein by reference. |
|
10 |
|
11 from mercurial.i18n import _ |
|
12 from mercurial.node import * |
|
13 from mercurial import util |
|
14 |
|
15 import os |
|
16 import ruleset |
|
17 |
|
18 class Checker(object): |
|
19 '''acl checker.''' |
|
20 |
|
21 def __init__(self, ui, repo): |
|
22 self.ui = ui |
|
23 self.repo = repo |
|
24 self.rules = ruleset.Ruleset.readfile(os.environ['HG_ACCESS_RULES_FILE']) |
|
25 self.rules.set(user = os.environ['REMOTE_USER']) |
|
26 self.rules.set(repo = os.environ['HG_REPO_PATH']) |
|
27 |
|
28 def allow(self, node): |
|
29 '''return if access allowed, raise exception if not.''' |
|
30 ctx = self.repo.changectx(node) |
|
31 branch = ctx.branch() |
|
32 if not self.rules.allow("write", branch=branch, file=None): |
|
33 return False |
|
34 for f in ctx.files(): |
|
35 if not self.rules.allow("write", branch=branch, file=f): |
|
36 return False |
|
37 self.ui.debug(_('%s: allowing changeset %s\n') % (__name__, short(node))) |
|
38 return True |
|
39 |
|
40 def check(self, node): |
|
41 if not self.allow(node): |
|
42 raise util.Abort(_('%s: access denied for changeset %s') % |
|
43 (__name__, short(node))) |
|
44 |
|
45 |
|
46 def hook(ui, repo, hooktype, node=None, source=None, **kwargs): |
|
47 if hooktype != 'pretxnchangegroup': |
|
48 raise util.Abort(_('config error - hook type "%s" cannot stop ' |
|
49 'incoming changesets') % hooktype) |
|
50 c = Checker(ui, repo) |
|
51 start = repo.changelog.rev(bin(node)) |
|
52 end = repo.changelog.count() |
|
53 for rev in xrange(start, end): |
|
54 c.check(repo.changelog.node(rev)) |
|
55 |
|