14 |
14 |
15 import os |
15 import os |
16 from mercurialserver import ruleset |
16 from mercurialserver import ruleset |
17 from mercurialserver import changes |
17 from mercurialserver import changes |
18 |
18 |
19 class Checker(object): |
19 def allow(ctx): |
20 '''acl checker.''' |
20 branch = ctx.branch() |
21 |
21 if not ruleset.rules.allow("write", branch=branch, file=None): |
22 def __init__(self, ui, repo): |
22 return False |
23 self.ui = ui |
23 for f in ctx.files(): |
24 self.repo = repo |
24 if not ruleset.rules.allow("write", branch=branch, file=f): |
25 |
|
26 def allow(self, ctx): |
|
27 branch = ctx.branch() |
|
28 if not ruleset.rules.allow("write", branch=branch, file=None): |
|
29 return False |
25 return False |
30 for f in ctx.files(): |
26 return True |
31 if not ruleset.rules.allow("write", branch=branch, file=f): |
|
32 return False |
|
33 return True |
|
34 |
|
35 def check(self, ctx): |
|
36 '''return if access allowed, raise exception if not.''' |
|
37 if not self.allow(ctx): |
|
38 raise mercurial.util.Abort(_('%s: access denied for changeset %s') % |
|
39 (__name__, mercurial.node.short(ctx.node()))) |
|
40 |
27 |
41 def hook(ui, repo, hooktype, node=None, source=None, **kwargs): |
28 def hook(ui, repo, hooktype, node=None, source=None, **kwargs): |
42 if hooktype != 'pretxnchangegroup': |
29 if hooktype != 'pretxnchangegroup': |
43 raise mercurial.util.Abort(_('config error - hook type "%s" cannot stop ' |
30 raise mercurial.util.Abort(_('config error - hook type "%s" cannot stop ' |
44 'incoming changesets') % hooktype) |
31 'incoming changesets') % hooktype) |
45 c = Checker(ui, repo) |
|
46 for ctx in changes.changes(repo, node): |
32 for ctx in changes.changes(repo, node): |
47 c.check(ctx) |
33 if not allow(ctx): |
|
34 raise mercurial.util.Abort(_('%s: access denied for changeset %s') % |
|
35 (__name__, mercurial.node.short(ctx.node()))) |
|
36 |