19 '''acl checker.''' |
19 '''acl checker.''' |
20 |
20 |
21 def __init__(self, ui, repo): |
21 def __init__(self, ui, repo): |
22 self.ui = ui |
22 self.ui = ui |
23 self.repo = repo |
23 self.repo = repo |
24 self.repo_path = os.environ['HG_REPO_PATH'] |
|
25 self.user = os.environ['REMOTE_USER'] |
|
26 self.rules = rules.Ruleset.readfile(os.environ['HG_ACCESS_RULES_FILE']) |
24 self.rules = rules.Ruleset.readfile(os.environ['HG_ACCESS_RULES_FILE']) |
|
25 self.rules.set(user = os.environ['REMOTE_USER']) |
|
26 self.rules.set(repo = os.environ['HG_REPO_PATH']) |
27 |
27 |
28 def allow(self, node): |
28 def allow(self, node): |
29 '''return if access allowed, raise exception if not.''' |
29 '''return if access allowed, raise exception if not.''' |
30 ctx = self.repo.changectx(node) |
30 ctx = self.repo.changectx(node) |
31 branch = ctx.branch() |
31 branch = ctx.branch() |
32 if not self.rules.allow("write", user=self.user, repo=self.repo_path, branch=self.branch, file=None): |
32 if not self.rules.allow("write", branch=self.branch, file=None): |
33 self.ui.debug(_('%s: user %s not allowed on branch %s\n') % |
33 self.ui.debug(_('%s: user %s not allowed on branch %s\n') % |
34 (__name__, self.user, branch)) |
34 (__name__, self.user, branch)) |
35 return False |
35 return False |
36 for f in ctx.files(): |
36 for f in ctx.files(): |
37 if not self.rules.allow("write", user=self.user, repo=self.repo_path, branch=self.branch, file=f): |
37 if not self.rules.allow("write", branch=self.branch, file=f): |
38 self.ui.debug(_('%s: user %s not allowed on %s\n') % |
38 self.ui.debug(_('%s: user %s not allowed on %s\n') % |
39 (__name__, self.user, f)) |
39 (__name__, self.user, f)) |
40 return False |
40 return False |
41 self.ui.debug(_('%s: allowing changeset %s\n') % (__name__, short(node))) |
41 self.ui.debug(_('%s: allowing changeset %s\n') % (__name__, short(node))) |
42 return True |
42 return True |