access.py
changeset 23 9fa62cfd2821
parent 19 62ee928ac9b3
parent 22 578555227599
child 24 9f8e11ede780
equal deleted inserted replaced
19:62ee928ac9b3 23:9fa62cfd2821
    19     '''acl checker.'''
    19     '''acl checker.'''
    20 
    20 
    21     def __init__(self, ui, repo):
    21     def __init__(self, ui, repo):
    22         self.ui = ui
    22         self.ui = ui
    23         self.repo = repo
    23         self.repo = repo
    24         self.repo_path = os.environ['HG_REPO_PATH']
       
    25         self.user = os.environ['REMOTE_USER']
       
    26         self.rules = ruleset.Ruleset.readfile(os.environ['HG_ACCESS_RULES_FILE'])
    24         self.rules = ruleset.Ruleset.readfile(os.environ['HG_ACCESS_RULES_FILE'])
       
    25         self.rules.set(user = os.environ['REMOTE_USER'])
       
    26         self.rules.set(repo = os.environ['HG_REPO_PATH'])
       
    27 
       
    28     def allow(self, node):
       
    29         '''return if access allowed, raise exception if not.'''
       
    30         ctx = self.repo.changectx(node)
       
    31         branch = ctx.branch()
       
    32         if not self.rules.allow("write", branch=branch, file=None):
       
    33             self.ui.debug(_('%s: user %s not allowed on branch %s\n') %
       
    34                 (__name__, self.user, branch))
       
    35             return False
       
    36         for f in ctx.files():
       
    37             if not self.rules.allow("write", branch=branch, file=f):
       
    38                 self.ui.debug(_('%s: user %s not allowed on %s\n') %
       
    39                               (__name__, self.user, f))
       
    40                 return False
       
    41         self.ui.debug(_('%s: allowing changeset %s\n') % (__name__, short(node)))
       
    42         return True
    27 
    43 
    28     def check(self, node):
    44     def check(self, node):
    29         '''return if access allowed, raise exception if not.'''
    45         if not allow(self, node):
    30         files = self.repo.changectx(node).files()
    46             raise util.Abort(_('%s: access denied for changeset %s') %
    31         for f in files:
    47                 (__name__, short(node)))
    32             if not self.rules.allow("write", user=self.user, repo=self.repo_path, file=f):
       
    33                 self.ui.debug(_('%s: user %s not allowed on %s\n') %
       
    34                               (__name__, self.getuser(), f))
       
    35                 raise util.Abort(_('%s: access denied for changeset %s') %
       
    36                                  (__name__, short(node)))
       
    37         self.ui.debug(_('%s: allowing changeset %s\n') % (__name__, short(node)))
       
    38 
    48 
       
    49         
    39 def hook(ui, repo, hooktype, node=None, source=None, **kwargs):
    50 def hook(ui, repo, hooktype, node=None, source=None, **kwargs):
    40     if hooktype != 'pretxnchangegroup':
    51     if hooktype != 'pretxnchangegroup':
    41         raise util.Abort(_('config error - hook type "%s" cannot stop '
    52         raise util.Abort(_('config error - hook type "%s" cannot stop '
    42                            'incoming changesets') % hooktype)
    53                            'incoming changesets') % hooktype)
    43     c = Checker(ui, repo)
    54     c = Checker(ui, repo)