19 '''acl checker.''' |
19 '''acl checker.''' |
20 |
20 |
21 def __init__(self, ui, repo): |
21 def __init__(self, ui, repo): |
22 self.ui = ui |
22 self.ui = ui |
23 self.repo = repo |
23 self.repo = repo |
24 self.repo_path = os.environ['HG_REPO_PATH'] |
|
25 self.user = os.environ['REMOTE_USER'] |
|
26 self.rules = ruleset.Ruleset.readfile(os.environ['HG_ACCESS_RULES_FILE']) |
24 self.rules = ruleset.Ruleset.readfile(os.environ['HG_ACCESS_RULES_FILE']) |
|
25 self.rules.set(user = os.environ['REMOTE_USER']) |
|
26 self.rules.set(repo = os.environ['HG_REPO_PATH']) |
|
27 |
|
28 def allow(self, node): |
|
29 '''return if access allowed, raise exception if not.''' |
|
30 ctx = self.repo.changectx(node) |
|
31 branch = ctx.branch() |
|
32 if not self.rules.allow("write", branch=branch, file=None): |
|
33 self.ui.debug(_('%s: user %s not allowed on branch %s\n') % |
|
34 (__name__, self.user, branch)) |
|
35 return False |
|
36 for f in ctx.files(): |
|
37 if not self.rules.allow("write", branch=branch, file=f): |
|
38 self.ui.debug(_('%s: user %s not allowed on %s\n') % |
|
39 (__name__, self.user, f)) |
|
40 return False |
|
41 self.ui.debug(_('%s: allowing changeset %s\n') % (__name__, short(node))) |
|
42 return True |
27 |
43 |
28 def check(self, node): |
44 def check(self, node): |
29 '''return if access allowed, raise exception if not.''' |
45 if not allow(self, node): |
30 files = self.repo.changectx(node).files() |
46 raise util.Abort(_('%s: access denied for changeset %s') % |
31 for f in files: |
47 (__name__, short(node))) |
32 if not self.rules.allow("write", user=self.user, repo=self.repo_path, file=f): |
|
33 self.ui.debug(_('%s: user %s not allowed on %s\n') % |
|
34 (__name__, self.getuser(), f)) |
|
35 raise util.Abort(_('%s: access denied for changeset %s') % |
|
36 (__name__, short(node))) |
|
37 self.ui.debug(_('%s: allowing changeset %s\n') % (__name__, short(node))) |
|
38 |
48 |
|
49 |
39 def hook(ui, repo, hooktype, node=None, source=None, **kwargs): |
50 def hook(ui, repo, hooktype, node=None, source=None, **kwargs): |
40 if hooktype != 'pretxnchangegroup': |
51 if hooktype != 'pretxnchangegroup': |
41 raise util.Abort(_('config error - hook type "%s" cannot stop ' |
52 raise util.Abort(_('config error - hook type "%s" cannot stop ' |
42 'incoming changesets') % hooktype) |
53 'incoming changesets') % hooktype) |
43 c = Checker(ui, repo) |
54 c = Checker(ui, repo) |