|
1 # Copyright 2008-2009 LShift Ltd |
|
2 # Copyright 2006 Vadim Gelfer <vadim.gelfer@gmail.com> |
|
3 # |
|
4 # Authors: |
|
5 # Paul Crowley <paul@lshift.net> |
|
6 # Vadim Gelfer <vadim.gelfer@gmail.com> |
|
7 # |
|
8 # This software may be used and distributed according to the terms |
|
9 # of the GNU General Public License, incorporated herein by reference. |
|
10 |
|
11 from mercurial.i18n import _ |
|
12 import mercurial.util |
|
13 import mercurial.node |
|
14 |
|
15 import os |
|
16 from mercurialserver import ruleset |
|
17 from mercurialserver import changes |
|
18 |
|
19 class Checker(object): |
|
20 '''acl checker.''' |
|
21 |
|
22 def __init__(self, ui, repo): |
|
23 self.ui = ui |
|
24 self.repo = repo |
|
25 |
|
26 self.rules = ruleset.rules_from_env() |
|
27 self.rules.set(user = os.environ['REMOTE_USER']) |
|
28 self.rules.set(repo = os.environ['HG_REPO_PATH']) |
|
29 |
|
30 def allow(self, ctx): |
|
31 branch = ctx.branch() |
|
32 if not self.rules.allow("write", branch=branch, file=None): |
|
33 return False |
|
34 for f in ctx.files(): |
|
35 if not self.rules.allow("write", branch=branch, file=f): |
|
36 return False |
|
37 return True |
|
38 |
|
39 def check(self, ctx): |
|
40 '''return if access allowed, raise exception if not.''' |
|
41 if not self.allow(ctx): |
|
42 raise mercurial.util.Abort(_('%s: access denied for changeset %s') % |
|
43 (__name__, mercurial.node.short(ctx.node()))) |
|
44 |
|
45 def hook(ui, repo, hooktype, node=None, source=None, **kwargs): |
|
46 if hooktype != 'pretxnchangegroup': |
|
47 raise mercurial.util.Abort(_('config error - hook type "%s" cannot stop ' |
|
48 'incoming changesets') % hooktype) |
|
49 c = Checker(ui, repo) |
|
50 for ctx in changes.changes(repo, node): |
|
51 c.check(ctx) |