diff -r cd3da73cdf63 -r 0519745e7a57 src/mercurialserver/ruleset.py
--- a/src/mercurialserver/ruleset.py	Mon Oct 12 12:08:49 2009 +0100
+++ b/src/mercurialserver/ruleset.py	Mon Oct 12 16:04:07 2009 +0100
@@ -12,28 +12,10 @@
 
 allowedchars = "A-Za-z0-9_-"
 
-goodpathre = re.compile("([%s]+/)*[%s]+$" % (allowedchars, allowedchars))
-def goodpath(path):
-    return goodpathre.match(path) is not None
-
-goodglobre = re.compile("[*/%s]+$" % allowedchars)
-
-def goodglob(pattern):
-    return goodglobre.match(pattern) is not None
-
-# Don't put anything except *A-Za-z0-9_- in rule globs or   
-# it will match nothing.  No regexp metachars, not even .
-# We may fix this later.
 def globmatcher(pattern):
-    if not goodglob(pattern):
-        #fail("Bad glob pattern in auth config: %s" % pattern)
-        # FIXME: report it somehow
-        return lambda x: False
-    # Substitution cunning so ** can be different from *
-    pattern = pattern.replace("*", "[]")
-    pattern = pattern.replace("[][]", "[/%s]*" % allowedchars)
-    pattern = pattern.replace("[]", "[%s]*" % allowedchars)
-    rex = re.compile(pattern + "$")
+    p = "[^/]*".join(re.escape(c) for c in pattern.split("*"))
+    # ** means "match recursively" ie "ignore directories"
+    rex = re.compile(p.replace("[^/]*[^/]*", ".*") + "$")
     # None matches everything
     return lambda x: x is None or rex.match(x) is not None
 
@@ -46,6 +28,9 @@
         return True
     return c
 
+class AccessException(Exception):
+    pass
+
 class Ruleset(object):
     '''Class representing the rules in a rule file'''
     
@@ -76,6 +61,10 @@
         a = self.matchrule(kw)
         return a in self.levels and self.levels.index(a) <= self.levels.index(level)
     
+    def check(self, level, **kw):
+        if not self.allow(level, **kw):
+            raise AccessException()
+    
     def readfile(self, fn):
         try:
             f = open(fn)