70 |
70 |
71 def __call__(self, env, respond): |
71 def __call__(self, env, respond): |
72 req = wsgirequest(env, respond) |
72 req = wsgirequest(env, respond) |
73 return self.run_wsgi(req) |
73 return self.run_wsgi(req) |
74 |
74 |
|
75 def read_allowed(self, ui, req): |
|
76 """Check allow_read and deny_read config options of a repo's ui object |
|
77 to determine user permissions. By default, with neither option set (or |
|
78 both empty), allow all users to read the repo. There are two ways a |
|
79 user can be denied read access: (1) deny_read is not empty, and the |
|
80 user is unauthenticated or deny_read contains user (or *), and (2) |
|
81 allow_read is not empty and the user is not in allow_read. Return True |
|
82 if user is allowed to read the repo, else return False.""" |
|
83 |
|
84 user = req.env.get('REMOTE_USER') |
|
85 |
|
86 deny_read = ui.configlist('web', 'deny_read', default=None, untrusted=True) |
|
87 if deny_read and (not user or deny_read == ['*'] or user in deny_read): |
|
88 return False |
|
89 |
|
90 allow_read = ui.configlist('web', 'allow_read', default=None, untrusted=True) |
|
91 # by default, allow reading if no allow_read option has been set |
|
92 if (not allow_read) or (allow_read == ['*']) or (user in allow_read): |
|
93 return True |
|
94 |
|
95 return False |
|
96 |
75 def run_wsgi(self, req): |
97 def run_wsgi(self, req): |
76 |
98 |
77 try: |
99 try: |
78 try: |
100 try: |
79 |
101 |
171 continue |
193 continue |
172 def get(section, name, default=None): |
194 def get(section, name, default=None): |
173 return u.config(section, name, default, untrusted=True) |
195 return u.config(section, name, default, untrusted=True) |
174 |
196 |
175 if u.configbool("web", "hidden", untrusted=True): |
197 if u.configbool("web", "hidden", untrusted=True): |
|
198 continue |
|
199 |
|
200 if not self.read_allowed(u, req): |
176 continue |
201 continue |
177 |
202 |
178 parts = [name] |
203 parts = [name] |
179 if 'PATH_INFO' in req.env: |
204 if 'PATH_INFO' in req.env: |
180 parts.insert(0, req.env['PATH_INFO'].rstrip('/')) |
205 parts.insert(0, req.env['PATH_INFO'].rstrip('/')) |