annotate hgext/acl.py @ 51164:962974a5d068 stable

revlog: add one more assert about state of thing when splitting This assert is currently happy, but it does not hurt to adds it to clarify expected state and catch potential error in the future.
author Pierre-Yves David <pierre-yves.david@octobus.net>
date Wed, 06 Dec 2023 15:38:15 +0100
parents d44e3c45f0e4
children 493034cc3265
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
2344
ae12e5a2c4a3 add acl extension, to limit who can push to subdirs of central repo.
Vadim Gelfer <vadim.gelfer@gmail.com>
parents:
diff changeset
1 # acl.py - changeset access control for mercurial
ae12e5a2c4a3 add acl extension, to limit who can push to subdirs of central repo.
Vadim Gelfer <vadim.gelfer@gmail.com>
parents:
diff changeset
2 #
ae12e5a2c4a3 add acl extension, to limit who can push to subdirs of central repo.
Vadim Gelfer <vadim.gelfer@gmail.com>
parents:
diff changeset
3 # Copyright 2006 Vadim Gelfer <vadim.gelfer@gmail.com>
ae12e5a2c4a3 add acl extension, to limit who can push to subdirs of central repo.
Vadim Gelfer <vadim.gelfer@gmail.com>
parents:
diff changeset
4 #
8225
46293a0c7e9f updated license to be explicit about GPL version 2
Martin Geisler <mg@lazybytes.net>
parents: 8142
diff changeset
5 # This software may be used and distributed according to the terms of the
10263
25e572394f5c Update license to GPLv2+
Matt Mackall <mpm@selenic.com>
parents: 10112
diff changeset
6 # GNU General Public License version 2 or any later version.
8873
e872ef2e6758 help: add/fix docstrings for a bunch of extensions
Dirkjan Ochtman <dirkjan@ochtman.nl>
parents: 8846
diff changeset
7
8935
f4f0e902b750 extensions: change descriptions for hook-providing extensions
Dirkjan Ochtman <dirkjan@ochtman.nl>
parents: 8894
diff changeset
8 '''hooks for controlling repository access
8873
e872ef2e6758 help: add/fix docstrings for a bunch of extensions
Dirkjan Ochtman <dirkjan@ochtman.nl>
parents: 8846
diff changeset
9
11095
d56124931909 acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents: 11094
diff changeset
10 This hook makes it possible to allow or deny write access to given
d56124931909 acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents: 11094
diff changeset
11 branches and paths of a repository when receiving incoming changesets
d56124931909 acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents: 11094
diff changeset
12 via pretxnchangegroup and pretxncommit.
9250
00986b9ed649 acl: wrap docstrings at 70 characters
Martin Geisler <mg@lazybytes.net>
parents: 9201
diff changeset
13
00986b9ed649 acl: wrap docstrings at 70 characters
Martin Geisler <mg@lazybytes.net>
parents: 9201
diff changeset
14 The authorization is matched based on the local user name on the
00986b9ed649 acl: wrap docstrings at 70 characters
Martin Geisler <mg@lazybytes.net>
parents: 9201
diff changeset
15 system where the hook runs, and not the committer of the original
00986b9ed649 acl: wrap docstrings at 70 characters
Martin Geisler <mg@lazybytes.net>
parents: 9201
diff changeset
16 changeset (since the latter is merely informative).
8873
e872ef2e6758 help: add/fix docstrings for a bunch of extensions
Dirkjan Ochtman <dirkjan@ochtman.nl>
parents: 8846
diff changeset
17
9250
00986b9ed649 acl: wrap docstrings at 70 characters
Martin Geisler <mg@lazybytes.net>
parents: 9201
diff changeset
18 The acl hook is best used along with a restricted shell like hgsh,
11095
d56124931909 acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents: 11094
diff changeset
19 preventing authenticating users from doing anything other than pushing
d56124931909 acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents: 11094
diff changeset
20 or pulling. The hook is not safe to use if users have interactive
d56124931909 acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents: 11094
diff changeset
21 shell access, as they can then disable the hook. Nor is it safe if
d56124931909 acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents: 11094
diff changeset
22 remote users share an account, because then there is no way to
d56124931909 acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents: 11094
diff changeset
23 distinguish them.
8873
e872ef2e6758 help: add/fix docstrings for a bunch of extensions
Dirkjan Ochtman <dirkjan@ochtman.nl>
parents: 8846
diff changeset
24
11092
2dd91779eb27 acl: add support for branch-based access control
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents: 11058
diff changeset
25 The order in which access checks are performed is:
11094
c7adea82d495 acl: fix reST syntax
Martin Geisler <mg@aragost.com>
parents: 11092
diff changeset
26
c7adea82d495 acl: fix reST syntax
Martin Geisler <mg@aragost.com>
parents: 11092
diff changeset
27 1) Deny list for branches (section ``acl.deny.branches``)
c7adea82d495 acl: fix reST syntax
Martin Geisler <mg@aragost.com>
parents: 11092
diff changeset
28 2) Allow list for branches (section ``acl.allow.branches``)
c7adea82d495 acl: fix reST syntax
Martin Geisler <mg@aragost.com>
parents: 11092
diff changeset
29 3) Deny list for paths (section ``acl.deny``)
c7adea82d495 acl: fix reST syntax
Martin Geisler <mg@aragost.com>
parents: 11092
diff changeset
30 4) Allow list for paths (section ``acl.allow``)
11042
d82f3651cd13 acl: updated doc string to reflect recent changes
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents: 11041
diff changeset
31
11092
2dd91779eb27 acl: add support for branch-based access control
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents: 11058
diff changeset
32 The allow and deny sections take key-value pairs.
2dd91779eb27 acl: add support for branch-based access control
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents: 11058
diff changeset
33
11094
c7adea82d495 acl: fix reST syntax
Martin Geisler <mg@aragost.com>
parents: 11092
diff changeset
34 Branch-based Access Control
17267
979b107eaea2 doc: unify section level between help topics
FUJIWARA Katsunori <foozy@lares.dti.ne.jp>
parents: 16957
diff changeset
35 ---------------------------
11092
2dd91779eb27 acl: add support for branch-based access control
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents: 11058
diff changeset
36
11095
d56124931909 acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents: 11094
diff changeset
37 Use the ``acl.deny.branches`` and ``acl.allow.branches`` sections to
d56124931909 acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents: 11094
diff changeset
38 have branch-based access control. Keys in these sections can be
d56124931909 acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents: 11094
diff changeset
39 either:
11057
7f0796a0b35c acl: fix ReST syntax in docstring
Martin Geisler <mg@lazybytes.net>
parents: 11042
diff changeset
40
11095
d56124931909 acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents: 11094
diff changeset
41 - a branch name, or
d56124931909 acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents: 11094
diff changeset
42 - an asterisk, to match any branch;
11092
2dd91779eb27 acl: add support for branch-based access control
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents: 11058
diff changeset
43
2dd91779eb27 acl: add support for branch-based access control
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents: 11058
diff changeset
44 The corresponding values can be either:
11094
c7adea82d495 acl: fix reST syntax
Martin Geisler <mg@aragost.com>
parents: 11092
diff changeset
45
11095
d56124931909 acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents: 11094
diff changeset
46 - a comma-separated list containing users and groups, or
d56124931909 acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents: 11094
diff changeset
47 - an asterisk, to match anyone;
11042
d82f3651cd13 acl: updated doc string to reflect recent changes
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents: 11041
diff changeset
48
16957
d7b608149f6c acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents: 16956
diff changeset
49 You can add the "!" prefix to a user or group name to invert the sense
d7b608149f6c acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents: 16956
diff changeset
50 of the match.
d7b608149f6c acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents: 16956
diff changeset
51
11094
c7adea82d495 acl: fix reST syntax
Martin Geisler <mg@aragost.com>
parents: 11092
diff changeset
52 Path-based Access Control
17267
979b107eaea2 doc: unify section level between help topics
FUJIWARA Katsunori <foozy@lares.dti.ne.jp>
parents: 16957
diff changeset
53 -------------------------
11092
2dd91779eb27 acl: add support for branch-based access control
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents: 11058
diff changeset
54
11095
d56124931909 acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents: 11094
diff changeset
55 Use the ``acl.deny`` and ``acl.allow`` sections to have path-based
d56124931909 acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents: 11094
diff changeset
56 access control. Keys in these sections accept a subtree pattern (with
d56124931909 acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents: 11094
diff changeset
57 a glob syntax by default). The corresponding values follow the same
d56124931909 acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents: 11094
diff changeset
58 syntax as the other sections above.
11092
2dd91779eb27 acl: add support for branch-based access control
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents: 11058
diff changeset
59
38531
6beb8347b709 acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents: 37120
diff changeset
60 Bookmark-based Access Control
6beb8347b709 acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents: 37120
diff changeset
61 -----------------------------
6beb8347b709 acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents: 37120
diff changeset
62 Use the ``acl.deny.bookmarks`` and ``acl.allow.bookmarks`` sections to
6beb8347b709 acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents: 37120
diff changeset
63 have bookmark-based access control. Keys in these sections can be
6beb8347b709 acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents: 37120
diff changeset
64 either:
6beb8347b709 acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents: 37120
diff changeset
65
6beb8347b709 acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents: 37120
diff changeset
66 - a bookmark name, or
6beb8347b709 acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents: 37120
diff changeset
67 - an asterisk, to match any bookmark;
6beb8347b709 acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents: 37120
diff changeset
68
6beb8347b709 acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents: 37120
diff changeset
69 The corresponding values can be either:
6beb8347b709 acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents: 37120
diff changeset
70
6beb8347b709 acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents: 37120
diff changeset
71 - a comma-separated list containing users and groups, or
6beb8347b709 acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents: 37120
diff changeset
72 - an asterisk, to match anyone;
6beb8347b709 acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents: 37120
diff changeset
73
6beb8347b709 acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents: 37120
diff changeset
74 You can add the "!" prefix to a user or group name to invert the sense
6beb8347b709 acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents: 37120
diff changeset
75 of the match.
6beb8347b709 acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents: 37120
diff changeset
76
6beb8347b709 acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents: 37120
diff changeset
77 Note: for interactions between clients and servers using Mercurial 3.6+
6beb8347b709 acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents: 37120
diff changeset
78 a rejection will generally reject the entire push, for interactions
6beb8347b709 acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents: 37120
diff changeset
79 involving older clients, the commit transactions will already be accepted,
6beb8347b709 acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents: 37120
diff changeset
80 and only the bookmark movement will be rejected.
6beb8347b709 acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents: 37120
diff changeset
81
11094
c7adea82d495 acl: fix reST syntax
Martin Geisler <mg@aragost.com>
parents: 11092
diff changeset
82 Groups
17267
979b107eaea2 doc: unify section level between help topics
FUJIWARA Katsunori <foozy@lares.dti.ne.jp>
parents: 16957
diff changeset
83 ------
11092
2dd91779eb27 acl: add support for branch-based access control
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents: 11058
diff changeset
84
11095
d56124931909 acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents: 11094
diff changeset
85 Group names must be prefixed with an ``@`` symbol. Specifying a group
d56124931909 acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents: 11094
diff changeset
86 name has the same effect as specifying all the users in that group.
8873
e872ef2e6758 help: add/fix docstrings for a bunch of extensions
Dirkjan Ochtman <dirkjan@ochtman.nl>
parents: 8846
diff changeset
87
11115
b3d5619f1f2b acl: update docstring to describe section [acl.groups]
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents: 11114
diff changeset
88 You can define group members in the ``acl.groups`` section.
b3d5619f1f2b acl: update docstring to describe section [acl.groups]
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents: 11114
diff changeset
89 If a group name is not defined there, and Mercurial is running under
b3d5619f1f2b acl: update docstring to describe section [acl.groups]
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents: 11114
diff changeset
90 a Unix-like system, the list of users will be taken from the OS.
b3d5619f1f2b acl: update docstring to describe section [acl.groups]
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents: 11114
diff changeset
91 Otherwise, an exception will be raised.
b3d5619f1f2b acl: update docstring to describe section [acl.groups]
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents: 11114
diff changeset
92
11094
c7adea82d495 acl: fix reST syntax
Martin Geisler <mg@aragost.com>
parents: 11092
diff changeset
93 Example Configuration
17267
979b107eaea2 doc: unify section level between help topics
FUJIWARA Katsunori <foozy@lares.dti.ne.jp>
parents: 16957
diff changeset
94 ---------------------
11094
c7adea82d495 acl: fix reST syntax
Martin Geisler <mg@aragost.com>
parents: 11092
diff changeset
95
c7adea82d495 acl: fix reST syntax
Martin Geisler <mg@aragost.com>
parents: 11092
diff changeset
96 ::
8873
e872ef2e6758 help: add/fix docstrings for a bunch of extensions
Dirkjan Ochtman <dirkjan@ochtman.nl>
parents: 8846
diff changeset
97
e872ef2e6758 help: add/fix docstrings for a bunch of extensions
Dirkjan Ochtman <dirkjan@ochtman.nl>
parents: 8846
diff changeset
98 [hooks]
11042
d82f3651cd13 acl: updated doc string to reflect recent changes
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents: 11041
diff changeset
99
11092
2dd91779eb27 acl: add support for branch-based access control
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents: 11058
diff changeset
100 # Use this if you want to check access restrictions at commit time
11042
d82f3651cd13 acl: updated doc string to reflect recent changes
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents: 11041
diff changeset
101 pretxncommit.acl = python:hgext.acl.hook
11423
776f9784b34b acl: delete trailing whitespace in docstring
Martin Geisler <mg@lazybytes.net>
parents: 11140
diff changeset
102
11095
d56124931909 acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents: 11094
diff changeset
103 # Use this if you want to check access restrictions for pull, push,
d56124931909 acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents: 11094
diff changeset
104 # bundle and serve.
8873
e872ef2e6758 help: add/fix docstrings for a bunch of extensions
Dirkjan Ochtman <dirkjan@ochtman.nl>
parents: 8846
diff changeset
105 pretxnchangegroup.acl = python:hgext.acl.hook
e872ef2e6758 help: add/fix docstrings for a bunch of extensions
Dirkjan Ochtman <dirkjan@ochtman.nl>
parents: 8846
diff changeset
106
e872ef2e6758 help: add/fix docstrings for a bunch of extensions
Dirkjan Ochtman <dirkjan@ochtman.nl>
parents: 8846
diff changeset
107 [acl]
11131
0b6fd18ab8af acl: clarify acl.sources, fix typo
Patrick Mezard <pmezard@gmail.com>
parents: 11115
diff changeset
108 # Allow or deny access for incoming changes only if their source is
0b6fd18ab8af acl: clarify acl.sources, fix typo
Patrick Mezard <pmezard@gmail.com>
parents: 11115
diff changeset
109 # listed here, let them pass otherwise. Source is "serve" for all
0b6fd18ab8af acl: clarify acl.sources, fix typo
Patrick Mezard <pmezard@gmail.com>
parents: 11115
diff changeset
110 # remote access (http or ssh), "push", "pull" or "bundle" when the
0b6fd18ab8af acl: clarify acl.sources, fix typo
Patrick Mezard <pmezard@gmail.com>
parents: 11115
diff changeset
111 # related commands are run locally.
0b6fd18ab8af acl: clarify acl.sources, fix typo
Patrick Mezard <pmezard@gmail.com>
parents: 11115
diff changeset
112 # Default: serve
8893
cc0593af30d4 acl: help improvements
Cédric Duval <cedricduval@free.fr>
parents: 8873
diff changeset
113 sources = serve
8873
e872ef2e6758 help: add/fix docstrings for a bunch of extensions
Dirkjan Ochtman <dirkjan@ochtman.nl>
parents: 8846
diff changeset
114
11423
776f9784b34b acl: delete trailing whitespace in docstring
Martin Geisler <mg@lazybytes.net>
parents: 11140
diff changeset
115 [acl.deny.branches]
776f9784b34b acl: delete trailing whitespace in docstring
Martin Geisler <mg@lazybytes.net>
parents: 11140
diff changeset
116
776f9784b34b acl: delete trailing whitespace in docstring
Martin Geisler <mg@lazybytes.net>
parents: 11140
diff changeset
117 # Everyone is denied to the frozen branch:
776f9784b34b acl: delete trailing whitespace in docstring
Martin Geisler <mg@lazybytes.net>
parents: 11140
diff changeset
118 frozen-branch = *
776f9784b34b acl: delete trailing whitespace in docstring
Martin Geisler <mg@lazybytes.net>
parents: 11140
diff changeset
119
776f9784b34b acl: delete trailing whitespace in docstring
Martin Geisler <mg@lazybytes.net>
parents: 11140
diff changeset
120 # A bad user is denied on all branches:
776f9784b34b acl: delete trailing whitespace in docstring
Martin Geisler <mg@lazybytes.net>
parents: 11140
diff changeset
121 * = bad-user
776f9784b34b acl: delete trailing whitespace in docstring
Martin Geisler <mg@lazybytes.net>
parents: 11140
diff changeset
122
776f9784b34b acl: delete trailing whitespace in docstring
Martin Geisler <mg@lazybytes.net>
parents: 11140
diff changeset
123 [acl.allow.branches]
776f9784b34b acl: delete trailing whitespace in docstring
Martin Geisler <mg@lazybytes.net>
parents: 11140
diff changeset
124
776f9784b34b acl: delete trailing whitespace in docstring
Martin Geisler <mg@lazybytes.net>
parents: 11140
diff changeset
125 # A few users are allowed on branch-a:
776f9784b34b acl: delete trailing whitespace in docstring
Martin Geisler <mg@lazybytes.net>
parents: 11140
diff changeset
126 branch-a = user-1, user-2, user-3
776f9784b34b acl: delete trailing whitespace in docstring
Martin Geisler <mg@lazybytes.net>
parents: 11140
diff changeset
127
776f9784b34b acl: delete trailing whitespace in docstring
Martin Geisler <mg@lazybytes.net>
parents: 11140
diff changeset
128 # Only one user is allowed on branch-b:
776f9784b34b acl: delete trailing whitespace in docstring
Martin Geisler <mg@lazybytes.net>
parents: 11140
diff changeset
129 branch-b = user-1
776f9784b34b acl: delete trailing whitespace in docstring
Martin Geisler <mg@lazybytes.net>
parents: 11140
diff changeset
130
776f9784b34b acl: delete trailing whitespace in docstring
Martin Geisler <mg@lazybytes.net>
parents: 11140
diff changeset
131 # The super user is allowed on any branch:
776f9784b34b acl: delete trailing whitespace in docstring
Martin Geisler <mg@lazybytes.net>
parents: 11140
diff changeset
132 * = super-user
776f9784b34b acl: delete trailing whitespace in docstring
Martin Geisler <mg@lazybytes.net>
parents: 11140
diff changeset
133
776f9784b34b acl: delete trailing whitespace in docstring
Martin Geisler <mg@lazybytes.net>
parents: 11140
diff changeset
134 # Everyone is allowed on branch-for-tests:
776f9784b34b acl: delete trailing whitespace in docstring
Martin Geisler <mg@lazybytes.net>
parents: 11140
diff changeset
135 branch-for-tests = *
11092
2dd91779eb27 acl: add support for branch-based access control
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents: 11058
diff changeset
136
11042
d82f3651cd13 acl: updated doc string to reflect recent changes
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents: 11041
diff changeset
137 [acl.deny]
11095
d56124931909 acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents: 11094
diff changeset
138 # This list is checked first. If a match is found, acl.allow is not
d56124931909 acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents: 11094
diff changeset
139 # checked. All users are granted access if acl.deny is not present.
d56124931909 acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents: 11094
diff changeset
140 # Format for both lists: glob pattern = user, ..., @group, ...
11042
d82f3651cd13 acl: updated doc string to reflect recent changes
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents: 11041
diff changeset
141
d82f3651cd13 acl: updated doc string to reflect recent changes
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents: 11041
diff changeset
142 # To match everyone, use an asterisk for the user:
d82f3651cd13 acl: updated doc string to reflect recent changes
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents: 11041
diff changeset
143 # my/glob/pattern = *
d82f3651cd13 acl: updated doc string to reflect recent changes
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents: 11041
diff changeset
144
d82f3651cd13 acl: updated doc string to reflect recent changes
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents: 11041
diff changeset
145 # user6 will not have write access to any file:
d82f3651cd13 acl: updated doc string to reflect recent changes
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents: 11041
diff changeset
146 ** = user6
d82f3651cd13 acl: updated doc string to reflect recent changes
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents: 11041
diff changeset
147
d82f3651cd13 acl: updated doc string to reflect recent changes
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents: 11041
diff changeset
148 # Group "hg-denied" will not have write access to any file:
d82f3651cd13 acl: updated doc string to reflect recent changes
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents: 11041
diff changeset
149 ** = @hg-denied
d82f3651cd13 acl: updated doc string to reflect recent changes
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents: 11041
diff changeset
150
17537
31f32a96e1e3 Merge spelling fixes
Bryan O'Sullivan <bryano@fb.com>
parents: 17487
diff changeset
151 # Nobody will be able to change "DONT-TOUCH-THIS.txt", despite
11095
d56124931909 acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents: 11094
diff changeset
152 # everyone being able to change all other files. See below.
17537
31f32a96e1e3 Merge spelling fixes
Bryan O'Sullivan <bryano@fb.com>
parents: 17487
diff changeset
153 src/main/resources/DONT-TOUCH-THIS.txt = *
8873
e872ef2e6758 help: add/fix docstrings for a bunch of extensions
Dirkjan Ochtman <dirkjan@ochtman.nl>
parents: 8846
diff changeset
154
e872ef2e6758 help: add/fix docstrings for a bunch of extensions
Dirkjan Ochtman <dirkjan@ochtman.nl>
parents: 8846
diff changeset
155 [acl.allow]
11131
0b6fd18ab8af acl: clarify acl.sources, fix typo
Patrick Mezard <pmezard@gmail.com>
parents: 11115
diff changeset
156 # if acl.allow is not present, all users are allowed by default
11042
d82f3651cd13 acl: updated doc string to reflect recent changes
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents: 11041
diff changeset
157 # empty acl.allow = no users allowed
d82f3651cd13 acl: updated doc string to reflect recent changes
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents: 11041
diff changeset
158
11095
d56124931909 acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents: 11094
diff changeset
159 # User "doc_writer" has write access to any file under the "docs"
d56124931909 acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents: 11094
diff changeset
160 # folder:
8873
e872ef2e6758 help: add/fix docstrings for a bunch of extensions
Dirkjan Ochtman <dirkjan@ochtman.nl>
parents: 8846
diff changeset
161 docs/** = doc_writer
11042
d82f3651cd13 acl: updated doc string to reflect recent changes
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents: 11041
diff changeset
162
11095
d56124931909 acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents: 11094
diff changeset
163 # User "jack" and group "designers" have write access to any file
d56124931909 acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents: 11094
diff changeset
164 # under the "images" folder:
11042
d82f3651cd13 acl: updated doc string to reflect recent changes
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents: 11041
diff changeset
165 images/** = jack, @designers
d82f3651cd13 acl: updated doc string to reflect recent changes
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents: 11041
diff changeset
166
16499
0b463f52b948 doc: fix explanation comment in acl extension
FUJIWARA Katsunori <foozy@lares.dti.ne.jp>
parents: 15207
diff changeset
167 # Everyone (except for "user6" and "@hg-denied" - see acl.deny above)
0b463f52b948 doc: fix explanation comment in acl extension
FUJIWARA Katsunori <foozy@lares.dti.ne.jp>
parents: 15207
diff changeset
168 # will have write access to any file under the "resources" folder
0b463f52b948 doc: fix explanation comment in acl extension
FUJIWARA Katsunori <foozy@lares.dti.ne.jp>
parents: 15207
diff changeset
169 # (except for 1 file. See acl.deny):
11042
d82f3651cd13 acl: updated doc string to reflect recent changes
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents: 11041
diff changeset
170 src/main/resources/** = *
d82f3651cd13 acl: updated doc string to reflect recent changes
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents: 11041
diff changeset
171
8873
e872ef2e6758 help: add/fix docstrings for a bunch of extensions
Dirkjan Ochtman <dirkjan@ochtman.nl>
parents: 8846
diff changeset
172 .hgtags = release_engineer
e872ef2e6758 help: add/fix docstrings for a bunch of extensions
Dirkjan Ochtman <dirkjan@ochtman.nl>
parents: 8846
diff changeset
173
16957
d7b608149f6c acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents: 16956
diff changeset
174 Examples using the "!" prefix
d7b608149f6c acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents: 16956
diff changeset
175 .............................
d7b608149f6c acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents: 16956
diff changeset
176
d7b608149f6c acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents: 16956
diff changeset
177 Suppose there's a branch that only a given user (or group) should be able to
d7b608149f6c acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents: 16956
diff changeset
178 push to, and you don't want to restrict access to any other branch that may
d7b608149f6c acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents: 16956
diff changeset
179 be created.
d7b608149f6c acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents: 16956
diff changeset
180
d7b608149f6c acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents: 16956
diff changeset
181 The "!" prefix allows you to prevent anyone except a given user or group to
d7b608149f6c acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents: 16956
diff changeset
182 push changesets in a given branch or path.
d7b608149f6c acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents: 16956
diff changeset
183
d7b608149f6c acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents: 16956
diff changeset
184 In the examples below, we will:
d7b608149f6c acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents: 16956
diff changeset
185 1) Deny access to branch "ring" to anyone but user "gollum"
d7b608149f6c acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents: 16956
diff changeset
186 2) Deny access to branch "lake" to anyone but members of the group "hobbit"
d7b608149f6c acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents: 16956
diff changeset
187 3) Deny access to a file to anyone but user "gollum"
d7b608149f6c acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents: 16956
diff changeset
188
d7b608149f6c acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents: 16956
diff changeset
189 ::
d7b608149f6c acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents: 16956
diff changeset
190
d7b608149f6c acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents: 16956
diff changeset
191 [acl.allow.branches]
d7b608149f6c acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents: 16956
diff changeset
192 # Empty
d7b608149f6c acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents: 16956
diff changeset
193
d7b608149f6c acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents: 16956
diff changeset
194 [acl.deny.branches]
d7b608149f6c acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents: 16956
diff changeset
195
d7b608149f6c acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents: 16956
diff changeset
196 # 1) only 'gollum' can commit to branch 'ring';
d7b608149f6c acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents: 16956
diff changeset
197 # 'gollum' and anyone else can still commit to any other branch.
d7b608149f6c acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents: 16956
diff changeset
198 ring = !gollum
d7b608149f6c acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents: 16956
diff changeset
199
d7b608149f6c acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents: 16956
diff changeset
200 # 2) only members of the group 'hobbit' can commit to branch 'lake';
d7b608149f6c acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents: 16956
diff changeset
201 # 'hobbit' members and anyone else can still commit to any other branch.
d7b608149f6c acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents: 16956
diff changeset
202 lake = !@hobbit
d7b608149f6c acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents: 16956
diff changeset
203
d7b608149f6c acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents: 16956
diff changeset
204 # You can also deny access based on file paths:
d7b608149f6c acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents: 16956
diff changeset
205
d7b608149f6c acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents: 16956
diff changeset
206 [acl.allow]
d7b608149f6c acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents: 16956
diff changeset
207 # Empty
d7b608149f6c acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents: 16956
diff changeset
208
d7b608149f6c acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents: 16956
diff changeset
209 [acl.deny]
d7b608149f6c acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents: 16956
diff changeset
210 # 3) only 'gollum' can change the file below;
d7b608149f6c acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents: 16956
diff changeset
211 # 'gollum' and anyone else can still change any other file.
d7b608149f6c acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents: 16956
diff changeset
212 /misty/mountains/cave/ring = !gollum
d7b608149f6c acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents: 16956
diff changeset
213
8873
e872ef2e6758 help: add/fix docstrings for a bunch of extensions
Dirkjan Ochtman <dirkjan@ochtman.nl>
parents: 8846
diff changeset
214 '''
2344
ae12e5a2c4a3 add acl extension, to limit who can push to subdirs of central repo.
Vadim Gelfer <vadim.gelfer@gmail.com>
parents:
diff changeset
215
28089
a1163ee26e4a acl: use absolute_import
Gregory Szorc <gregory.szorc@gmail.com>
parents: 26587
diff changeset
216
3891
6b4127c7d52a Simplify i18n imports
Matt Mackall <mpm@selenic.com>
parents: 3877
diff changeset
217 from mercurial.i18n import _
28089
a1163ee26e4a acl: use absolute_import
Gregory Szorc <gregory.szorc@gmail.com>
parents: 26587
diff changeset
218 from mercurial import (
a1163ee26e4a acl: use absolute_import
Gregory Szorc <gregory.szorc@gmail.com>
parents: 26587
diff changeset
219 error,
34829
120c5c155ba4 acl: make sure the extensions is enabled when the acl-hooks run
Boris Feld <boris.feld@octobus.net>
parents: 34779
diff changeset
220 extensions,
28089
a1163ee26e4a acl: use absolute_import
Gregory Szorc <gregory.szorc@gmail.com>
parents: 26587
diff changeset
221 match,
33185
8b109c61bc11 configitems: register the 'acl.config' config
Pierre-Yves David <pierre-yves.david@octobus.net>
parents: 29841
diff changeset
222 registrar,
28089
a1163ee26e4a acl: use absolute_import
Gregory Szorc <gregory.szorc@gmail.com>
parents: 26587
diff changeset
223 util,
a1163ee26e4a acl: use absolute_import
Gregory Szorc <gregory.szorc@gmail.com>
parents: 26587
diff changeset
224 )
43076
2372284d9457 formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents: 41759
diff changeset
225 from mercurial.utils import procutil
11041
623fe42a649e acl: add support for OS-level groups using @group syntax
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents: 10955
diff changeset
226
28883
032c4c2f802a pycompat: switch to util.urlreq/util.urlerr for py3 compat
timeless <timeless@mozdev.org>
parents: 28089
diff changeset
227 urlreq = util.urlreq
032c4c2f802a pycompat: switch to util.urlreq/util.urlerr for py3 compat
timeless <timeless@mozdev.org>
parents: 28089
diff changeset
228
29841
d5883fd055c6 extensions: change magic "shipped with hg" string
Augie Fackler <augie@google.com>
parents: 28883
diff changeset
229 # Note for extension authors: ONLY specify testedwith = 'ships-with-hg-core' for
25186
80c5b2666a96 extensions: document that `testedwith = 'internal'` is special
Augie Fackler <augie@google.com>
parents: 19872
diff changeset
230 # extensions which SHIP WITH MERCURIAL. Non-mainline extensions should
80c5b2666a96 extensions: document that `testedwith = 'internal'` is special
Augie Fackler <augie@google.com>
parents: 19872
diff changeset
231 # be specifying the version(s) of Mercurial they are tested with, or
80c5b2666a96 extensions: document that `testedwith = 'internal'` is special
Augie Fackler <augie@google.com>
parents: 19872
diff changeset
232 # leave the attribute unspecified.
43077
687b865b95ad formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents: 43076
diff changeset
233 testedwith = b'ships-with-hg-core'
16743
38caf405d010 hgext: mark all first-party extensions as such
Augie Fackler <raf@durin42.com>
parents: 16499
diff changeset
234
33185
8b109c61bc11 configitems: register the 'acl.config' config
Pierre-Yves David <pierre-yves.david@octobus.net>
parents: 29841
diff changeset
235 configtable = {}
8b109c61bc11 configitems: register the 'acl.config' config
Pierre-Yves David <pierre-yves.david@octobus.net>
parents: 29841
diff changeset
236 configitem = registrar.configitem(configtable)
8b109c61bc11 configitems: register the 'acl.config' config
Pierre-Yves David <pierre-yves.david@octobus.net>
parents: 29841
diff changeset
237
8b109c61bc11 configitems: register the 'acl.config' config
Pierre-Yves David <pierre-yves.david@octobus.net>
parents: 29841
diff changeset
238 # deprecated config: acl.config
43076
2372284d9457 formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents: 41759
diff changeset
239 configitem(
45942
89a2afe31e82 formating: upgrade to black 20.8b1
Augie Fackler <raf@durin42.com>
parents: 43506
diff changeset
240 b'acl',
89a2afe31e82 formating: upgrade to black 20.8b1
Augie Fackler <raf@durin42.com>
parents: 43506
diff changeset
241 b'config',
89a2afe31e82 formating: upgrade to black 20.8b1
Augie Fackler <raf@durin42.com>
parents: 43506
diff changeset
242 default=None,
33185
8b109c61bc11 configitems: register the 'acl.config' config
Pierre-Yves David <pierre-yves.david@octobus.net>
parents: 29841
diff changeset
243 )
43076
2372284d9457 formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents: 41759
diff changeset
244 configitem(
45942
89a2afe31e82 formating: upgrade to black 20.8b1
Augie Fackler <raf@durin42.com>
parents: 43506
diff changeset
245 b'acl.groups',
89a2afe31e82 formating: upgrade to black 20.8b1
Augie Fackler <raf@durin42.com>
parents: 43506
diff changeset
246 b'.*',
89a2afe31e82 formating: upgrade to black 20.8b1
Augie Fackler <raf@durin42.com>
parents: 43506
diff changeset
247 default=None,
89a2afe31e82 formating: upgrade to black 20.8b1
Augie Fackler <raf@durin42.com>
parents: 43506
diff changeset
248 generic=True,
34779
cfb054a7ecc4 configitems: register acl config section
Boris Feld <boris.feld@octobus.net>
parents: 33216
diff changeset
249 )
43076
2372284d9457 formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents: 41759
diff changeset
250 configitem(
45942
89a2afe31e82 formating: upgrade to black 20.8b1
Augie Fackler <raf@durin42.com>
parents: 43506
diff changeset
251 b'acl.deny.branches',
89a2afe31e82 formating: upgrade to black 20.8b1
Augie Fackler <raf@durin42.com>
parents: 43506
diff changeset
252 b'.*',
89a2afe31e82 formating: upgrade to black 20.8b1
Augie Fackler <raf@durin42.com>
parents: 43506
diff changeset
253 default=None,
89a2afe31e82 formating: upgrade to black 20.8b1
Augie Fackler <raf@durin42.com>
parents: 43506
diff changeset
254 generic=True,
34779
cfb054a7ecc4 configitems: register acl config section
Boris Feld <boris.feld@octobus.net>
parents: 33216
diff changeset
255 )
43076
2372284d9457 formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents: 41759
diff changeset
256 configitem(
45942
89a2afe31e82 formating: upgrade to black 20.8b1
Augie Fackler <raf@durin42.com>
parents: 43506
diff changeset
257 b'acl.allow.branches',
89a2afe31e82 formating: upgrade to black 20.8b1
Augie Fackler <raf@durin42.com>
parents: 43506
diff changeset
258 b'.*',
89a2afe31e82 formating: upgrade to black 20.8b1
Augie Fackler <raf@durin42.com>
parents: 43506
diff changeset
259 default=None,
89a2afe31e82 formating: upgrade to black 20.8b1
Augie Fackler <raf@durin42.com>
parents: 43506
diff changeset
260 generic=True,
34779
cfb054a7ecc4 configitems: register acl config section
Boris Feld <boris.feld@octobus.net>
parents: 33216
diff changeset
261 )
43076
2372284d9457 formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents: 41759
diff changeset
262 configitem(
45942
89a2afe31e82 formating: upgrade to black 20.8b1
Augie Fackler <raf@durin42.com>
parents: 43506
diff changeset
263 b'acl.deny',
89a2afe31e82 formating: upgrade to black 20.8b1
Augie Fackler <raf@durin42.com>
parents: 43506
diff changeset
264 b'.*',
89a2afe31e82 formating: upgrade to black 20.8b1
Augie Fackler <raf@durin42.com>
parents: 43506
diff changeset
265 default=None,
89a2afe31e82 formating: upgrade to black 20.8b1
Augie Fackler <raf@durin42.com>
parents: 43506
diff changeset
266 generic=True,
34779
cfb054a7ecc4 configitems: register acl config section
Boris Feld <boris.feld@octobus.net>
parents: 33216
diff changeset
267 )
43076
2372284d9457 formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents: 41759
diff changeset
268 configitem(
45942
89a2afe31e82 formating: upgrade to black 20.8b1
Augie Fackler <raf@durin42.com>
parents: 43506
diff changeset
269 b'acl.allow',
89a2afe31e82 formating: upgrade to black 20.8b1
Augie Fackler <raf@durin42.com>
parents: 43506
diff changeset
270 b'.*',
89a2afe31e82 formating: upgrade to black 20.8b1
Augie Fackler <raf@durin42.com>
parents: 43506
diff changeset
271 default=None,
89a2afe31e82 formating: upgrade to black 20.8b1
Augie Fackler <raf@durin42.com>
parents: 43506
diff changeset
272 generic=True,
34779
cfb054a7ecc4 configitems: register acl config section
Boris Feld <boris.feld@octobus.net>
parents: 33216
diff changeset
273 )
43076
2372284d9457 formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents: 41759
diff changeset
274 configitem(
45942
89a2afe31e82 formating: upgrade to black 20.8b1
Augie Fackler <raf@durin42.com>
parents: 43506
diff changeset
275 b'acl',
89a2afe31e82 formating: upgrade to black 20.8b1
Augie Fackler <raf@durin42.com>
parents: 43506
diff changeset
276 b'sources',
89a2afe31e82 formating: upgrade to black 20.8b1
Augie Fackler <raf@durin42.com>
parents: 43506
diff changeset
277 default=lambda: [b'serve'],
33186
478cb17cc610 configitems: register the 'acl.sources' config
Pierre-Yves David <pierre-yves.david@octobus.net>
parents: 33185
diff changeset
278 )
33185
8b109c61bc11 configitems: register the 'acl.config' config
Pierre-Yves David <pierre-yves.david@octobus.net>
parents: 29841
diff changeset
279
43076
2372284d9457 formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents: 41759
diff changeset
280
11114
62714143742f acl: support for group definitions in section [acl.groups], which take precedence over OS-level groups
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents: 11095
diff changeset
281 def _getusers(ui, group):
62714143742f acl: support for group definitions in section [acl.groups], which take precedence over OS-level groups
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents: 11095
diff changeset
282
62714143742f acl: support for group definitions in section [acl.groups], which take precedence over OS-level groups
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents: 11095
diff changeset
283 # First, try to use group definition from section [acl.groups]
43077
687b865b95ad formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents: 43076
diff changeset
284 hgrcusers = ui.configlist(b'acl.groups', group)
11114
62714143742f acl: support for group definitions in section [acl.groups], which take precedence over OS-level groups
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents: 11095
diff changeset
285 if hgrcusers:
62714143742f acl: support for group definitions in section [acl.groups], which take precedence over OS-level groups
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents: 11095
diff changeset
286 return hgrcusers
62714143742f acl: support for group definitions in section [acl.groups], which take precedence over OS-level groups
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents: 11095
diff changeset
287
43077
687b865b95ad formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents: 43076
diff changeset
288 ui.debug(b'acl: "%s" not defined in [acl.groups]\n' % group)
11114
62714143742f acl: support for group definitions in section [acl.groups], which take precedence over OS-level groups
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents: 11095
diff changeset
289 # If no users found in group definition, get users from OS-level group
11140
1f26cf0a3663 acl: improve undefined group error handling
Patrick Mezard <pmezard@gmail.com>
parents: 11138
diff changeset
290 try:
1f26cf0a3663 acl: improve undefined group error handling
Patrick Mezard <pmezard@gmail.com>
parents: 11138
diff changeset
291 return util.groupmembers(group)
1f26cf0a3663 acl: improve undefined group error handling
Patrick Mezard <pmezard@gmail.com>
parents: 11138
diff changeset
292 except KeyError:
43077
687b865b95ad formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents: 43076
diff changeset
293 raise error.Abort(_(b"group '%s' is undefined") % group)
11041
623fe42a649e acl: add support for OS-level groups using @group syntax
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents: 10955
diff changeset
294
43076
2372284d9457 formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents: 41759
diff changeset
295
11114
62714143742f acl: support for group definitions in section [acl.groups], which take precedence over OS-level groups
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents: 11095
diff changeset
296 def _usermatch(ui, user, usersorgroups):
11041
623fe42a649e acl: add support for OS-level groups using @group syntax
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents: 10955
diff changeset
297
43077
687b865b95ad formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents: 43076
diff changeset
298 if usersorgroups == b'*':
11041
623fe42a649e acl: add support for OS-level groups using @group syntax
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents: 10955
diff changeset
299 return True
623fe42a649e acl: add support for OS-level groups using @group syntax
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents: 10955
diff changeset
300
43077
687b865b95ad formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents: 43076
diff changeset
301 for ug in usersorgroups.replace(b',', b' ').split():
16956
c49cf339b5bb acl: use of "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents: 16767
diff changeset
302
43077
687b865b95ad formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents: 43076
diff changeset
303 if ug.startswith(b'!'):
16956
c49cf339b5bb acl: use of "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents: 16767
diff changeset
304 # Test for excluded user or group. Format:
c49cf339b5bb acl: use of "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents: 16767
diff changeset
305 # if ug is a user name: !username
c49cf339b5bb acl: use of "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents: 16767
diff changeset
306 # if ug is a group name: !@groupname
c49cf339b5bb acl: use of "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents: 16767
diff changeset
307 ug = ug[1:]
43076
2372284d9457 formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents: 41759
diff changeset
308 if (
43077
687b865b95ad formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents: 43076
diff changeset
309 not ug.startswith(b'@')
43076
2372284d9457 formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents: 41759
diff changeset
310 and user != ug
43077
687b865b95ad formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents: 43076
diff changeset
311 or ug.startswith(b'@')
43076
2372284d9457 formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents: 41759
diff changeset
312 and user not in _getusers(ui, ug[1:])
2372284d9457 formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents: 41759
diff changeset
313 ):
16956
c49cf339b5bb acl: use of "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents: 16767
diff changeset
314 return True
c49cf339b5bb acl: use of "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents: 16767
diff changeset
315
c49cf339b5bb acl: use of "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents: 16767
diff changeset
316 # Test for user or group. Format:
c49cf339b5bb acl: use of "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents: 16767
diff changeset
317 # if ug is a user name: username
c49cf339b5bb acl: use of "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents: 16767
diff changeset
318 # if ug is a group name: @groupname
43077
687b865b95ad formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents: 43076
diff changeset
319 elif (
687b865b95ad formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents: 43076
diff changeset
320 user == ug or ug.startswith(b'@') and user in _getusers(ui, ug[1:])
687b865b95ad formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents: 43076
diff changeset
321 ):
11041
623fe42a649e acl: add support for OS-level groups using @group syntax
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents: 10955
diff changeset
322 return True
623fe42a649e acl: add support for OS-level groups using @group syntax
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents: 10955
diff changeset
323
623fe42a649e acl: add support for OS-level groups using @group syntax
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents: 10955
diff changeset
324 return False
2344
ae12e5a2c4a3 add acl extension, to limit who can push to subdirs of central repo.
Vadim Gelfer <vadim.gelfer@gmail.com>
parents:
diff changeset
325
43076
2372284d9457 formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents: 41759
diff changeset
326
6766
e81d2bd66908 acl: refactoring
Matt Mackall <mpm@selenic.com>
parents: 6750
diff changeset
327 def buildmatch(ui, repo, user, key):
e81d2bd66908 acl: refactoring
Matt Mackall <mpm@selenic.com>
parents: 6750
diff changeset
328 '''return tuple of (match function, list enabled).'''
e81d2bd66908 acl: refactoring
Matt Mackall <mpm@selenic.com>
parents: 6750
diff changeset
329 if not ui.has_section(key):
43077
687b865b95ad formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents: 43076
diff changeset
330 ui.debug(b'acl: %s not enabled\n' % key)
6766
e81d2bd66908 acl: refactoring
Matt Mackall <mpm@selenic.com>
parents: 6750
diff changeset
331 return None
2344
ae12e5a2c4a3 add acl extension, to limit who can push to subdirs of central repo.
Vadim Gelfer <vadim.gelfer@gmail.com>
parents:
diff changeset
332
43076
2372284d9457 formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents: 41759
diff changeset
333 pats = [
2372284d9457 formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents: 41759
diff changeset
334 pat for pat, users in ui.configitems(key) if _usermatch(ui, user, users)
2372284d9457 formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents: 41759
diff changeset
335 ]
2372284d9457 formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents: 41759
diff changeset
336 ui.debug(
43077
687b865b95ad formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents: 43076
diff changeset
337 b'acl: %s enabled, %d entries for user %s\n' % (key, len(pats), user)
43076
2372284d9457 formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents: 41759
diff changeset
338 )
11092
2dd91779eb27 acl: add support for branch-based access control
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents: 11058
diff changeset
339
16765
754e98e0a615 acl: added some comments to easily identify branch- and path-based verifications
Elifarley Callado Coelho Cruz
parents: 16764
diff changeset
340 # Branch-based ACL
11092
2dd91779eb27 acl: add support for branch-based access control
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents: 11058
diff changeset
341 if not repo:
2dd91779eb27 acl: add support for branch-based access control
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents: 11058
diff changeset
342 if pats:
16766
9d778f80ad2a acl: perform some computations earlier, so that returned lambda functions are simpler
Elifarley Callado Coelho Cruz
parents: 16765
diff changeset
343 # If there's an asterisk (meaning "any branch"), always return True;
9d778f80ad2a acl: perform some computations earlier, so that returned lambda functions are simpler
Elifarley Callado Coelho Cruz
parents: 16765
diff changeset
344 # Otherwise, test if b is in pats
43077
687b865b95ad formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents: 43076
diff changeset
345 if b'*' in pats:
16766
9d778f80ad2a acl: perform some computations earlier, so that returned lambda functions are simpler
Elifarley Callado Coelho Cruz
parents: 16765
diff changeset
346 return util.always
9d778f80ad2a acl: perform some computations earlier, so that returned lambda functions are simpler
Elifarley Callado Coelho Cruz
parents: 16765
diff changeset
347 return lambda b: b in pats
16764
ffb68b9dbaa9 acl: 'util.never' used
Elifarley Callado Coelho Cruz
parents: 16763
diff changeset
348 return util.never
11092
2dd91779eb27 acl: add support for branch-based access control
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents: 11058
diff changeset
349
16765
754e98e0a615 acl: added some comments to easily identify branch- and path-based verifications
Elifarley Callado Coelho Cruz
parents: 16764
diff changeset
350 # Path-based ACL
6766
e81d2bd66908 acl: refactoring
Matt Mackall <mpm@selenic.com>
parents: 6750
diff changeset
351 if pats:
43077
687b865b95ad formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents: 43076
diff changeset
352 return match.match(repo.root, b'', pats)
16767
363bde4224c8 acl: 'util.never' can be used instead of a more complex expression
Elifarley Callado Coelho Cruz
parents: 16766
diff changeset
353 return util.never
2344
ae12e5a2c4a3 add acl extension, to limit who can push to subdirs of central repo.
Vadim Gelfer <vadim.gelfer@gmail.com>
parents:
diff changeset
354
43076
2372284d9457 formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents: 41759
diff changeset
355
34829
120c5c155ba4 acl: make sure the extensions is enabled when the acl-hooks run
Boris Feld <boris.feld@octobus.net>
parents: 34779
diff changeset
356 def ensureenabled(ui):
120c5c155ba4 acl: make sure the extensions is enabled when the acl-hooks run
Boris Feld <boris.feld@octobus.net>
parents: 34779
diff changeset
357 """make sure the extension is enabled when used as hook
120c5c155ba4 acl: make sure the extensions is enabled when the acl-hooks run
Boris Feld <boris.feld@octobus.net>
parents: 34779
diff changeset
358
120c5c155ba4 acl: make sure the extensions is enabled when the acl-hooks run
Boris Feld <boris.feld@octobus.net>
parents: 34779
diff changeset
359 When acl is used through hooks, the extension is never formally loaded and
120c5c155ba4 acl: make sure the extensions is enabled when the acl-hooks run
Boris Feld <boris.feld@octobus.net>
parents: 34779
diff changeset
360 enabled. This has some side effect, for example the config declaration is
120c5c155ba4 acl: make sure the extensions is enabled when the acl-hooks run
Boris Feld <boris.feld@octobus.net>
parents: 34779
diff changeset
361 never loaded. This function ensure the extension is enabled when running
120c5c155ba4 acl: make sure the extensions is enabled when the acl-hooks run
Boris Feld <boris.feld@octobus.net>
parents: 34779
diff changeset
362 hooks.
120c5c155ba4 acl: make sure the extensions is enabled when the acl-hooks run
Boris Feld <boris.feld@octobus.net>
parents: 34779
diff changeset
363 """
43077
687b865b95ad formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents: 43076
diff changeset
364 if b'acl' in ui._knownconfig:
34829
120c5c155ba4 acl: make sure the extensions is enabled when the acl-hooks run
Boris Feld <boris.feld@octobus.net>
parents: 34779
diff changeset
365 return
43077
687b865b95ad formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents: 43076
diff changeset
366 ui.setconfig(b'extensions', b'acl', b'', source=b'internal')
687b865b95ad formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents: 43076
diff changeset
367 extensions.loadall(ui, [b'acl'])
34829
120c5c155ba4 acl: make sure the extensions is enabled when the acl-hooks run
Boris Feld <boris.feld@octobus.net>
parents: 34779
diff changeset
368
43076
2372284d9457 formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents: 41759
diff changeset
369
2344
ae12e5a2c4a3 add acl extension, to limit who can push to subdirs of central repo.
Vadim Gelfer <vadim.gelfer@gmail.com>
parents:
diff changeset
370 def hook(ui, repo, hooktype, node=None, source=None, **kwargs):
34829
120c5c155ba4 acl: make sure the extensions is enabled when the acl-hooks run
Boris Feld <boris.feld@octobus.net>
parents: 34779
diff changeset
371
120c5c155ba4 acl: make sure the extensions is enabled when the acl-hooks run
Boris Feld <boris.feld@octobus.net>
parents: 34779
diff changeset
372 ensureenabled(ui)
120c5c155ba4 acl: make sure the extensions is enabled when the acl-hooks run
Boris Feld <boris.feld@octobus.net>
parents: 34779
diff changeset
373
43077
687b865b95ad formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents: 43076
diff changeset
374 if hooktype not in [b'pretxnchangegroup', b'pretxncommit', b'prepushkey']:
38531
6beb8347b709 acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents: 37120
diff changeset
375 raise error.Abort(
43076
2372284d9457 formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents: 41759
diff changeset
376 _(
43077
687b865b95ad formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents: 43076
diff changeset
377 b'config error - hook type "%s" cannot stop '
687b865b95ad formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents: 43076
diff changeset
378 b'incoming changesets, commits, nor bookmarks'
43076
2372284d9457 formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents: 41759
diff changeset
379 )
2372284d9457 formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents: 41759
diff changeset
380 % hooktype
2372284d9457 formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents: 41759
diff changeset
381 )
43077
687b865b95ad formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents: 43076
diff changeset
382 if hooktype == b'pretxnchangegroup' and source not in ui.configlist(
687b865b95ad formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents: 43076
diff changeset
383 b'acl', b'sources'
43076
2372284d9457 formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents: 41759
diff changeset
384 ):
43077
687b865b95ad formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents: 43076
diff changeset
385 ui.debug(b'acl: changes have source "%s" - skipping\n' % source)
2344
ae12e5a2c4a3 add acl extension, to limit who can push to subdirs of central repo.
Vadim Gelfer <vadim.gelfer@gmail.com>
parents:
diff changeset
386 return
ae12e5a2c4a3 add acl extension, to limit who can push to subdirs of central repo.
Vadim Gelfer <vadim.gelfer@gmail.com>
parents:
diff changeset
387
8846
b30775386d40 acl: support for getting authenticated user from web server (issue298)
Henrik Stuart <hg@hstuart.dk>
parents: 8682
diff changeset
388 user = None
43506
9f70512ae2cf cleanup: remove pointless r-prefixes on single-quoted strings
Augie Fackler <augie@google.com>
parents: 43117
diff changeset
389 if source == b'serve' and 'url' in kwargs:
9f70512ae2cf cleanup: remove pointless r-prefixes on single-quoted strings
Augie Fackler <augie@google.com>
parents: 43117
diff changeset
390 url = kwargs['url'].split(b':')
43077
687b865b95ad formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents: 43076
diff changeset
391 if url[0] == b'remote' and url[1].startswith(b'http'):
28883
032c4c2f802a pycompat: switch to util.urlreq/util.urlerr for py3 compat
timeless <timeless@mozdev.org>
parents: 28089
diff changeset
392 user = urlreq.unquote(url[3])
8846
b30775386d40 acl: support for getting authenticated user from web server (issue298)
Henrik Stuart <hg@hstuart.dk>
parents: 8682
diff changeset
393
b30775386d40 acl: support for getting authenticated user from web server (issue298)
Henrik Stuart <hg@hstuart.dk>
parents: 8682
diff changeset
394 if user is None:
37120
a8a902d7176e procutil: bulk-replace function calls to point to new module
Yuya Nishihara <yuya@tcha.org>
parents: 36412
diff changeset
395 user = procutil.getuser()
8846
b30775386d40 acl: support for getting authenticated user from web server (issue298)
Henrik Stuart <hg@hstuart.dk>
parents: 8682
diff changeset
396
43077
687b865b95ad formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents: 43076
diff changeset
397 ui.debug(b'acl: checking access for user "%s"\n' % user)
15207
0f7f9f06c759 acl: more descriptive error messages
Elifarley Callado Coelho Cruz
parents: 12778
diff changeset
398
43077
687b865b95ad formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents: 43076
diff changeset
399 if hooktype == b'prepushkey':
38531
6beb8347b709 acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents: 37120
diff changeset
400 _pkhook(ui, repo, hooktype, node, source, user, **kwargs)
6beb8347b709 acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents: 37120
diff changeset
401 else:
6beb8347b709 acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents: 37120
diff changeset
402 _txnhook(ui, repo, hooktype, node, source, user, **kwargs)
6beb8347b709 acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents: 37120
diff changeset
403
43076
2372284d9457 formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents: 41759
diff changeset
404
38531
6beb8347b709 acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents: 37120
diff changeset
405 def _pkhook(ui, repo, hooktype, node, source, user, **kwargs):
43506
9f70512ae2cf cleanup: remove pointless r-prefixes on single-quoted strings
Augie Fackler <augie@google.com>
parents: 43117
diff changeset
406 if kwargs['namespace'] == b'bookmarks':
9f70512ae2cf cleanup: remove pointless r-prefixes on single-quoted strings
Augie Fackler <augie@google.com>
parents: 43117
diff changeset
407 bookmark = kwargs['key']
9f70512ae2cf cleanup: remove pointless r-prefixes on single-quoted strings
Augie Fackler <augie@google.com>
parents: 43117
diff changeset
408 ctx = kwargs['new']
43077
687b865b95ad formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents: 43076
diff changeset
409 allowbookmarks = buildmatch(ui, None, user, b'acl.allow.bookmarks')
687b865b95ad formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents: 43076
diff changeset
410 denybookmarks = buildmatch(ui, None, user, b'acl.deny.bookmarks')
38531
6beb8347b709 acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents: 37120
diff changeset
411
6beb8347b709 acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents: 37120
diff changeset
412 if denybookmarks and denybookmarks(bookmark):
43076
2372284d9457 formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents: 41759
diff changeset
413 raise error.Abort(
43077
687b865b95ad formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents: 43076
diff changeset
414 _(
687b865b95ad formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents: 43076
diff changeset
415 b'acl: user "%s" denied on bookmark "%s"'
687b865b95ad formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents: 43076
diff changeset
416 b' (changeset "%s")'
687b865b95ad formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents: 43076
diff changeset
417 )
43076
2372284d9457 formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents: 41759
diff changeset
418 % (user, bookmark, ctx)
2372284d9457 formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents: 41759
diff changeset
419 )
38531
6beb8347b709 acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents: 37120
diff changeset
420 if allowbookmarks and not allowbookmarks(bookmark):
43076
2372284d9457 formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents: 41759
diff changeset
421 raise error.Abort(
2372284d9457 formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents: 41759
diff changeset
422 _(
43077
687b865b95ad formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents: 43076
diff changeset
423 b'acl: user "%s" not allowed on bookmark "%s"'
687b865b95ad formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents: 43076
diff changeset
424 b' (changeset "%s")'
43076
2372284d9457 formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents: 41759
diff changeset
425 )
2372284d9457 formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents: 41759
diff changeset
426 % (user, bookmark, ctx)
2372284d9457 formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents: 41759
diff changeset
427 )
2372284d9457 formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents: 41759
diff changeset
428 ui.debug(
43077
687b865b95ad formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents: 43076
diff changeset
429 b'acl: bookmark access granted: "%s" on bookmark "%s"\n'
43076
2372284d9457 formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents: 41759
diff changeset
430 % (ctx, bookmark)
2372284d9457 formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents: 41759
diff changeset
431 )
2372284d9457 formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents: 41759
diff changeset
432
38531
6beb8347b709 acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents: 37120
diff changeset
433
6beb8347b709 acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents: 37120
diff changeset
434 def _txnhook(ui, repo, hooktype, node, source, user, **kwargs):
25792
dd166d42e7b2 acl: mark deprecated config option
Matt Mackall <mpm@selenic.com>
parents: 25186
diff changeset
435 # deprecated config: acl.config
43077
687b865b95ad formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents: 43076
diff changeset
436 cfg = ui.config(b'acl', b'config')
6766
e81d2bd66908 acl: refactoring
Matt Mackall <mpm@selenic.com>
parents: 6750
diff changeset
437 if cfg:
43076
2372284d9457 formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents: 41759
diff changeset
438 ui.readconfig(
2372284d9457 formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents: 41759
diff changeset
439 cfg,
2372284d9457 formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents: 41759
diff changeset
440 sections=[
43077
687b865b95ad formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents: 43076
diff changeset
441 b'acl.groups',
687b865b95ad formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents: 43076
diff changeset
442 b'acl.allow.branches',
687b865b95ad formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents: 43076
diff changeset
443 b'acl.deny.branches',
687b865b95ad formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents: 43076
diff changeset
444 b'acl.allow',
687b865b95ad formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents: 43076
diff changeset
445 b'acl.deny',
43076
2372284d9457 formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents: 41759
diff changeset
446 ],
2372284d9457 formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents: 41759
diff changeset
447 )
11092
2dd91779eb27 acl: add support for branch-based access control
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents: 11058
diff changeset
448
43077
687b865b95ad formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents: 43076
diff changeset
449 allowbranches = buildmatch(ui, None, user, b'acl.allow.branches')
687b865b95ad formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents: 43076
diff changeset
450 denybranches = buildmatch(ui, None, user, b'acl.deny.branches')
687b865b95ad formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents: 43076
diff changeset
451 allow = buildmatch(ui, repo, user, b'acl.allow')
687b865b95ad formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents: 43076
diff changeset
452 deny = buildmatch(ui, repo, user, b'acl.deny')
6766
e81d2bd66908 acl: refactoring
Matt Mackall <mpm@selenic.com>
parents: 6750
diff changeset
453
49284
d44e3c45f0e4 py3: replace `pycompat.xrange` by `range`
Manuel Jacob <me@manueljacob.de>
parents: 48875
diff changeset
454 for rev in range(repo[node].rev(), len(repo)):
6766
e81d2bd66908 acl: refactoring
Matt Mackall <mpm@selenic.com>
parents: 6750
diff changeset
455 ctx = repo[rev]
11092
2dd91779eb27 acl: add support for branch-based access control
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents: 11058
diff changeset
456 branch = ctx.branch()
2dd91779eb27 acl: add support for branch-based access control
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents: 11058
diff changeset
457 if denybranches and denybranches(branch):
43076
2372284d9457 formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents: 41759
diff changeset
458 raise error.Abort(
43117
8ff1ecfadcd1 cleanup: join string literals that are already on one line
Martin von Zweigbergk <martinvonz@google.com>
parents: 43077
diff changeset
459 _(b'acl: user "%s" denied on branch "%s" (changeset "%s")')
43076
2372284d9457 formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents: 41759
diff changeset
460 % (user, branch, ctx)
2372284d9457 formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents: 41759
diff changeset
461 )
11092
2dd91779eb27 acl: add support for branch-based access control
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents: 11058
diff changeset
462 if allowbranches and not allowbranches(branch):
43076
2372284d9457 formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents: 41759
diff changeset
463 raise error.Abort(
2372284d9457 formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents: 41759
diff changeset
464 _(
43077
687b865b95ad formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents: 43076
diff changeset
465 b'acl: user "%s" not allowed on branch "%s"'
687b865b95ad formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents: 43076
diff changeset
466 b' (changeset "%s")'
43076
2372284d9457 formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents: 41759
diff changeset
467 )
2372284d9457 formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents: 41759
diff changeset
468 % (user, branch, ctx)
2372284d9457 formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents: 41759
diff changeset
469 )
2372284d9457 formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents: 41759
diff changeset
470 ui.debug(
43077
687b865b95ad formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents: 43076
diff changeset
471 b'acl: branch access granted: "%s" on branch "%s"\n' % (ctx, branch)
43076
2372284d9457 formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents: 41759
diff changeset
472 )
11092
2dd91779eb27 acl: add support for branch-based access control
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents: 11058
diff changeset
473
6766
e81d2bd66908 acl: refactoring
Matt Mackall <mpm@selenic.com>
parents: 6750
diff changeset
474 for f in ctx.files():
e81d2bd66908 acl: refactoring
Matt Mackall <mpm@selenic.com>
parents: 6750
diff changeset
475 if deny and deny(f):
43076
2372284d9457 formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents: 41759
diff changeset
476 raise error.Abort(
43117
8ff1ecfadcd1 cleanup: join string literals that are already on one line
Martin von Zweigbergk <martinvonz@google.com>
parents: 43077
diff changeset
477 _(b'acl: user "%s" denied on "%s" (changeset "%s")')
43076
2372284d9457 formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents: 41759
diff changeset
478 % (user, f, ctx)
2372284d9457 formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents: 41759
diff changeset
479 )
6766
e81d2bd66908 acl: refactoring
Matt Mackall <mpm@selenic.com>
parents: 6750
diff changeset
480 if allow and not allow(f):
43076
2372284d9457 formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents: 41759
diff changeset
481 raise error.Abort(
43077
687b865b95ad formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents: 43076
diff changeset
482 _(
687b865b95ad formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents: 43076
diff changeset
483 b'acl: user "%s" not allowed on "%s"'
687b865b95ad formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents: 43076
diff changeset
484 b' (changeset "%s")'
687b865b95ad formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents: 43076
diff changeset
485 )
43076
2372284d9457 formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents: 41759
diff changeset
486 % (user, f, ctx)
2372284d9457 formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents: 41759
diff changeset
487 )
43077
687b865b95ad formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents: 43076
diff changeset
488 ui.debug(b'acl: path access granted: "%s"\n' % ctx)