Mercurial > hg
annotate hgext/acl.py @ 51164:962974a5d068 stable
revlog: add one more assert about state of thing when splitting
This assert is currently happy, but it does not hurt to adds it to clarify
expected state and catch potential error in the future.
author | Pierre-Yves David <pierre-yves.david@octobus.net> |
---|---|
date | Wed, 06 Dec 2023 15:38:15 +0100 |
parents | d44e3c45f0e4 |
children | 493034cc3265 |
rev | line source |
---|---|
2344
ae12e5a2c4a3
add acl extension, to limit who can push to subdirs of central repo.
Vadim Gelfer <vadim.gelfer@gmail.com>
parents:
diff
changeset
|
1 # acl.py - changeset access control for mercurial |
ae12e5a2c4a3
add acl extension, to limit who can push to subdirs of central repo.
Vadim Gelfer <vadim.gelfer@gmail.com>
parents:
diff
changeset
|
2 # |
ae12e5a2c4a3
add acl extension, to limit who can push to subdirs of central repo.
Vadim Gelfer <vadim.gelfer@gmail.com>
parents:
diff
changeset
|
3 # Copyright 2006 Vadim Gelfer <vadim.gelfer@gmail.com> |
ae12e5a2c4a3
add acl extension, to limit who can push to subdirs of central repo.
Vadim Gelfer <vadim.gelfer@gmail.com>
parents:
diff
changeset
|
4 # |
8225
46293a0c7e9f
updated license to be explicit about GPL version 2
Martin Geisler <mg@lazybytes.net>
parents:
8142
diff
changeset
|
5 # This software may be used and distributed according to the terms of the |
10263 | 6 # GNU General Public License version 2 or any later version. |
8873
e872ef2e6758
help: add/fix docstrings for a bunch of extensions
Dirkjan Ochtman <dirkjan@ochtman.nl>
parents:
8846
diff
changeset
|
7 |
8935
f4f0e902b750
extensions: change descriptions for hook-providing extensions
Dirkjan Ochtman <dirkjan@ochtman.nl>
parents:
8894
diff
changeset
|
8 '''hooks for controlling repository access |
8873
e872ef2e6758
help: add/fix docstrings for a bunch of extensions
Dirkjan Ochtman <dirkjan@ochtman.nl>
parents:
8846
diff
changeset
|
9 |
11095
d56124931909
acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents:
11094
diff
changeset
|
10 This hook makes it possible to allow or deny write access to given |
d56124931909
acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents:
11094
diff
changeset
|
11 branches and paths of a repository when receiving incoming changesets |
d56124931909
acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents:
11094
diff
changeset
|
12 via pretxnchangegroup and pretxncommit. |
9250
00986b9ed649
acl: wrap docstrings at 70 characters
Martin Geisler <mg@lazybytes.net>
parents:
9201
diff
changeset
|
13 |
00986b9ed649
acl: wrap docstrings at 70 characters
Martin Geisler <mg@lazybytes.net>
parents:
9201
diff
changeset
|
14 The authorization is matched based on the local user name on the |
00986b9ed649
acl: wrap docstrings at 70 characters
Martin Geisler <mg@lazybytes.net>
parents:
9201
diff
changeset
|
15 system where the hook runs, and not the committer of the original |
00986b9ed649
acl: wrap docstrings at 70 characters
Martin Geisler <mg@lazybytes.net>
parents:
9201
diff
changeset
|
16 changeset (since the latter is merely informative). |
8873
e872ef2e6758
help: add/fix docstrings for a bunch of extensions
Dirkjan Ochtman <dirkjan@ochtman.nl>
parents:
8846
diff
changeset
|
17 |
9250
00986b9ed649
acl: wrap docstrings at 70 characters
Martin Geisler <mg@lazybytes.net>
parents:
9201
diff
changeset
|
18 The acl hook is best used along with a restricted shell like hgsh, |
11095
d56124931909
acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents:
11094
diff
changeset
|
19 preventing authenticating users from doing anything other than pushing |
d56124931909
acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents:
11094
diff
changeset
|
20 or pulling. The hook is not safe to use if users have interactive |
d56124931909
acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents:
11094
diff
changeset
|
21 shell access, as they can then disable the hook. Nor is it safe if |
d56124931909
acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents:
11094
diff
changeset
|
22 remote users share an account, because then there is no way to |
d56124931909
acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents:
11094
diff
changeset
|
23 distinguish them. |
8873
e872ef2e6758
help: add/fix docstrings for a bunch of extensions
Dirkjan Ochtman <dirkjan@ochtman.nl>
parents:
8846
diff
changeset
|
24 |
11092
2dd91779eb27
acl: add support for branch-based access control
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11058
diff
changeset
|
25 The order in which access checks are performed is: |
11094 | 26 |
27 1) Deny list for branches (section ``acl.deny.branches``) | |
28 2) Allow list for branches (section ``acl.allow.branches``) | |
29 3) Deny list for paths (section ``acl.deny``) | |
30 4) Allow list for paths (section ``acl.allow``) | |
11042
d82f3651cd13
acl: updated doc string to reflect recent changes
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11041
diff
changeset
|
31 |
11092
2dd91779eb27
acl: add support for branch-based access control
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11058
diff
changeset
|
32 The allow and deny sections take key-value pairs. |
2dd91779eb27
acl: add support for branch-based access control
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11058
diff
changeset
|
33 |
11094 | 34 Branch-based Access Control |
17267
979b107eaea2
doc: unify section level between help topics
FUJIWARA Katsunori <foozy@lares.dti.ne.jp>
parents:
16957
diff
changeset
|
35 --------------------------- |
11092
2dd91779eb27
acl: add support for branch-based access control
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11058
diff
changeset
|
36 |
11095
d56124931909
acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents:
11094
diff
changeset
|
37 Use the ``acl.deny.branches`` and ``acl.allow.branches`` sections to |
d56124931909
acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents:
11094
diff
changeset
|
38 have branch-based access control. Keys in these sections can be |
d56124931909
acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents:
11094
diff
changeset
|
39 either: |
11057
7f0796a0b35c
acl: fix ReST syntax in docstring
Martin Geisler <mg@lazybytes.net>
parents:
11042
diff
changeset
|
40 |
11095
d56124931909
acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents:
11094
diff
changeset
|
41 - a branch name, or |
d56124931909
acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents:
11094
diff
changeset
|
42 - an asterisk, to match any branch; |
11092
2dd91779eb27
acl: add support for branch-based access control
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11058
diff
changeset
|
43 |
2dd91779eb27
acl: add support for branch-based access control
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11058
diff
changeset
|
44 The corresponding values can be either: |
11094 | 45 |
11095
d56124931909
acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents:
11094
diff
changeset
|
46 - a comma-separated list containing users and groups, or |
d56124931909
acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents:
11094
diff
changeset
|
47 - an asterisk, to match anyone; |
11042
d82f3651cd13
acl: updated doc string to reflect recent changes
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11041
diff
changeset
|
48 |
16957
d7b608149f6c
acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16956
diff
changeset
|
49 You can add the "!" prefix to a user or group name to invert the sense |
d7b608149f6c
acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16956
diff
changeset
|
50 of the match. |
d7b608149f6c
acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16956
diff
changeset
|
51 |
11094 | 52 Path-based Access Control |
17267
979b107eaea2
doc: unify section level between help topics
FUJIWARA Katsunori <foozy@lares.dti.ne.jp>
parents:
16957
diff
changeset
|
53 ------------------------- |
11092
2dd91779eb27
acl: add support for branch-based access control
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11058
diff
changeset
|
54 |
11095
d56124931909
acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents:
11094
diff
changeset
|
55 Use the ``acl.deny`` and ``acl.allow`` sections to have path-based |
d56124931909
acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents:
11094
diff
changeset
|
56 access control. Keys in these sections accept a subtree pattern (with |
d56124931909
acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents:
11094
diff
changeset
|
57 a glob syntax by default). The corresponding values follow the same |
d56124931909
acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents:
11094
diff
changeset
|
58 syntax as the other sections above. |
11092
2dd91779eb27
acl: add support for branch-based access control
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11058
diff
changeset
|
59 |
38531
6beb8347b709
acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents:
37120
diff
changeset
|
60 Bookmark-based Access Control |
6beb8347b709
acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents:
37120
diff
changeset
|
61 ----------------------------- |
6beb8347b709
acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents:
37120
diff
changeset
|
62 Use the ``acl.deny.bookmarks`` and ``acl.allow.bookmarks`` sections to |
6beb8347b709
acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents:
37120
diff
changeset
|
63 have bookmark-based access control. Keys in these sections can be |
6beb8347b709
acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents:
37120
diff
changeset
|
64 either: |
6beb8347b709
acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents:
37120
diff
changeset
|
65 |
6beb8347b709
acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents:
37120
diff
changeset
|
66 - a bookmark name, or |
6beb8347b709
acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents:
37120
diff
changeset
|
67 - an asterisk, to match any bookmark; |
6beb8347b709
acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents:
37120
diff
changeset
|
68 |
6beb8347b709
acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents:
37120
diff
changeset
|
69 The corresponding values can be either: |
6beb8347b709
acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents:
37120
diff
changeset
|
70 |
6beb8347b709
acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents:
37120
diff
changeset
|
71 - a comma-separated list containing users and groups, or |
6beb8347b709
acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents:
37120
diff
changeset
|
72 - an asterisk, to match anyone; |
6beb8347b709
acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents:
37120
diff
changeset
|
73 |
6beb8347b709
acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents:
37120
diff
changeset
|
74 You can add the "!" prefix to a user or group name to invert the sense |
6beb8347b709
acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents:
37120
diff
changeset
|
75 of the match. |
6beb8347b709
acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents:
37120
diff
changeset
|
76 |
6beb8347b709
acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents:
37120
diff
changeset
|
77 Note: for interactions between clients and servers using Mercurial 3.6+ |
6beb8347b709
acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents:
37120
diff
changeset
|
78 a rejection will generally reject the entire push, for interactions |
6beb8347b709
acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents:
37120
diff
changeset
|
79 involving older clients, the commit transactions will already be accepted, |
6beb8347b709
acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents:
37120
diff
changeset
|
80 and only the bookmark movement will be rejected. |
6beb8347b709
acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents:
37120
diff
changeset
|
81 |
11094 | 82 Groups |
17267
979b107eaea2
doc: unify section level between help topics
FUJIWARA Katsunori <foozy@lares.dti.ne.jp>
parents:
16957
diff
changeset
|
83 ------ |
11092
2dd91779eb27
acl: add support for branch-based access control
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11058
diff
changeset
|
84 |
11095
d56124931909
acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents:
11094
diff
changeset
|
85 Group names must be prefixed with an ``@`` symbol. Specifying a group |
d56124931909
acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents:
11094
diff
changeset
|
86 name has the same effect as specifying all the users in that group. |
8873
e872ef2e6758
help: add/fix docstrings for a bunch of extensions
Dirkjan Ochtman <dirkjan@ochtman.nl>
parents:
8846
diff
changeset
|
87 |
11115
b3d5619f1f2b
acl: update docstring to describe section [acl.groups]
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11114
diff
changeset
|
88 You can define group members in the ``acl.groups`` section. |
b3d5619f1f2b
acl: update docstring to describe section [acl.groups]
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11114
diff
changeset
|
89 If a group name is not defined there, and Mercurial is running under |
b3d5619f1f2b
acl: update docstring to describe section [acl.groups]
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11114
diff
changeset
|
90 a Unix-like system, the list of users will be taken from the OS. |
b3d5619f1f2b
acl: update docstring to describe section [acl.groups]
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11114
diff
changeset
|
91 Otherwise, an exception will be raised. |
b3d5619f1f2b
acl: update docstring to describe section [acl.groups]
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11114
diff
changeset
|
92 |
11094 | 93 Example Configuration |
17267
979b107eaea2
doc: unify section level between help topics
FUJIWARA Katsunori <foozy@lares.dti.ne.jp>
parents:
16957
diff
changeset
|
94 --------------------- |
11094 | 95 |
96 :: | |
8873
e872ef2e6758
help: add/fix docstrings for a bunch of extensions
Dirkjan Ochtman <dirkjan@ochtman.nl>
parents:
8846
diff
changeset
|
97 |
e872ef2e6758
help: add/fix docstrings for a bunch of extensions
Dirkjan Ochtman <dirkjan@ochtman.nl>
parents:
8846
diff
changeset
|
98 [hooks] |
11042
d82f3651cd13
acl: updated doc string to reflect recent changes
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11041
diff
changeset
|
99 |
11092
2dd91779eb27
acl: add support for branch-based access control
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11058
diff
changeset
|
100 # Use this if you want to check access restrictions at commit time |
11042
d82f3651cd13
acl: updated doc string to reflect recent changes
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11041
diff
changeset
|
101 pretxncommit.acl = python:hgext.acl.hook |
11423
776f9784b34b
acl: delete trailing whitespace in docstring
Martin Geisler <mg@lazybytes.net>
parents:
11140
diff
changeset
|
102 |
11095
d56124931909
acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents:
11094
diff
changeset
|
103 # Use this if you want to check access restrictions for pull, push, |
d56124931909
acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents:
11094
diff
changeset
|
104 # bundle and serve. |
8873
e872ef2e6758
help: add/fix docstrings for a bunch of extensions
Dirkjan Ochtman <dirkjan@ochtman.nl>
parents:
8846
diff
changeset
|
105 pretxnchangegroup.acl = python:hgext.acl.hook |
e872ef2e6758
help: add/fix docstrings for a bunch of extensions
Dirkjan Ochtman <dirkjan@ochtman.nl>
parents:
8846
diff
changeset
|
106 |
e872ef2e6758
help: add/fix docstrings for a bunch of extensions
Dirkjan Ochtman <dirkjan@ochtman.nl>
parents:
8846
diff
changeset
|
107 [acl] |
11131
0b6fd18ab8af
acl: clarify acl.sources, fix typo
Patrick Mezard <pmezard@gmail.com>
parents:
11115
diff
changeset
|
108 # Allow or deny access for incoming changes only if their source is |
0b6fd18ab8af
acl: clarify acl.sources, fix typo
Patrick Mezard <pmezard@gmail.com>
parents:
11115
diff
changeset
|
109 # listed here, let them pass otherwise. Source is "serve" for all |
0b6fd18ab8af
acl: clarify acl.sources, fix typo
Patrick Mezard <pmezard@gmail.com>
parents:
11115
diff
changeset
|
110 # remote access (http or ssh), "push", "pull" or "bundle" when the |
0b6fd18ab8af
acl: clarify acl.sources, fix typo
Patrick Mezard <pmezard@gmail.com>
parents:
11115
diff
changeset
|
111 # related commands are run locally. |
0b6fd18ab8af
acl: clarify acl.sources, fix typo
Patrick Mezard <pmezard@gmail.com>
parents:
11115
diff
changeset
|
112 # Default: serve |
8893 | 113 sources = serve |
8873
e872ef2e6758
help: add/fix docstrings for a bunch of extensions
Dirkjan Ochtman <dirkjan@ochtman.nl>
parents:
8846
diff
changeset
|
114 |
11423
776f9784b34b
acl: delete trailing whitespace in docstring
Martin Geisler <mg@lazybytes.net>
parents:
11140
diff
changeset
|
115 [acl.deny.branches] |
776f9784b34b
acl: delete trailing whitespace in docstring
Martin Geisler <mg@lazybytes.net>
parents:
11140
diff
changeset
|
116 |
776f9784b34b
acl: delete trailing whitespace in docstring
Martin Geisler <mg@lazybytes.net>
parents:
11140
diff
changeset
|
117 # Everyone is denied to the frozen branch: |
776f9784b34b
acl: delete trailing whitespace in docstring
Martin Geisler <mg@lazybytes.net>
parents:
11140
diff
changeset
|
118 frozen-branch = * |
776f9784b34b
acl: delete trailing whitespace in docstring
Martin Geisler <mg@lazybytes.net>
parents:
11140
diff
changeset
|
119 |
776f9784b34b
acl: delete trailing whitespace in docstring
Martin Geisler <mg@lazybytes.net>
parents:
11140
diff
changeset
|
120 # A bad user is denied on all branches: |
776f9784b34b
acl: delete trailing whitespace in docstring
Martin Geisler <mg@lazybytes.net>
parents:
11140
diff
changeset
|
121 * = bad-user |
776f9784b34b
acl: delete trailing whitespace in docstring
Martin Geisler <mg@lazybytes.net>
parents:
11140
diff
changeset
|
122 |
776f9784b34b
acl: delete trailing whitespace in docstring
Martin Geisler <mg@lazybytes.net>
parents:
11140
diff
changeset
|
123 [acl.allow.branches] |
776f9784b34b
acl: delete trailing whitespace in docstring
Martin Geisler <mg@lazybytes.net>
parents:
11140
diff
changeset
|
124 |
776f9784b34b
acl: delete trailing whitespace in docstring
Martin Geisler <mg@lazybytes.net>
parents:
11140
diff
changeset
|
125 # A few users are allowed on branch-a: |
776f9784b34b
acl: delete trailing whitespace in docstring
Martin Geisler <mg@lazybytes.net>
parents:
11140
diff
changeset
|
126 branch-a = user-1, user-2, user-3 |
776f9784b34b
acl: delete trailing whitespace in docstring
Martin Geisler <mg@lazybytes.net>
parents:
11140
diff
changeset
|
127 |
776f9784b34b
acl: delete trailing whitespace in docstring
Martin Geisler <mg@lazybytes.net>
parents:
11140
diff
changeset
|
128 # Only one user is allowed on branch-b: |
776f9784b34b
acl: delete trailing whitespace in docstring
Martin Geisler <mg@lazybytes.net>
parents:
11140
diff
changeset
|
129 branch-b = user-1 |
776f9784b34b
acl: delete trailing whitespace in docstring
Martin Geisler <mg@lazybytes.net>
parents:
11140
diff
changeset
|
130 |
776f9784b34b
acl: delete trailing whitespace in docstring
Martin Geisler <mg@lazybytes.net>
parents:
11140
diff
changeset
|
131 # The super user is allowed on any branch: |
776f9784b34b
acl: delete trailing whitespace in docstring
Martin Geisler <mg@lazybytes.net>
parents:
11140
diff
changeset
|
132 * = super-user |
776f9784b34b
acl: delete trailing whitespace in docstring
Martin Geisler <mg@lazybytes.net>
parents:
11140
diff
changeset
|
133 |
776f9784b34b
acl: delete trailing whitespace in docstring
Martin Geisler <mg@lazybytes.net>
parents:
11140
diff
changeset
|
134 # Everyone is allowed on branch-for-tests: |
776f9784b34b
acl: delete trailing whitespace in docstring
Martin Geisler <mg@lazybytes.net>
parents:
11140
diff
changeset
|
135 branch-for-tests = * |
11092
2dd91779eb27
acl: add support for branch-based access control
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11058
diff
changeset
|
136 |
11042
d82f3651cd13
acl: updated doc string to reflect recent changes
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11041
diff
changeset
|
137 [acl.deny] |
11095
d56124931909
acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents:
11094
diff
changeset
|
138 # This list is checked first. If a match is found, acl.allow is not |
d56124931909
acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents:
11094
diff
changeset
|
139 # checked. All users are granted access if acl.deny is not present. |
d56124931909
acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents:
11094
diff
changeset
|
140 # Format for both lists: glob pattern = user, ..., @group, ... |
11042
d82f3651cd13
acl: updated doc string to reflect recent changes
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11041
diff
changeset
|
141 |
d82f3651cd13
acl: updated doc string to reflect recent changes
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11041
diff
changeset
|
142 # To match everyone, use an asterisk for the user: |
d82f3651cd13
acl: updated doc string to reflect recent changes
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11041
diff
changeset
|
143 # my/glob/pattern = * |
d82f3651cd13
acl: updated doc string to reflect recent changes
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11041
diff
changeset
|
144 |
d82f3651cd13
acl: updated doc string to reflect recent changes
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11041
diff
changeset
|
145 # user6 will not have write access to any file: |
d82f3651cd13
acl: updated doc string to reflect recent changes
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11041
diff
changeset
|
146 ** = user6 |
d82f3651cd13
acl: updated doc string to reflect recent changes
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11041
diff
changeset
|
147 |
d82f3651cd13
acl: updated doc string to reflect recent changes
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11041
diff
changeset
|
148 # Group "hg-denied" will not have write access to any file: |
d82f3651cd13
acl: updated doc string to reflect recent changes
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11041
diff
changeset
|
149 ** = @hg-denied |
d82f3651cd13
acl: updated doc string to reflect recent changes
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11041
diff
changeset
|
150 |
17537 | 151 # Nobody will be able to change "DONT-TOUCH-THIS.txt", despite |
11095
d56124931909
acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents:
11094
diff
changeset
|
152 # everyone being able to change all other files. See below. |
17537 | 153 src/main/resources/DONT-TOUCH-THIS.txt = * |
8873
e872ef2e6758
help: add/fix docstrings for a bunch of extensions
Dirkjan Ochtman <dirkjan@ochtman.nl>
parents:
8846
diff
changeset
|
154 |
e872ef2e6758
help: add/fix docstrings for a bunch of extensions
Dirkjan Ochtman <dirkjan@ochtman.nl>
parents:
8846
diff
changeset
|
155 [acl.allow] |
11131
0b6fd18ab8af
acl: clarify acl.sources, fix typo
Patrick Mezard <pmezard@gmail.com>
parents:
11115
diff
changeset
|
156 # if acl.allow is not present, all users are allowed by default |
11042
d82f3651cd13
acl: updated doc string to reflect recent changes
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11041
diff
changeset
|
157 # empty acl.allow = no users allowed |
d82f3651cd13
acl: updated doc string to reflect recent changes
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11041
diff
changeset
|
158 |
11095
d56124931909
acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents:
11094
diff
changeset
|
159 # User "doc_writer" has write access to any file under the "docs" |
d56124931909
acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents:
11094
diff
changeset
|
160 # folder: |
8873
e872ef2e6758
help: add/fix docstrings for a bunch of extensions
Dirkjan Ochtman <dirkjan@ochtman.nl>
parents:
8846
diff
changeset
|
161 docs/** = doc_writer |
11042
d82f3651cd13
acl: updated doc string to reflect recent changes
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11041
diff
changeset
|
162 |
11095
d56124931909
acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents:
11094
diff
changeset
|
163 # User "jack" and group "designers" have write access to any file |
d56124931909
acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents:
11094
diff
changeset
|
164 # under the "images" folder: |
11042
d82f3651cd13
acl: updated doc string to reflect recent changes
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11041
diff
changeset
|
165 images/** = jack, @designers |
d82f3651cd13
acl: updated doc string to reflect recent changes
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11041
diff
changeset
|
166 |
16499
0b463f52b948
doc: fix explanation comment in acl extension
FUJIWARA Katsunori <foozy@lares.dti.ne.jp>
parents:
15207
diff
changeset
|
167 # Everyone (except for "user6" and "@hg-denied" - see acl.deny above) |
0b463f52b948
doc: fix explanation comment in acl extension
FUJIWARA Katsunori <foozy@lares.dti.ne.jp>
parents:
15207
diff
changeset
|
168 # will have write access to any file under the "resources" folder |
0b463f52b948
doc: fix explanation comment in acl extension
FUJIWARA Katsunori <foozy@lares.dti.ne.jp>
parents:
15207
diff
changeset
|
169 # (except for 1 file. See acl.deny): |
11042
d82f3651cd13
acl: updated doc string to reflect recent changes
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11041
diff
changeset
|
170 src/main/resources/** = * |
d82f3651cd13
acl: updated doc string to reflect recent changes
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11041
diff
changeset
|
171 |
8873
e872ef2e6758
help: add/fix docstrings for a bunch of extensions
Dirkjan Ochtman <dirkjan@ochtman.nl>
parents:
8846
diff
changeset
|
172 .hgtags = release_engineer |
e872ef2e6758
help: add/fix docstrings for a bunch of extensions
Dirkjan Ochtman <dirkjan@ochtman.nl>
parents:
8846
diff
changeset
|
173 |
16957
d7b608149f6c
acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16956
diff
changeset
|
174 Examples using the "!" prefix |
d7b608149f6c
acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16956
diff
changeset
|
175 ............................. |
d7b608149f6c
acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16956
diff
changeset
|
176 |
d7b608149f6c
acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16956
diff
changeset
|
177 Suppose there's a branch that only a given user (or group) should be able to |
d7b608149f6c
acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16956
diff
changeset
|
178 push to, and you don't want to restrict access to any other branch that may |
d7b608149f6c
acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16956
diff
changeset
|
179 be created. |
d7b608149f6c
acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16956
diff
changeset
|
180 |
d7b608149f6c
acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16956
diff
changeset
|
181 The "!" prefix allows you to prevent anyone except a given user or group to |
d7b608149f6c
acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16956
diff
changeset
|
182 push changesets in a given branch or path. |
d7b608149f6c
acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16956
diff
changeset
|
183 |
d7b608149f6c
acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16956
diff
changeset
|
184 In the examples below, we will: |
d7b608149f6c
acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16956
diff
changeset
|
185 1) Deny access to branch "ring" to anyone but user "gollum" |
d7b608149f6c
acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16956
diff
changeset
|
186 2) Deny access to branch "lake" to anyone but members of the group "hobbit" |
d7b608149f6c
acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16956
diff
changeset
|
187 3) Deny access to a file to anyone but user "gollum" |
d7b608149f6c
acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16956
diff
changeset
|
188 |
d7b608149f6c
acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16956
diff
changeset
|
189 :: |
d7b608149f6c
acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16956
diff
changeset
|
190 |
d7b608149f6c
acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16956
diff
changeset
|
191 [acl.allow.branches] |
d7b608149f6c
acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16956
diff
changeset
|
192 # Empty |
d7b608149f6c
acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16956
diff
changeset
|
193 |
d7b608149f6c
acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16956
diff
changeset
|
194 [acl.deny.branches] |
d7b608149f6c
acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16956
diff
changeset
|
195 |
d7b608149f6c
acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16956
diff
changeset
|
196 # 1) only 'gollum' can commit to branch 'ring'; |
d7b608149f6c
acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16956
diff
changeset
|
197 # 'gollum' and anyone else can still commit to any other branch. |
d7b608149f6c
acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16956
diff
changeset
|
198 ring = !gollum |
d7b608149f6c
acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16956
diff
changeset
|
199 |
d7b608149f6c
acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16956
diff
changeset
|
200 # 2) only members of the group 'hobbit' can commit to branch 'lake'; |
d7b608149f6c
acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16956
diff
changeset
|
201 # 'hobbit' members and anyone else can still commit to any other branch. |
d7b608149f6c
acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16956
diff
changeset
|
202 lake = !@hobbit |
d7b608149f6c
acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16956
diff
changeset
|
203 |
d7b608149f6c
acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16956
diff
changeset
|
204 # You can also deny access based on file paths: |
d7b608149f6c
acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16956
diff
changeset
|
205 |
d7b608149f6c
acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16956
diff
changeset
|
206 [acl.allow] |
d7b608149f6c
acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16956
diff
changeset
|
207 # Empty |
d7b608149f6c
acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16956
diff
changeset
|
208 |
d7b608149f6c
acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16956
diff
changeset
|
209 [acl.deny] |
d7b608149f6c
acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16956
diff
changeset
|
210 # 3) only 'gollum' can change the file below; |
d7b608149f6c
acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16956
diff
changeset
|
211 # 'gollum' and anyone else can still change any other file. |
d7b608149f6c
acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16956
diff
changeset
|
212 /misty/mountains/cave/ring = !gollum |
d7b608149f6c
acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16956
diff
changeset
|
213 |
8873
e872ef2e6758
help: add/fix docstrings for a bunch of extensions
Dirkjan Ochtman <dirkjan@ochtman.nl>
parents:
8846
diff
changeset
|
214 ''' |
2344
ae12e5a2c4a3
add acl extension, to limit who can push to subdirs of central repo.
Vadim Gelfer <vadim.gelfer@gmail.com>
parents:
diff
changeset
|
215 |
28089
a1163ee26e4a
acl: use absolute_import
Gregory Szorc <gregory.szorc@gmail.com>
parents:
26587
diff
changeset
|
216 |
3891 | 217 from mercurial.i18n import _ |
28089
a1163ee26e4a
acl: use absolute_import
Gregory Szorc <gregory.szorc@gmail.com>
parents:
26587
diff
changeset
|
218 from mercurial import ( |
a1163ee26e4a
acl: use absolute_import
Gregory Szorc <gregory.szorc@gmail.com>
parents:
26587
diff
changeset
|
219 error, |
34829
120c5c155ba4
acl: make sure the extensions is enabled when the acl-hooks run
Boris Feld <boris.feld@octobus.net>
parents:
34779
diff
changeset
|
220 extensions, |
28089
a1163ee26e4a
acl: use absolute_import
Gregory Szorc <gregory.szorc@gmail.com>
parents:
26587
diff
changeset
|
221 match, |
33185
8b109c61bc11
configitems: register the 'acl.config' config
Pierre-Yves David <pierre-yves.david@octobus.net>
parents:
29841
diff
changeset
|
222 registrar, |
28089
a1163ee26e4a
acl: use absolute_import
Gregory Szorc <gregory.szorc@gmail.com>
parents:
26587
diff
changeset
|
223 util, |
a1163ee26e4a
acl: use absolute_import
Gregory Szorc <gregory.szorc@gmail.com>
parents:
26587
diff
changeset
|
224 ) |
43076
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
225 from mercurial.utils import procutil |
11041
623fe42a649e
acl: add support for OS-level groups using @group syntax
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
10955
diff
changeset
|
226 |
28883
032c4c2f802a
pycompat: switch to util.urlreq/util.urlerr for py3 compat
timeless <timeless@mozdev.org>
parents:
28089
diff
changeset
|
227 urlreq = util.urlreq |
032c4c2f802a
pycompat: switch to util.urlreq/util.urlerr for py3 compat
timeless <timeless@mozdev.org>
parents:
28089
diff
changeset
|
228 |
29841
d5883fd055c6
extensions: change magic "shipped with hg" string
Augie Fackler <augie@google.com>
parents:
28883
diff
changeset
|
229 # Note for extension authors: ONLY specify testedwith = 'ships-with-hg-core' for |
25186
80c5b2666a96
extensions: document that `testedwith = 'internal'` is special
Augie Fackler <augie@google.com>
parents:
19872
diff
changeset
|
230 # extensions which SHIP WITH MERCURIAL. Non-mainline extensions should |
80c5b2666a96
extensions: document that `testedwith = 'internal'` is special
Augie Fackler <augie@google.com>
parents:
19872
diff
changeset
|
231 # be specifying the version(s) of Mercurial they are tested with, or |
80c5b2666a96
extensions: document that `testedwith = 'internal'` is special
Augie Fackler <augie@google.com>
parents:
19872
diff
changeset
|
232 # leave the attribute unspecified. |
43077
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
233 testedwith = b'ships-with-hg-core' |
16743
38caf405d010
hgext: mark all first-party extensions as such
Augie Fackler <raf@durin42.com>
parents:
16499
diff
changeset
|
234 |
33185
8b109c61bc11
configitems: register the 'acl.config' config
Pierre-Yves David <pierre-yves.david@octobus.net>
parents:
29841
diff
changeset
|
235 configtable = {} |
8b109c61bc11
configitems: register the 'acl.config' config
Pierre-Yves David <pierre-yves.david@octobus.net>
parents:
29841
diff
changeset
|
236 configitem = registrar.configitem(configtable) |
8b109c61bc11
configitems: register the 'acl.config' config
Pierre-Yves David <pierre-yves.david@octobus.net>
parents:
29841
diff
changeset
|
237 |
8b109c61bc11
configitems: register the 'acl.config' config
Pierre-Yves David <pierre-yves.david@octobus.net>
parents:
29841
diff
changeset
|
238 # deprecated config: acl.config |
43076
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
239 configitem( |
45942
89a2afe31e82
formating: upgrade to black 20.8b1
Augie Fackler <raf@durin42.com>
parents:
43506
diff
changeset
|
240 b'acl', |
89a2afe31e82
formating: upgrade to black 20.8b1
Augie Fackler <raf@durin42.com>
parents:
43506
diff
changeset
|
241 b'config', |
89a2afe31e82
formating: upgrade to black 20.8b1
Augie Fackler <raf@durin42.com>
parents:
43506
diff
changeset
|
242 default=None, |
33185
8b109c61bc11
configitems: register the 'acl.config' config
Pierre-Yves David <pierre-yves.david@octobus.net>
parents:
29841
diff
changeset
|
243 ) |
43076
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
244 configitem( |
45942
89a2afe31e82
formating: upgrade to black 20.8b1
Augie Fackler <raf@durin42.com>
parents:
43506
diff
changeset
|
245 b'acl.groups', |
89a2afe31e82
formating: upgrade to black 20.8b1
Augie Fackler <raf@durin42.com>
parents:
43506
diff
changeset
|
246 b'.*', |
89a2afe31e82
formating: upgrade to black 20.8b1
Augie Fackler <raf@durin42.com>
parents:
43506
diff
changeset
|
247 default=None, |
89a2afe31e82
formating: upgrade to black 20.8b1
Augie Fackler <raf@durin42.com>
parents:
43506
diff
changeset
|
248 generic=True, |
34779
cfb054a7ecc4
configitems: register acl config section
Boris Feld <boris.feld@octobus.net>
parents:
33216
diff
changeset
|
249 ) |
43076
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
250 configitem( |
45942
89a2afe31e82
formating: upgrade to black 20.8b1
Augie Fackler <raf@durin42.com>
parents:
43506
diff
changeset
|
251 b'acl.deny.branches', |
89a2afe31e82
formating: upgrade to black 20.8b1
Augie Fackler <raf@durin42.com>
parents:
43506
diff
changeset
|
252 b'.*', |
89a2afe31e82
formating: upgrade to black 20.8b1
Augie Fackler <raf@durin42.com>
parents:
43506
diff
changeset
|
253 default=None, |
89a2afe31e82
formating: upgrade to black 20.8b1
Augie Fackler <raf@durin42.com>
parents:
43506
diff
changeset
|
254 generic=True, |
34779
cfb054a7ecc4
configitems: register acl config section
Boris Feld <boris.feld@octobus.net>
parents:
33216
diff
changeset
|
255 ) |
43076
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
256 configitem( |
45942
89a2afe31e82
formating: upgrade to black 20.8b1
Augie Fackler <raf@durin42.com>
parents:
43506
diff
changeset
|
257 b'acl.allow.branches', |
89a2afe31e82
formating: upgrade to black 20.8b1
Augie Fackler <raf@durin42.com>
parents:
43506
diff
changeset
|
258 b'.*', |
89a2afe31e82
formating: upgrade to black 20.8b1
Augie Fackler <raf@durin42.com>
parents:
43506
diff
changeset
|
259 default=None, |
89a2afe31e82
formating: upgrade to black 20.8b1
Augie Fackler <raf@durin42.com>
parents:
43506
diff
changeset
|
260 generic=True, |
34779
cfb054a7ecc4
configitems: register acl config section
Boris Feld <boris.feld@octobus.net>
parents:
33216
diff
changeset
|
261 ) |
43076
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
262 configitem( |
45942
89a2afe31e82
formating: upgrade to black 20.8b1
Augie Fackler <raf@durin42.com>
parents:
43506
diff
changeset
|
263 b'acl.deny', |
89a2afe31e82
formating: upgrade to black 20.8b1
Augie Fackler <raf@durin42.com>
parents:
43506
diff
changeset
|
264 b'.*', |
89a2afe31e82
formating: upgrade to black 20.8b1
Augie Fackler <raf@durin42.com>
parents:
43506
diff
changeset
|
265 default=None, |
89a2afe31e82
formating: upgrade to black 20.8b1
Augie Fackler <raf@durin42.com>
parents:
43506
diff
changeset
|
266 generic=True, |
34779
cfb054a7ecc4
configitems: register acl config section
Boris Feld <boris.feld@octobus.net>
parents:
33216
diff
changeset
|
267 ) |
43076
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
268 configitem( |
45942
89a2afe31e82
formating: upgrade to black 20.8b1
Augie Fackler <raf@durin42.com>
parents:
43506
diff
changeset
|
269 b'acl.allow', |
89a2afe31e82
formating: upgrade to black 20.8b1
Augie Fackler <raf@durin42.com>
parents:
43506
diff
changeset
|
270 b'.*', |
89a2afe31e82
formating: upgrade to black 20.8b1
Augie Fackler <raf@durin42.com>
parents:
43506
diff
changeset
|
271 default=None, |
89a2afe31e82
formating: upgrade to black 20.8b1
Augie Fackler <raf@durin42.com>
parents:
43506
diff
changeset
|
272 generic=True, |
34779
cfb054a7ecc4
configitems: register acl config section
Boris Feld <boris.feld@octobus.net>
parents:
33216
diff
changeset
|
273 ) |
43076
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
274 configitem( |
45942
89a2afe31e82
formating: upgrade to black 20.8b1
Augie Fackler <raf@durin42.com>
parents:
43506
diff
changeset
|
275 b'acl', |
89a2afe31e82
formating: upgrade to black 20.8b1
Augie Fackler <raf@durin42.com>
parents:
43506
diff
changeset
|
276 b'sources', |
89a2afe31e82
formating: upgrade to black 20.8b1
Augie Fackler <raf@durin42.com>
parents:
43506
diff
changeset
|
277 default=lambda: [b'serve'], |
33186
478cb17cc610
configitems: register the 'acl.sources' config
Pierre-Yves David <pierre-yves.david@octobus.net>
parents:
33185
diff
changeset
|
278 ) |
33185
8b109c61bc11
configitems: register the 'acl.config' config
Pierre-Yves David <pierre-yves.david@octobus.net>
parents:
29841
diff
changeset
|
279 |
43076
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
280 |
11114
62714143742f
acl: support for group definitions in section [acl.groups], which take precedence over OS-level groups
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11095
diff
changeset
|
281 def _getusers(ui, group): |
62714143742f
acl: support for group definitions in section [acl.groups], which take precedence over OS-level groups
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11095
diff
changeset
|
282 |
62714143742f
acl: support for group definitions in section [acl.groups], which take precedence over OS-level groups
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11095
diff
changeset
|
283 # First, try to use group definition from section [acl.groups] |
43077
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
284 hgrcusers = ui.configlist(b'acl.groups', group) |
11114
62714143742f
acl: support for group definitions in section [acl.groups], which take precedence over OS-level groups
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11095
diff
changeset
|
285 if hgrcusers: |
62714143742f
acl: support for group definitions in section [acl.groups], which take precedence over OS-level groups
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11095
diff
changeset
|
286 return hgrcusers |
62714143742f
acl: support for group definitions in section [acl.groups], which take precedence over OS-level groups
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11095
diff
changeset
|
287 |
43077
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
288 ui.debug(b'acl: "%s" not defined in [acl.groups]\n' % group) |
11114
62714143742f
acl: support for group definitions in section [acl.groups], which take precedence over OS-level groups
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11095
diff
changeset
|
289 # If no users found in group definition, get users from OS-level group |
11140
1f26cf0a3663
acl: improve undefined group error handling
Patrick Mezard <pmezard@gmail.com>
parents:
11138
diff
changeset
|
290 try: |
1f26cf0a3663
acl: improve undefined group error handling
Patrick Mezard <pmezard@gmail.com>
parents:
11138
diff
changeset
|
291 return util.groupmembers(group) |
1f26cf0a3663
acl: improve undefined group error handling
Patrick Mezard <pmezard@gmail.com>
parents:
11138
diff
changeset
|
292 except KeyError: |
43077
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
293 raise error.Abort(_(b"group '%s' is undefined") % group) |
11041
623fe42a649e
acl: add support for OS-level groups using @group syntax
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
10955
diff
changeset
|
294 |
43076
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
295 |
11114
62714143742f
acl: support for group definitions in section [acl.groups], which take precedence over OS-level groups
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11095
diff
changeset
|
296 def _usermatch(ui, user, usersorgroups): |
11041
623fe42a649e
acl: add support for OS-level groups using @group syntax
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
10955
diff
changeset
|
297 |
43077
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
298 if usersorgroups == b'*': |
11041
623fe42a649e
acl: add support for OS-level groups using @group syntax
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
10955
diff
changeset
|
299 return True |
623fe42a649e
acl: add support for OS-level groups using @group syntax
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
10955
diff
changeset
|
300 |
43077
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
301 for ug in usersorgroups.replace(b',', b' ').split(): |
16956
c49cf339b5bb
acl: use of "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16767
diff
changeset
|
302 |
43077
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
303 if ug.startswith(b'!'): |
16956
c49cf339b5bb
acl: use of "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16767
diff
changeset
|
304 # Test for excluded user or group. Format: |
c49cf339b5bb
acl: use of "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16767
diff
changeset
|
305 # if ug is a user name: !username |
c49cf339b5bb
acl: use of "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16767
diff
changeset
|
306 # if ug is a group name: !@groupname |
c49cf339b5bb
acl: use of "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16767
diff
changeset
|
307 ug = ug[1:] |
43076
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
308 if ( |
43077
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
309 not ug.startswith(b'@') |
43076
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
310 and user != ug |
43077
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
311 or ug.startswith(b'@') |
43076
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
312 and user not in _getusers(ui, ug[1:]) |
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
313 ): |
16956
c49cf339b5bb
acl: use of "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16767
diff
changeset
|
314 return True |
c49cf339b5bb
acl: use of "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16767
diff
changeset
|
315 |
c49cf339b5bb
acl: use of "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16767
diff
changeset
|
316 # Test for user or group. Format: |
c49cf339b5bb
acl: use of "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16767
diff
changeset
|
317 # if ug is a user name: username |
c49cf339b5bb
acl: use of "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16767
diff
changeset
|
318 # if ug is a group name: @groupname |
43077
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
319 elif ( |
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
320 user == ug or ug.startswith(b'@') and user in _getusers(ui, ug[1:]) |
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
321 ): |
11041
623fe42a649e
acl: add support for OS-level groups using @group syntax
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
10955
diff
changeset
|
322 return True |
623fe42a649e
acl: add support for OS-level groups using @group syntax
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
10955
diff
changeset
|
323 |
623fe42a649e
acl: add support for OS-level groups using @group syntax
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
10955
diff
changeset
|
324 return False |
2344
ae12e5a2c4a3
add acl extension, to limit who can push to subdirs of central repo.
Vadim Gelfer <vadim.gelfer@gmail.com>
parents:
diff
changeset
|
325 |
43076
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
326 |
6766 | 327 def buildmatch(ui, repo, user, key): |
328 '''return tuple of (match function, list enabled).''' | |
329 if not ui.has_section(key): | |
43077
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
330 ui.debug(b'acl: %s not enabled\n' % key) |
6766 | 331 return None |
2344
ae12e5a2c4a3
add acl extension, to limit who can push to subdirs of central repo.
Vadim Gelfer <vadim.gelfer@gmail.com>
parents:
diff
changeset
|
332 |
43076
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
333 pats = [ |
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
334 pat for pat, users in ui.configitems(key) if _usermatch(ui, user, users) |
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
335 ] |
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
336 ui.debug( |
43077
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
337 b'acl: %s enabled, %d entries for user %s\n' % (key, len(pats), user) |
43076
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
338 ) |
11092
2dd91779eb27
acl: add support for branch-based access control
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11058
diff
changeset
|
339 |
16765
754e98e0a615
acl: added some comments to easily identify branch- and path-based verifications
Elifarley Callado Coelho Cruz
parents:
16764
diff
changeset
|
340 # Branch-based ACL |
11092
2dd91779eb27
acl: add support for branch-based access control
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11058
diff
changeset
|
341 if not repo: |
2dd91779eb27
acl: add support for branch-based access control
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11058
diff
changeset
|
342 if pats: |
16766
9d778f80ad2a
acl: perform some computations earlier, so that returned lambda functions are simpler
Elifarley Callado Coelho Cruz
parents:
16765
diff
changeset
|
343 # If there's an asterisk (meaning "any branch"), always return True; |
9d778f80ad2a
acl: perform some computations earlier, so that returned lambda functions are simpler
Elifarley Callado Coelho Cruz
parents:
16765
diff
changeset
|
344 # Otherwise, test if b is in pats |
43077
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
345 if b'*' in pats: |
16766
9d778f80ad2a
acl: perform some computations earlier, so that returned lambda functions are simpler
Elifarley Callado Coelho Cruz
parents:
16765
diff
changeset
|
346 return util.always |
9d778f80ad2a
acl: perform some computations earlier, so that returned lambda functions are simpler
Elifarley Callado Coelho Cruz
parents:
16765
diff
changeset
|
347 return lambda b: b in pats |
16764 | 348 return util.never |
11092
2dd91779eb27
acl: add support for branch-based access control
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11058
diff
changeset
|
349 |
16765
754e98e0a615
acl: added some comments to easily identify branch- and path-based verifications
Elifarley Callado Coelho Cruz
parents:
16764
diff
changeset
|
350 # Path-based ACL |
6766 | 351 if pats: |
43077
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
352 return match.match(repo.root, b'', pats) |
16767
363bde4224c8
acl: 'util.never' can be used instead of a more complex expression
Elifarley Callado Coelho Cruz
parents:
16766
diff
changeset
|
353 return util.never |
2344
ae12e5a2c4a3
add acl extension, to limit who can push to subdirs of central repo.
Vadim Gelfer <vadim.gelfer@gmail.com>
parents:
diff
changeset
|
354 |
43076
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
355 |
34829
120c5c155ba4
acl: make sure the extensions is enabled when the acl-hooks run
Boris Feld <boris.feld@octobus.net>
parents:
34779
diff
changeset
|
356 def ensureenabled(ui): |
120c5c155ba4
acl: make sure the extensions is enabled when the acl-hooks run
Boris Feld <boris.feld@octobus.net>
parents:
34779
diff
changeset
|
357 """make sure the extension is enabled when used as hook |
120c5c155ba4
acl: make sure the extensions is enabled when the acl-hooks run
Boris Feld <boris.feld@octobus.net>
parents:
34779
diff
changeset
|
358 |
120c5c155ba4
acl: make sure the extensions is enabled when the acl-hooks run
Boris Feld <boris.feld@octobus.net>
parents:
34779
diff
changeset
|
359 When acl is used through hooks, the extension is never formally loaded and |
120c5c155ba4
acl: make sure the extensions is enabled when the acl-hooks run
Boris Feld <boris.feld@octobus.net>
parents:
34779
diff
changeset
|
360 enabled. This has some side effect, for example the config declaration is |
120c5c155ba4
acl: make sure the extensions is enabled when the acl-hooks run
Boris Feld <boris.feld@octobus.net>
parents:
34779
diff
changeset
|
361 never loaded. This function ensure the extension is enabled when running |
120c5c155ba4
acl: make sure the extensions is enabled when the acl-hooks run
Boris Feld <boris.feld@octobus.net>
parents:
34779
diff
changeset
|
362 hooks. |
120c5c155ba4
acl: make sure the extensions is enabled when the acl-hooks run
Boris Feld <boris.feld@octobus.net>
parents:
34779
diff
changeset
|
363 """ |
43077
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
364 if b'acl' in ui._knownconfig: |
34829
120c5c155ba4
acl: make sure the extensions is enabled when the acl-hooks run
Boris Feld <boris.feld@octobus.net>
parents:
34779
diff
changeset
|
365 return |
43077
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
366 ui.setconfig(b'extensions', b'acl', b'', source=b'internal') |
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
367 extensions.loadall(ui, [b'acl']) |
34829
120c5c155ba4
acl: make sure the extensions is enabled when the acl-hooks run
Boris Feld <boris.feld@octobus.net>
parents:
34779
diff
changeset
|
368 |
43076
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
369 |
2344
ae12e5a2c4a3
add acl extension, to limit who can push to subdirs of central repo.
Vadim Gelfer <vadim.gelfer@gmail.com>
parents:
diff
changeset
|
370 def hook(ui, repo, hooktype, node=None, source=None, **kwargs): |
34829
120c5c155ba4
acl: make sure the extensions is enabled when the acl-hooks run
Boris Feld <boris.feld@octobus.net>
parents:
34779
diff
changeset
|
371 |
120c5c155ba4
acl: make sure the extensions is enabled when the acl-hooks run
Boris Feld <boris.feld@octobus.net>
parents:
34779
diff
changeset
|
372 ensureenabled(ui) |
120c5c155ba4
acl: make sure the extensions is enabled when the acl-hooks run
Boris Feld <boris.feld@octobus.net>
parents:
34779
diff
changeset
|
373 |
43077
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
374 if hooktype not in [b'pretxnchangegroup', b'pretxncommit', b'prepushkey']: |
38531
6beb8347b709
acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents:
37120
diff
changeset
|
375 raise error.Abort( |
43076
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
376 _( |
43077
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
377 b'config error - hook type "%s" cannot stop ' |
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
378 b'incoming changesets, commits, nor bookmarks' |
43076
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
379 ) |
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
380 % hooktype |
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
381 ) |
43077
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
382 if hooktype == b'pretxnchangegroup' and source not in ui.configlist( |
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
383 b'acl', b'sources' |
43076
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
384 ): |
43077
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
385 ui.debug(b'acl: changes have source "%s" - skipping\n' % source) |
2344
ae12e5a2c4a3
add acl extension, to limit who can push to subdirs of central repo.
Vadim Gelfer <vadim.gelfer@gmail.com>
parents:
diff
changeset
|
386 return |
ae12e5a2c4a3
add acl extension, to limit who can push to subdirs of central repo.
Vadim Gelfer <vadim.gelfer@gmail.com>
parents:
diff
changeset
|
387 |
8846
b30775386d40
acl: support for getting authenticated user from web server (issue298)
Henrik Stuart <hg@hstuart.dk>
parents:
8682
diff
changeset
|
388 user = None |
43506
9f70512ae2cf
cleanup: remove pointless r-prefixes on single-quoted strings
Augie Fackler <augie@google.com>
parents:
43117
diff
changeset
|
389 if source == b'serve' and 'url' in kwargs: |
9f70512ae2cf
cleanup: remove pointless r-prefixes on single-quoted strings
Augie Fackler <augie@google.com>
parents:
43117
diff
changeset
|
390 url = kwargs['url'].split(b':') |
43077
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
391 if url[0] == b'remote' and url[1].startswith(b'http'): |
28883
032c4c2f802a
pycompat: switch to util.urlreq/util.urlerr for py3 compat
timeless <timeless@mozdev.org>
parents:
28089
diff
changeset
|
392 user = urlreq.unquote(url[3]) |
8846
b30775386d40
acl: support for getting authenticated user from web server (issue298)
Henrik Stuart <hg@hstuart.dk>
parents:
8682
diff
changeset
|
393 |
b30775386d40
acl: support for getting authenticated user from web server (issue298)
Henrik Stuart <hg@hstuart.dk>
parents:
8682
diff
changeset
|
394 if user is None: |
37120
a8a902d7176e
procutil: bulk-replace function calls to point to new module
Yuya Nishihara <yuya@tcha.org>
parents:
36412
diff
changeset
|
395 user = procutil.getuser() |
8846
b30775386d40
acl: support for getting authenticated user from web server (issue298)
Henrik Stuart <hg@hstuart.dk>
parents:
8682
diff
changeset
|
396 |
43077
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
397 ui.debug(b'acl: checking access for user "%s"\n' % user) |
15207
0f7f9f06c759
acl: more descriptive error messages
Elifarley Callado Coelho Cruz
parents:
12778
diff
changeset
|
398 |
43077
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
399 if hooktype == b'prepushkey': |
38531
6beb8347b709
acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents:
37120
diff
changeset
|
400 _pkhook(ui, repo, hooktype, node, source, user, **kwargs) |
6beb8347b709
acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents:
37120
diff
changeset
|
401 else: |
6beb8347b709
acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents:
37120
diff
changeset
|
402 _txnhook(ui, repo, hooktype, node, source, user, **kwargs) |
6beb8347b709
acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents:
37120
diff
changeset
|
403 |
43076
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
404 |
38531
6beb8347b709
acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents:
37120
diff
changeset
|
405 def _pkhook(ui, repo, hooktype, node, source, user, **kwargs): |
43506
9f70512ae2cf
cleanup: remove pointless r-prefixes on single-quoted strings
Augie Fackler <augie@google.com>
parents:
43117
diff
changeset
|
406 if kwargs['namespace'] == b'bookmarks': |
9f70512ae2cf
cleanup: remove pointless r-prefixes on single-quoted strings
Augie Fackler <augie@google.com>
parents:
43117
diff
changeset
|
407 bookmark = kwargs['key'] |
9f70512ae2cf
cleanup: remove pointless r-prefixes on single-quoted strings
Augie Fackler <augie@google.com>
parents:
43117
diff
changeset
|
408 ctx = kwargs['new'] |
43077
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
409 allowbookmarks = buildmatch(ui, None, user, b'acl.allow.bookmarks') |
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
410 denybookmarks = buildmatch(ui, None, user, b'acl.deny.bookmarks') |
38531
6beb8347b709
acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents:
37120
diff
changeset
|
411 |
6beb8347b709
acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents:
37120
diff
changeset
|
412 if denybookmarks and denybookmarks(bookmark): |
43076
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
413 raise error.Abort( |
43077
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
414 _( |
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
415 b'acl: user "%s" denied on bookmark "%s"' |
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
416 b' (changeset "%s")' |
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
417 ) |
43076
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
418 % (user, bookmark, ctx) |
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
419 ) |
38531
6beb8347b709
acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents:
37120
diff
changeset
|
420 if allowbookmarks and not allowbookmarks(bookmark): |
43076
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
421 raise error.Abort( |
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
422 _( |
43077
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
423 b'acl: user "%s" not allowed on bookmark "%s"' |
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
424 b' (changeset "%s")' |
43076
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
425 ) |
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
426 % (user, bookmark, ctx) |
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
427 ) |
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
428 ui.debug( |
43077
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
429 b'acl: bookmark access granted: "%s" on bookmark "%s"\n' |
43076
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
430 % (ctx, bookmark) |
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
431 ) |
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
432 |
38531
6beb8347b709
acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents:
37120
diff
changeset
|
433 |
6beb8347b709
acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents:
37120
diff
changeset
|
434 def _txnhook(ui, repo, hooktype, node, source, user, **kwargs): |
25792
dd166d42e7b2
acl: mark deprecated config option
Matt Mackall <mpm@selenic.com>
parents:
25186
diff
changeset
|
435 # deprecated config: acl.config |
43077
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
436 cfg = ui.config(b'acl', b'config') |
6766 | 437 if cfg: |
43076
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
438 ui.readconfig( |
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
439 cfg, |
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
440 sections=[ |
43077
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
441 b'acl.groups', |
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
442 b'acl.allow.branches', |
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
443 b'acl.deny.branches', |
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
444 b'acl.allow', |
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
445 b'acl.deny', |
43076
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
446 ], |
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
447 ) |
11092
2dd91779eb27
acl: add support for branch-based access control
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11058
diff
changeset
|
448 |
43077
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
449 allowbranches = buildmatch(ui, None, user, b'acl.allow.branches') |
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
450 denybranches = buildmatch(ui, None, user, b'acl.deny.branches') |
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
451 allow = buildmatch(ui, repo, user, b'acl.allow') |
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
452 deny = buildmatch(ui, repo, user, b'acl.deny') |
6766 | 453 |
49284
d44e3c45f0e4
py3: replace `pycompat.xrange` by `range`
Manuel Jacob <me@manueljacob.de>
parents:
48875
diff
changeset
|
454 for rev in range(repo[node].rev(), len(repo)): |
6766 | 455 ctx = repo[rev] |
11092
2dd91779eb27
acl: add support for branch-based access control
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11058
diff
changeset
|
456 branch = ctx.branch() |
2dd91779eb27
acl: add support for branch-based access control
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11058
diff
changeset
|
457 if denybranches and denybranches(branch): |
43076
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
458 raise error.Abort( |
43117
8ff1ecfadcd1
cleanup: join string literals that are already on one line
Martin von Zweigbergk <martinvonz@google.com>
parents:
43077
diff
changeset
|
459 _(b'acl: user "%s" denied on branch "%s" (changeset "%s")') |
43076
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
460 % (user, branch, ctx) |
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
461 ) |
11092
2dd91779eb27
acl: add support for branch-based access control
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11058
diff
changeset
|
462 if allowbranches and not allowbranches(branch): |
43076
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
463 raise error.Abort( |
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
464 _( |
43077
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
465 b'acl: user "%s" not allowed on branch "%s"' |
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
466 b' (changeset "%s")' |
43076
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
467 ) |
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
468 % (user, branch, ctx) |
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
469 ) |
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
470 ui.debug( |
43077
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
471 b'acl: branch access granted: "%s" on branch "%s"\n' % (ctx, branch) |
43076
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
472 ) |
11092
2dd91779eb27
acl: add support for branch-based access control
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11058
diff
changeset
|
473 |
6766 | 474 for f in ctx.files(): |
475 if deny and deny(f): | |
43076
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
476 raise error.Abort( |
43117
8ff1ecfadcd1
cleanup: join string literals that are already on one line
Martin von Zweigbergk <martinvonz@google.com>
parents:
43077
diff
changeset
|
477 _(b'acl: user "%s" denied on "%s" (changeset "%s")') |
43076
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
478 % (user, f, ctx) |
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
479 ) |
6766 | 480 if allow and not allow(f): |
43076
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
481 raise error.Abort( |
43077
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
482 _( |
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
483 b'acl: user "%s" not allowed on "%s"' |
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
484 b' (changeset "%s")' |
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
485 ) |
43076
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
486 % (user, f, ctx) |
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
487 ) |
43077
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
488 ui.debug(b'acl: path access granted: "%s"\n' % ctx) |