Mercurial > hg
annotate hgext/acl.py @ 48868:a52f5bfc9358
import-checker: assume absolute and use modern import checker
Since we require Python 3 now, we can assume we always use absolute
imports and the modern import checker should be used.
Differential Revision: https://phab.mercurial-scm.org/D12246
author | Gregory Szorc <gregory.szorc@gmail.com> |
---|---|
date | Sun, 20 Feb 2022 13:43:44 -0700 |
parents | 89a2afe31e82 |
children | 6000f5b25c9b |
rev | line source |
---|---|
2344
ae12e5a2c4a3
add acl extension, to limit who can push to subdirs of central repo.
Vadim Gelfer <vadim.gelfer@gmail.com>
parents:
diff
changeset
|
1 # acl.py - changeset access control for mercurial |
ae12e5a2c4a3
add acl extension, to limit who can push to subdirs of central repo.
Vadim Gelfer <vadim.gelfer@gmail.com>
parents:
diff
changeset
|
2 # |
ae12e5a2c4a3
add acl extension, to limit who can push to subdirs of central repo.
Vadim Gelfer <vadim.gelfer@gmail.com>
parents:
diff
changeset
|
3 # Copyright 2006 Vadim Gelfer <vadim.gelfer@gmail.com> |
ae12e5a2c4a3
add acl extension, to limit who can push to subdirs of central repo.
Vadim Gelfer <vadim.gelfer@gmail.com>
parents:
diff
changeset
|
4 # |
8225
46293a0c7e9f
updated license to be explicit about GPL version 2
Martin Geisler <mg@lazybytes.net>
parents:
8142
diff
changeset
|
5 # This software may be used and distributed according to the terms of the |
10263 | 6 # GNU General Public License version 2 or any later version. |
8873
e872ef2e6758
help: add/fix docstrings for a bunch of extensions
Dirkjan Ochtman <dirkjan@ochtman.nl>
parents:
8846
diff
changeset
|
7 |
8935
f4f0e902b750
extensions: change descriptions for hook-providing extensions
Dirkjan Ochtman <dirkjan@ochtman.nl>
parents:
8894
diff
changeset
|
8 '''hooks for controlling repository access |
8873
e872ef2e6758
help: add/fix docstrings for a bunch of extensions
Dirkjan Ochtman <dirkjan@ochtman.nl>
parents:
8846
diff
changeset
|
9 |
11095
d56124931909
acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents:
11094
diff
changeset
|
10 This hook makes it possible to allow or deny write access to given |
d56124931909
acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents:
11094
diff
changeset
|
11 branches and paths of a repository when receiving incoming changesets |
d56124931909
acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents:
11094
diff
changeset
|
12 via pretxnchangegroup and pretxncommit. |
9250
00986b9ed649
acl: wrap docstrings at 70 characters
Martin Geisler <mg@lazybytes.net>
parents:
9201
diff
changeset
|
13 |
00986b9ed649
acl: wrap docstrings at 70 characters
Martin Geisler <mg@lazybytes.net>
parents:
9201
diff
changeset
|
14 The authorization is matched based on the local user name on the |
00986b9ed649
acl: wrap docstrings at 70 characters
Martin Geisler <mg@lazybytes.net>
parents:
9201
diff
changeset
|
15 system where the hook runs, and not the committer of the original |
00986b9ed649
acl: wrap docstrings at 70 characters
Martin Geisler <mg@lazybytes.net>
parents:
9201
diff
changeset
|
16 changeset (since the latter is merely informative). |
8873
e872ef2e6758
help: add/fix docstrings for a bunch of extensions
Dirkjan Ochtman <dirkjan@ochtman.nl>
parents:
8846
diff
changeset
|
17 |
9250
00986b9ed649
acl: wrap docstrings at 70 characters
Martin Geisler <mg@lazybytes.net>
parents:
9201
diff
changeset
|
18 The acl hook is best used along with a restricted shell like hgsh, |
11095
d56124931909
acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents:
11094
diff
changeset
|
19 preventing authenticating users from doing anything other than pushing |
d56124931909
acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents:
11094
diff
changeset
|
20 or pulling. The hook is not safe to use if users have interactive |
d56124931909
acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents:
11094
diff
changeset
|
21 shell access, as they can then disable the hook. Nor is it safe if |
d56124931909
acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents:
11094
diff
changeset
|
22 remote users share an account, because then there is no way to |
d56124931909
acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents:
11094
diff
changeset
|
23 distinguish them. |
8873
e872ef2e6758
help: add/fix docstrings for a bunch of extensions
Dirkjan Ochtman <dirkjan@ochtman.nl>
parents:
8846
diff
changeset
|
24 |
11092
2dd91779eb27
acl: add support for branch-based access control
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11058
diff
changeset
|
25 The order in which access checks are performed is: |
11094 | 26 |
27 1) Deny list for branches (section ``acl.deny.branches``) | |
28 2) Allow list for branches (section ``acl.allow.branches``) | |
29 3) Deny list for paths (section ``acl.deny``) | |
30 4) Allow list for paths (section ``acl.allow``) | |
11042
d82f3651cd13
acl: updated doc string to reflect recent changes
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11041
diff
changeset
|
31 |
11092
2dd91779eb27
acl: add support for branch-based access control
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11058
diff
changeset
|
32 The allow and deny sections take key-value pairs. |
2dd91779eb27
acl: add support for branch-based access control
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11058
diff
changeset
|
33 |
11094 | 34 Branch-based Access Control |
17267
979b107eaea2
doc: unify section level between help topics
FUJIWARA Katsunori <foozy@lares.dti.ne.jp>
parents:
16957
diff
changeset
|
35 --------------------------- |
11092
2dd91779eb27
acl: add support for branch-based access control
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11058
diff
changeset
|
36 |
11095
d56124931909
acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents:
11094
diff
changeset
|
37 Use the ``acl.deny.branches`` and ``acl.allow.branches`` sections to |
d56124931909
acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents:
11094
diff
changeset
|
38 have branch-based access control. Keys in these sections can be |
d56124931909
acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents:
11094
diff
changeset
|
39 either: |
11057
7f0796a0b35c
acl: fix ReST syntax in docstring
Martin Geisler <mg@lazybytes.net>
parents:
11042
diff
changeset
|
40 |
11095
d56124931909
acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents:
11094
diff
changeset
|
41 - a branch name, or |
d56124931909
acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents:
11094
diff
changeset
|
42 - an asterisk, to match any branch; |
11092
2dd91779eb27
acl: add support for branch-based access control
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11058
diff
changeset
|
43 |
2dd91779eb27
acl: add support for branch-based access control
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11058
diff
changeset
|
44 The corresponding values can be either: |
11094 | 45 |
11095
d56124931909
acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents:
11094
diff
changeset
|
46 - a comma-separated list containing users and groups, or |
d56124931909
acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents:
11094
diff
changeset
|
47 - an asterisk, to match anyone; |
11042
d82f3651cd13
acl: updated doc string to reflect recent changes
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11041
diff
changeset
|
48 |
16957
d7b608149f6c
acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16956
diff
changeset
|
49 You can add the "!" prefix to a user or group name to invert the sense |
d7b608149f6c
acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16956
diff
changeset
|
50 of the match. |
d7b608149f6c
acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16956
diff
changeset
|
51 |
11094 | 52 Path-based Access Control |
17267
979b107eaea2
doc: unify section level between help topics
FUJIWARA Katsunori <foozy@lares.dti.ne.jp>
parents:
16957
diff
changeset
|
53 ------------------------- |
11092
2dd91779eb27
acl: add support for branch-based access control
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11058
diff
changeset
|
54 |
11095
d56124931909
acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents:
11094
diff
changeset
|
55 Use the ``acl.deny`` and ``acl.allow`` sections to have path-based |
d56124931909
acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents:
11094
diff
changeset
|
56 access control. Keys in these sections accept a subtree pattern (with |
d56124931909
acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents:
11094
diff
changeset
|
57 a glob syntax by default). The corresponding values follow the same |
d56124931909
acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents:
11094
diff
changeset
|
58 syntax as the other sections above. |
11092
2dd91779eb27
acl: add support for branch-based access control
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11058
diff
changeset
|
59 |
38531
6beb8347b709
acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents:
37120
diff
changeset
|
60 Bookmark-based Access Control |
6beb8347b709
acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents:
37120
diff
changeset
|
61 ----------------------------- |
6beb8347b709
acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents:
37120
diff
changeset
|
62 Use the ``acl.deny.bookmarks`` and ``acl.allow.bookmarks`` sections to |
6beb8347b709
acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents:
37120
diff
changeset
|
63 have bookmark-based access control. Keys in these sections can be |
6beb8347b709
acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents:
37120
diff
changeset
|
64 either: |
6beb8347b709
acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents:
37120
diff
changeset
|
65 |
6beb8347b709
acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents:
37120
diff
changeset
|
66 - a bookmark name, or |
6beb8347b709
acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents:
37120
diff
changeset
|
67 - an asterisk, to match any bookmark; |
6beb8347b709
acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents:
37120
diff
changeset
|
68 |
6beb8347b709
acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents:
37120
diff
changeset
|
69 The corresponding values can be either: |
6beb8347b709
acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents:
37120
diff
changeset
|
70 |
6beb8347b709
acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents:
37120
diff
changeset
|
71 - a comma-separated list containing users and groups, or |
6beb8347b709
acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents:
37120
diff
changeset
|
72 - an asterisk, to match anyone; |
6beb8347b709
acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents:
37120
diff
changeset
|
73 |
6beb8347b709
acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents:
37120
diff
changeset
|
74 You can add the "!" prefix to a user or group name to invert the sense |
6beb8347b709
acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents:
37120
diff
changeset
|
75 of the match. |
6beb8347b709
acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents:
37120
diff
changeset
|
76 |
6beb8347b709
acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents:
37120
diff
changeset
|
77 Note: for interactions between clients and servers using Mercurial 3.6+ |
6beb8347b709
acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents:
37120
diff
changeset
|
78 a rejection will generally reject the entire push, for interactions |
6beb8347b709
acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents:
37120
diff
changeset
|
79 involving older clients, the commit transactions will already be accepted, |
6beb8347b709
acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents:
37120
diff
changeset
|
80 and only the bookmark movement will be rejected. |
6beb8347b709
acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents:
37120
diff
changeset
|
81 |
11094 | 82 Groups |
17267
979b107eaea2
doc: unify section level between help topics
FUJIWARA Katsunori <foozy@lares.dti.ne.jp>
parents:
16957
diff
changeset
|
83 ------ |
11092
2dd91779eb27
acl: add support for branch-based access control
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11058
diff
changeset
|
84 |
11095
d56124931909
acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents:
11094
diff
changeset
|
85 Group names must be prefixed with an ``@`` symbol. Specifying a group |
d56124931909
acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents:
11094
diff
changeset
|
86 name has the same effect as specifying all the users in that group. |
8873
e872ef2e6758
help: add/fix docstrings for a bunch of extensions
Dirkjan Ochtman <dirkjan@ochtman.nl>
parents:
8846
diff
changeset
|
87 |
11115
b3d5619f1f2b
acl: update docstring to describe section [acl.groups]
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11114
diff
changeset
|
88 You can define group members in the ``acl.groups`` section. |
b3d5619f1f2b
acl: update docstring to describe section [acl.groups]
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11114
diff
changeset
|
89 If a group name is not defined there, and Mercurial is running under |
b3d5619f1f2b
acl: update docstring to describe section [acl.groups]
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11114
diff
changeset
|
90 a Unix-like system, the list of users will be taken from the OS. |
b3d5619f1f2b
acl: update docstring to describe section [acl.groups]
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11114
diff
changeset
|
91 Otherwise, an exception will be raised. |
b3d5619f1f2b
acl: update docstring to describe section [acl.groups]
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11114
diff
changeset
|
92 |
11094 | 93 Example Configuration |
17267
979b107eaea2
doc: unify section level between help topics
FUJIWARA Katsunori <foozy@lares.dti.ne.jp>
parents:
16957
diff
changeset
|
94 --------------------- |
11094 | 95 |
96 :: | |
8873
e872ef2e6758
help: add/fix docstrings for a bunch of extensions
Dirkjan Ochtman <dirkjan@ochtman.nl>
parents:
8846
diff
changeset
|
97 |
e872ef2e6758
help: add/fix docstrings for a bunch of extensions
Dirkjan Ochtman <dirkjan@ochtman.nl>
parents:
8846
diff
changeset
|
98 [hooks] |
11042
d82f3651cd13
acl: updated doc string to reflect recent changes
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11041
diff
changeset
|
99 |
11092
2dd91779eb27
acl: add support for branch-based access control
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11058
diff
changeset
|
100 # Use this if you want to check access restrictions at commit time |
11042
d82f3651cd13
acl: updated doc string to reflect recent changes
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11041
diff
changeset
|
101 pretxncommit.acl = python:hgext.acl.hook |
11423
776f9784b34b
acl: delete trailing whitespace in docstring
Martin Geisler <mg@lazybytes.net>
parents:
11140
diff
changeset
|
102 |
11095
d56124931909
acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents:
11094
diff
changeset
|
103 # Use this if you want to check access restrictions for pull, push, |
d56124931909
acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents:
11094
diff
changeset
|
104 # bundle and serve. |
8873
e872ef2e6758
help: add/fix docstrings for a bunch of extensions
Dirkjan Ochtman <dirkjan@ochtman.nl>
parents:
8846
diff
changeset
|
105 pretxnchangegroup.acl = python:hgext.acl.hook |
e872ef2e6758
help: add/fix docstrings for a bunch of extensions
Dirkjan Ochtman <dirkjan@ochtman.nl>
parents:
8846
diff
changeset
|
106 |
e872ef2e6758
help: add/fix docstrings for a bunch of extensions
Dirkjan Ochtman <dirkjan@ochtman.nl>
parents:
8846
diff
changeset
|
107 [acl] |
11131
0b6fd18ab8af
acl: clarify acl.sources, fix typo
Patrick Mezard <pmezard@gmail.com>
parents:
11115
diff
changeset
|
108 # Allow or deny access for incoming changes only if their source is |
0b6fd18ab8af
acl: clarify acl.sources, fix typo
Patrick Mezard <pmezard@gmail.com>
parents:
11115
diff
changeset
|
109 # listed here, let them pass otherwise. Source is "serve" for all |
0b6fd18ab8af
acl: clarify acl.sources, fix typo
Patrick Mezard <pmezard@gmail.com>
parents:
11115
diff
changeset
|
110 # remote access (http or ssh), "push", "pull" or "bundle" when the |
0b6fd18ab8af
acl: clarify acl.sources, fix typo
Patrick Mezard <pmezard@gmail.com>
parents:
11115
diff
changeset
|
111 # related commands are run locally. |
0b6fd18ab8af
acl: clarify acl.sources, fix typo
Patrick Mezard <pmezard@gmail.com>
parents:
11115
diff
changeset
|
112 # Default: serve |
8893 | 113 sources = serve |
8873
e872ef2e6758
help: add/fix docstrings for a bunch of extensions
Dirkjan Ochtman <dirkjan@ochtman.nl>
parents:
8846
diff
changeset
|
114 |
11423
776f9784b34b
acl: delete trailing whitespace in docstring
Martin Geisler <mg@lazybytes.net>
parents:
11140
diff
changeset
|
115 [acl.deny.branches] |
776f9784b34b
acl: delete trailing whitespace in docstring
Martin Geisler <mg@lazybytes.net>
parents:
11140
diff
changeset
|
116 |
776f9784b34b
acl: delete trailing whitespace in docstring
Martin Geisler <mg@lazybytes.net>
parents:
11140
diff
changeset
|
117 # Everyone is denied to the frozen branch: |
776f9784b34b
acl: delete trailing whitespace in docstring
Martin Geisler <mg@lazybytes.net>
parents:
11140
diff
changeset
|
118 frozen-branch = * |
776f9784b34b
acl: delete trailing whitespace in docstring
Martin Geisler <mg@lazybytes.net>
parents:
11140
diff
changeset
|
119 |
776f9784b34b
acl: delete trailing whitespace in docstring
Martin Geisler <mg@lazybytes.net>
parents:
11140
diff
changeset
|
120 # A bad user is denied on all branches: |
776f9784b34b
acl: delete trailing whitespace in docstring
Martin Geisler <mg@lazybytes.net>
parents:
11140
diff
changeset
|
121 * = bad-user |
776f9784b34b
acl: delete trailing whitespace in docstring
Martin Geisler <mg@lazybytes.net>
parents:
11140
diff
changeset
|
122 |
776f9784b34b
acl: delete trailing whitespace in docstring
Martin Geisler <mg@lazybytes.net>
parents:
11140
diff
changeset
|
123 [acl.allow.branches] |
776f9784b34b
acl: delete trailing whitespace in docstring
Martin Geisler <mg@lazybytes.net>
parents:
11140
diff
changeset
|
124 |
776f9784b34b
acl: delete trailing whitespace in docstring
Martin Geisler <mg@lazybytes.net>
parents:
11140
diff
changeset
|
125 # A few users are allowed on branch-a: |
776f9784b34b
acl: delete trailing whitespace in docstring
Martin Geisler <mg@lazybytes.net>
parents:
11140
diff
changeset
|
126 branch-a = user-1, user-2, user-3 |
776f9784b34b
acl: delete trailing whitespace in docstring
Martin Geisler <mg@lazybytes.net>
parents:
11140
diff
changeset
|
127 |
776f9784b34b
acl: delete trailing whitespace in docstring
Martin Geisler <mg@lazybytes.net>
parents:
11140
diff
changeset
|
128 # Only one user is allowed on branch-b: |
776f9784b34b
acl: delete trailing whitespace in docstring
Martin Geisler <mg@lazybytes.net>
parents:
11140
diff
changeset
|
129 branch-b = user-1 |
776f9784b34b
acl: delete trailing whitespace in docstring
Martin Geisler <mg@lazybytes.net>
parents:
11140
diff
changeset
|
130 |
776f9784b34b
acl: delete trailing whitespace in docstring
Martin Geisler <mg@lazybytes.net>
parents:
11140
diff
changeset
|
131 # The super user is allowed on any branch: |
776f9784b34b
acl: delete trailing whitespace in docstring
Martin Geisler <mg@lazybytes.net>
parents:
11140
diff
changeset
|
132 * = super-user |
776f9784b34b
acl: delete trailing whitespace in docstring
Martin Geisler <mg@lazybytes.net>
parents:
11140
diff
changeset
|
133 |
776f9784b34b
acl: delete trailing whitespace in docstring
Martin Geisler <mg@lazybytes.net>
parents:
11140
diff
changeset
|
134 # Everyone is allowed on branch-for-tests: |
776f9784b34b
acl: delete trailing whitespace in docstring
Martin Geisler <mg@lazybytes.net>
parents:
11140
diff
changeset
|
135 branch-for-tests = * |
11092
2dd91779eb27
acl: add support for branch-based access control
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11058
diff
changeset
|
136 |
11042
d82f3651cd13
acl: updated doc string to reflect recent changes
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11041
diff
changeset
|
137 [acl.deny] |
11095
d56124931909
acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents:
11094
diff
changeset
|
138 # This list is checked first. If a match is found, acl.allow is not |
d56124931909
acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents:
11094
diff
changeset
|
139 # checked. All users are granted access if acl.deny is not present. |
d56124931909
acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents:
11094
diff
changeset
|
140 # Format for both lists: glob pattern = user, ..., @group, ... |
11042
d82f3651cd13
acl: updated doc string to reflect recent changes
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11041
diff
changeset
|
141 |
d82f3651cd13
acl: updated doc string to reflect recent changes
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11041
diff
changeset
|
142 # To match everyone, use an asterisk for the user: |
d82f3651cd13
acl: updated doc string to reflect recent changes
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11041
diff
changeset
|
143 # my/glob/pattern = * |
d82f3651cd13
acl: updated doc string to reflect recent changes
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11041
diff
changeset
|
144 |
d82f3651cd13
acl: updated doc string to reflect recent changes
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11041
diff
changeset
|
145 # user6 will not have write access to any file: |
d82f3651cd13
acl: updated doc string to reflect recent changes
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11041
diff
changeset
|
146 ** = user6 |
d82f3651cd13
acl: updated doc string to reflect recent changes
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11041
diff
changeset
|
147 |
d82f3651cd13
acl: updated doc string to reflect recent changes
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11041
diff
changeset
|
148 # Group "hg-denied" will not have write access to any file: |
d82f3651cd13
acl: updated doc string to reflect recent changes
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11041
diff
changeset
|
149 ** = @hg-denied |
d82f3651cd13
acl: updated doc string to reflect recent changes
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11041
diff
changeset
|
150 |
17537 | 151 # Nobody will be able to change "DONT-TOUCH-THIS.txt", despite |
11095
d56124931909
acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents:
11094
diff
changeset
|
152 # everyone being able to change all other files. See below. |
17537 | 153 src/main/resources/DONT-TOUCH-THIS.txt = * |
8873
e872ef2e6758
help: add/fix docstrings for a bunch of extensions
Dirkjan Ochtman <dirkjan@ochtman.nl>
parents:
8846
diff
changeset
|
154 |
e872ef2e6758
help: add/fix docstrings for a bunch of extensions
Dirkjan Ochtman <dirkjan@ochtman.nl>
parents:
8846
diff
changeset
|
155 [acl.allow] |
11131
0b6fd18ab8af
acl: clarify acl.sources, fix typo
Patrick Mezard <pmezard@gmail.com>
parents:
11115
diff
changeset
|
156 # if acl.allow is not present, all users are allowed by default |
11042
d82f3651cd13
acl: updated doc string to reflect recent changes
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11041
diff
changeset
|
157 # empty acl.allow = no users allowed |
d82f3651cd13
acl: updated doc string to reflect recent changes
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11041
diff
changeset
|
158 |
11095
d56124931909
acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents:
11094
diff
changeset
|
159 # User "doc_writer" has write access to any file under the "docs" |
d56124931909
acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents:
11094
diff
changeset
|
160 # folder: |
8873
e872ef2e6758
help: add/fix docstrings for a bunch of extensions
Dirkjan Ochtman <dirkjan@ochtman.nl>
parents:
8846
diff
changeset
|
161 docs/** = doc_writer |
11042
d82f3651cd13
acl: updated doc string to reflect recent changes
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11041
diff
changeset
|
162 |
11095
d56124931909
acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents:
11094
diff
changeset
|
163 # User "jack" and group "designers" have write access to any file |
d56124931909
acl: more consistent docstring
Martin Geisler <mg@aragost.com>
parents:
11094
diff
changeset
|
164 # under the "images" folder: |
11042
d82f3651cd13
acl: updated doc string to reflect recent changes
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11041
diff
changeset
|
165 images/** = jack, @designers |
d82f3651cd13
acl: updated doc string to reflect recent changes
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11041
diff
changeset
|
166 |
16499
0b463f52b948
doc: fix explanation comment in acl extension
FUJIWARA Katsunori <foozy@lares.dti.ne.jp>
parents:
15207
diff
changeset
|
167 # Everyone (except for "user6" and "@hg-denied" - see acl.deny above) |
0b463f52b948
doc: fix explanation comment in acl extension
FUJIWARA Katsunori <foozy@lares.dti.ne.jp>
parents:
15207
diff
changeset
|
168 # will have write access to any file under the "resources" folder |
0b463f52b948
doc: fix explanation comment in acl extension
FUJIWARA Katsunori <foozy@lares.dti.ne.jp>
parents:
15207
diff
changeset
|
169 # (except for 1 file. See acl.deny): |
11042
d82f3651cd13
acl: updated doc string to reflect recent changes
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11041
diff
changeset
|
170 src/main/resources/** = * |
d82f3651cd13
acl: updated doc string to reflect recent changes
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11041
diff
changeset
|
171 |
8873
e872ef2e6758
help: add/fix docstrings for a bunch of extensions
Dirkjan Ochtman <dirkjan@ochtman.nl>
parents:
8846
diff
changeset
|
172 .hgtags = release_engineer |
e872ef2e6758
help: add/fix docstrings for a bunch of extensions
Dirkjan Ochtman <dirkjan@ochtman.nl>
parents:
8846
diff
changeset
|
173 |
16957
d7b608149f6c
acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16956
diff
changeset
|
174 Examples using the "!" prefix |
d7b608149f6c
acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16956
diff
changeset
|
175 ............................. |
d7b608149f6c
acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16956
diff
changeset
|
176 |
d7b608149f6c
acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16956
diff
changeset
|
177 Suppose there's a branch that only a given user (or group) should be able to |
d7b608149f6c
acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16956
diff
changeset
|
178 push to, and you don't want to restrict access to any other branch that may |
d7b608149f6c
acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16956
diff
changeset
|
179 be created. |
d7b608149f6c
acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16956
diff
changeset
|
180 |
d7b608149f6c
acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16956
diff
changeset
|
181 The "!" prefix allows you to prevent anyone except a given user or group to |
d7b608149f6c
acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16956
diff
changeset
|
182 push changesets in a given branch or path. |
d7b608149f6c
acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16956
diff
changeset
|
183 |
d7b608149f6c
acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16956
diff
changeset
|
184 In the examples below, we will: |
d7b608149f6c
acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16956
diff
changeset
|
185 1) Deny access to branch "ring" to anyone but user "gollum" |
d7b608149f6c
acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16956
diff
changeset
|
186 2) Deny access to branch "lake" to anyone but members of the group "hobbit" |
d7b608149f6c
acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16956
diff
changeset
|
187 3) Deny access to a file to anyone but user "gollum" |
d7b608149f6c
acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16956
diff
changeset
|
188 |
d7b608149f6c
acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16956
diff
changeset
|
189 :: |
d7b608149f6c
acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16956
diff
changeset
|
190 |
d7b608149f6c
acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16956
diff
changeset
|
191 [acl.allow.branches] |
d7b608149f6c
acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16956
diff
changeset
|
192 # Empty |
d7b608149f6c
acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16956
diff
changeset
|
193 |
d7b608149f6c
acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16956
diff
changeset
|
194 [acl.deny.branches] |
d7b608149f6c
acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16956
diff
changeset
|
195 |
d7b608149f6c
acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16956
diff
changeset
|
196 # 1) only 'gollum' can commit to branch 'ring'; |
d7b608149f6c
acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16956
diff
changeset
|
197 # 'gollum' and anyone else can still commit to any other branch. |
d7b608149f6c
acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16956
diff
changeset
|
198 ring = !gollum |
d7b608149f6c
acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16956
diff
changeset
|
199 |
d7b608149f6c
acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16956
diff
changeset
|
200 # 2) only members of the group 'hobbit' can commit to branch 'lake'; |
d7b608149f6c
acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16956
diff
changeset
|
201 # 'hobbit' members and anyone else can still commit to any other branch. |
d7b608149f6c
acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16956
diff
changeset
|
202 lake = !@hobbit |
d7b608149f6c
acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16956
diff
changeset
|
203 |
d7b608149f6c
acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16956
diff
changeset
|
204 # You can also deny access based on file paths: |
d7b608149f6c
acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16956
diff
changeset
|
205 |
d7b608149f6c
acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16956
diff
changeset
|
206 [acl.allow] |
d7b608149f6c
acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16956
diff
changeset
|
207 # Empty |
d7b608149f6c
acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16956
diff
changeset
|
208 |
d7b608149f6c
acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16956
diff
changeset
|
209 [acl.deny] |
d7b608149f6c
acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16956
diff
changeset
|
210 # 3) only 'gollum' can change the file below; |
d7b608149f6c
acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16956
diff
changeset
|
211 # 'gollum' and anyone else can still change any other file. |
d7b608149f6c
acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16956
diff
changeset
|
212 /misty/mountains/cave/ring = !gollum |
d7b608149f6c
acl: user docs for the "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16956
diff
changeset
|
213 |
8873
e872ef2e6758
help: add/fix docstrings for a bunch of extensions
Dirkjan Ochtman <dirkjan@ochtman.nl>
parents:
8846
diff
changeset
|
214 ''' |
2344
ae12e5a2c4a3
add acl extension, to limit who can push to subdirs of central repo.
Vadim Gelfer <vadim.gelfer@gmail.com>
parents:
diff
changeset
|
215 |
28089
a1163ee26e4a
acl: use absolute_import
Gregory Szorc <gregory.szorc@gmail.com>
parents:
26587
diff
changeset
|
216 from __future__ import absolute_import |
a1163ee26e4a
acl: use absolute_import
Gregory Szorc <gregory.szorc@gmail.com>
parents:
26587
diff
changeset
|
217 |
3891 | 218 from mercurial.i18n import _ |
28089
a1163ee26e4a
acl: use absolute_import
Gregory Szorc <gregory.szorc@gmail.com>
parents:
26587
diff
changeset
|
219 from mercurial import ( |
a1163ee26e4a
acl: use absolute_import
Gregory Szorc <gregory.szorc@gmail.com>
parents:
26587
diff
changeset
|
220 error, |
34829
120c5c155ba4
acl: make sure the extensions is enabled when the acl-hooks run
Boris Feld <boris.feld@octobus.net>
parents:
34779
diff
changeset
|
221 extensions, |
28089
a1163ee26e4a
acl: use absolute_import
Gregory Szorc <gregory.szorc@gmail.com>
parents:
26587
diff
changeset
|
222 match, |
38783
e7aa113b14f7
global: use pycompat.xrange()
Gregory Szorc <gregory.szorc@gmail.com>
parents:
38531
diff
changeset
|
223 pycompat, |
33185
8b109c61bc11
configitems: register the 'acl.config' config
Pierre-Yves David <pierre-yves.david@octobus.net>
parents:
29841
diff
changeset
|
224 registrar, |
28089
a1163ee26e4a
acl: use absolute_import
Gregory Szorc <gregory.szorc@gmail.com>
parents:
26587
diff
changeset
|
225 util, |
a1163ee26e4a
acl: use absolute_import
Gregory Szorc <gregory.szorc@gmail.com>
parents:
26587
diff
changeset
|
226 ) |
43076
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
227 from mercurial.utils import procutil |
11041
623fe42a649e
acl: add support for OS-level groups using @group syntax
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
10955
diff
changeset
|
228 |
28883
032c4c2f802a
pycompat: switch to util.urlreq/util.urlerr for py3 compat
timeless <timeless@mozdev.org>
parents:
28089
diff
changeset
|
229 urlreq = util.urlreq |
032c4c2f802a
pycompat: switch to util.urlreq/util.urlerr for py3 compat
timeless <timeless@mozdev.org>
parents:
28089
diff
changeset
|
230 |
29841
d5883fd055c6
extensions: change magic "shipped with hg" string
Augie Fackler <augie@google.com>
parents:
28883
diff
changeset
|
231 # Note for extension authors: ONLY specify testedwith = 'ships-with-hg-core' for |
25186
80c5b2666a96
extensions: document that `testedwith = 'internal'` is special
Augie Fackler <augie@google.com>
parents:
19872
diff
changeset
|
232 # extensions which SHIP WITH MERCURIAL. Non-mainline extensions should |
80c5b2666a96
extensions: document that `testedwith = 'internal'` is special
Augie Fackler <augie@google.com>
parents:
19872
diff
changeset
|
233 # be specifying the version(s) of Mercurial they are tested with, or |
80c5b2666a96
extensions: document that `testedwith = 'internal'` is special
Augie Fackler <augie@google.com>
parents:
19872
diff
changeset
|
234 # leave the attribute unspecified. |
43077
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
235 testedwith = b'ships-with-hg-core' |
16743
38caf405d010
hgext: mark all first-party extensions as such
Augie Fackler <raf@durin42.com>
parents:
16499
diff
changeset
|
236 |
33185
8b109c61bc11
configitems: register the 'acl.config' config
Pierre-Yves David <pierre-yves.david@octobus.net>
parents:
29841
diff
changeset
|
237 configtable = {} |
8b109c61bc11
configitems: register the 'acl.config' config
Pierre-Yves David <pierre-yves.david@octobus.net>
parents:
29841
diff
changeset
|
238 configitem = registrar.configitem(configtable) |
8b109c61bc11
configitems: register the 'acl.config' config
Pierre-Yves David <pierre-yves.david@octobus.net>
parents:
29841
diff
changeset
|
239 |
8b109c61bc11
configitems: register the 'acl.config' config
Pierre-Yves David <pierre-yves.david@octobus.net>
parents:
29841
diff
changeset
|
240 # deprecated config: acl.config |
43076
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
241 configitem( |
45942
89a2afe31e82
formating: upgrade to black 20.8b1
Augie Fackler <raf@durin42.com>
parents:
43506
diff
changeset
|
242 b'acl', |
89a2afe31e82
formating: upgrade to black 20.8b1
Augie Fackler <raf@durin42.com>
parents:
43506
diff
changeset
|
243 b'config', |
89a2afe31e82
formating: upgrade to black 20.8b1
Augie Fackler <raf@durin42.com>
parents:
43506
diff
changeset
|
244 default=None, |
33185
8b109c61bc11
configitems: register the 'acl.config' config
Pierre-Yves David <pierre-yves.david@octobus.net>
parents:
29841
diff
changeset
|
245 ) |
43076
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
246 configitem( |
45942
89a2afe31e82
formating: upgrade to black 20.8b1
Augie Fackler <raf@durin42.com>
parents:
43506
diff
changeset
|
247 b'acl.groups', |
89a2afe31e82
formating: upgrade to black 20.8b1
Augie Fackler <raf@durin42.com>
parents:
43506
diff
changeset
|
248 b'.*', |
89a2afe31e82
formating: upgrade to black 20.8b1
Augie Fackler <raf@durin42.com>
parents:
43506
diff
changeset
|
249 default=None, |
89a2afe31e82
formating: upgrade to black 20.8b1
Augie Fackler <raf@durin42.com>
parents:
43506
diff
changeset
|
250 generic=True, |
34779
cfb054a7ecc4
configitems: register acl config section
Boris Feld <boris.feld@octobus.net>
parents:
33216
diff
changeset
|
251 ) |
43076
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
252 configitem( |
45942
89a2afe31e82
formating: upgrade to black 20.8b1
Augie Fackler <raf@durin42.com>
parents:
43506
diff
changeset
|
253 b'acl.deny.branches', |
89a2afe31e82
formating: upgrade to black 20.8b1
Augie Fackler <raf@durin42.com>
parents:
43506
diff
changeset
|
254 b'.*', |
89a2afe31e82
formating: upgrade to black 20.8b1
Augie Fackler <raf@durin42.com>
parents:
43506
diff
changeset
|
255 default=None, |
89a2afe31e82
formating: upgrade to black 20.8b1
Augie Fackler <raf@durin42.com>
parents:
43506
diff
changeset
|
256 generic=True, |
34779
cfb054a7ecc4
configitems: register acl config section
Boris Feld <boris.feld@octobus.net>
parents:
33216
diff
changeset
|
257 ) |
43076
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
258 configitem( |
45942
89a2afe31e82
formating: upgrade to black 20.8b1
Augie Fackler <raf@durin42.com>
parents:
43506
diff
changeset
|
259 b'acl.allow.branches', |
89a2afe31e82
formating: upgrade to black 20.8b1
Augie Fackler <raf@durin42.com>
parents:
43506
diff
changeset
|
260 b'.*', |
89a2afe31e82
formating: upgrade to black 20.8b1
Augie Fackler <raf@durin42.com>
parents:
43506
diff
changeset
|
261 default=None, |
89a2afe31e82
formating: upgrade to black 20.8b1
Augie Fackler <raf@durin42.com>
parents:
43506
diff
changeset
|
262 generic=True, |
34779
cfb054a7ecc4
configitems: register acl config section
Boris Feld <boris.feld@octobus.net>
parents:
33216
diff
changeset
|
263 ) |
43076
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
264 configitem( |
45942
89a2afe31e82
formating: upgrade to black 20.8b1
Augie Fackler <raf@durin42.com>
parents:
43506
diff
changeset
|
265 b'acl.deny', |
89a2afe31e82
formating: upgrade to black 20.8b1
Augie Fackler <raf@durin42.com>
parents:
43506
diff
changeset
|
266 b'.*', |
89a2afe31e82
formating: upgrade to black 20.8b1
Augie Fackler <raf@durin42.com>
parents:
43506
diff
changeset
|
267 default=None, |
89a2afe31e82
formating: upgrade to black 20.8b1
Augie Fackler <raf@durin42.com>
parents:
43506
diff
changeset
|
268 generic=True, |
34779
cfb054a7ecc4
configitems: register acl config section
Boris Feld <boris.feld@octobus.net>
parents:
33216
diff
changeset
|
269 ) |
43076
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
270 configitem( |
45942
89a2afe31e82
formating: upgrade to black 20.8b1
Augie Fackler <raf@durin42.com>
parents:
43506
diff
changeset
|
271 b'acl.allow', |
89a2afe31e82
formating: upgrade to black 20.8b1
Augie Fackler <raf@durin42.com>
parents:
43506
diff
changeset
|
272 b'.*', |
89a2afe31e82
formating: upgrade to black 20.8b1
Augie Fackler <raf@durin42.com>
parents:
43506
diff
changeset
|
273 default=None, |
89a2afe31e82
formating: upgrade to black 20.8b1
Augie Fackler <raf@durin42.com>
parents:
43506
diff
changeset
|
274 generic=True, |
34779
cfb054a7ecc4
configitems: register acl config section
Boris Feld <boris.feld@octobus.net>
parents:
33216
diff
changeset
|
275 ) |
43076
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
276 configitem( |
45942
89a2afe31e82
formating: upgrade to black 20.8b1
Augie Fackler <raf@durin42.com>
parents:
43506
diff
changeset
|
277 b'acl', |
89a2afe31e82
formating: upgrade to black 20.8b1
Augie Fackler <raf@durin42.com>
parents:
43506
diff
changeset
|
278 b'sources', |
89a2afe31e82
formating: upgrade to black 20.8b1
Augie Fackler <raf@durin42.com>
parents:
43506
diff
changeset
|
279 default=lambda: [b'serve'], |
33186
478cb17cc610
configitems: register the 'acl.sources' config
Pierre-Yves David <pierre-yves.david@octobus.net>
parents:
33185
diff
changeset
|
280 ) |
33185
8b109c61bc11
configitems: register the 'acl.config' config
Pierre-Yves David <pierre-yves.david@octobus.net>
parents:
29841
diff
changeset
|
281 |
43076
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
282 |
11114
62714143742f
acl: support for group definitions in section [acl.groups], which take precedence over OS-level groups
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11095
diff
changeset
|
283 def _getusers(ui, group): |
62714143742f
acl: support for group definitions in section [acl.groups], which take precedence over OS-level groups
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11095
diff
changeset
|
284 |
62714143742f
acl: support for group definitions in section [acl.groups], which take precedence over OS-level groups
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11095
diff
changeset
|
285 # First, try to use group definition from section [acl.groups] |
43077
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
286 hgrcusers = ui.configlist(b'acl.groups', group) |
11114
62714143742f
acl: support for group definitions in section [acl.groups], which take precedence over OS-level groups
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11095
diff
changeset
|
287 if hgrcusers: |
62714143742f
acl: support for group definitions in section [acl.groups], which take precedence over OS-level groups
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11095
diff
changeset
|
288 return hgrcusers |
62714143742f
acl: support for group definitions in section [acl.groups], which take precedence over OS-level groups
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11095
diff
changeset
|
289 |
43077
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
290 ui.debug(b'acl: "%s" not defined in [acl.groups]\n' % group) |
11114
62714143742f
acl: support for group definitions in section [acl.groups], which take precedence over OS-level groups
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11095
diff
changeset
|
291 # If no users found in group definition, get users from OS-level group |
11140
1f26cf0a3663
acl: improve undefined group error handling
Patrick Mezard <pmezard@gmail.com>
parents:
11138
diff
changeset
|
292 try: |
1f26cf0a3663
acl: improve undefined group error handling
Patrick Mezard <pmezard@gmail.com>
parents:
11138
diff
changeset
|
293 return util.groupmembers(group) |
1f26cf0a3663
acl: improve undefined group error handling
Patrick Mezard <pmezard@gmail.com>
parents:
11138
diff
changeset
|
294 except KeyError: |
43077
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
295 raise error.Abort(_(b"group '%s' is undefined") % group) |
11041
623fe42a649e
acl: add support for OS-level groups using @group syntax
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
10955
diff
changeset
|
296 |
43076
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
297 |
11114
62714143742f
acl: support for group definitions in section [acl.groups], which take precedence over OS-level groups
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11095
diff
changeset
|
298 def _usermatch(ui, user, usersorgroups): |
11041
623fe42a649e
acl: add support for OS-level groups using @group syntax
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
10955
diff
changeset
|
299 |
43077
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
300 if usersorgroups == b'*': |
11041
623fe42a649e
acl: add support for OS-level groups using @group syntax
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
10955
diff
changeset
|
301 return True |
623fe42a649e
acl: add support for OS-level groups using @group syntax
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
10955
diff
changeset
|
302 |
43077
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
303 for ug in usersorgroups.replace(b',', b' ').split(): |
16956
c49cf339b5bb
acl: use of "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16767
diff
changeset
|
304 |
43077
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
305 if ug.startswith(b'!'): |
16956
c49cf339b5bb
acl: use of "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16767
diff
changeset
|
306 # Test for excluded user or group. Format: |
c49cf339b5bb
acl: use of "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16767
diff
changeset
|
307 # if ug is a user name: !username |
c49cf339b5bb
acl: use of "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16767
diff
changeset
|
308 # if ug is a group name: !@groupname |
c49cf339b5bb
acl: use of "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16767
diff
changeset
|
309 ug = ug[1:] |
43076
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
310 if ( |
43077
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
311 not ug.startswith(b'@') |
43076
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
312 and user != ug |
43077
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
313 or ug.startswith(b'@') |
43076
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
314 and user not in _getusers(ui, ug[1:]) |
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
315 ): |
16956
c49cf339b5bb
acl: use of "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16767
diff
changeset
|
316 return True |
c49cf339b5bb
acl: use of "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16767
diff
changeset
|
317 |
c49cf339b5bb
acl: use of "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16767
diff
changeset
|
318 # Test for user or group. Format: |
c49cf339b5bb
acl: use of "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16767
diff
changeset
|
319 # if ug is a user name: username |
c49cf339b5bb
acl: use of "!" prefix in user or group names
Elifarley Callado Coelho Cruz
parents:
16767
diff
changeset
|
320 # if ug is a group name: @groupname |
43077
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
321 elif ( |
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
322 user == ug or ug.startswith(b'@') and user in _getusers(ui, ug[1:]) |
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
323 ): |
11041
623fe42a649e
acl: add support for OS-level groups using @group syntax
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
10955
diff
changeset
|
324 return True |
623fe42a649e
acl: add support for OS-level groups using @group syntax
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
10955
diff
changeset
|
325 |
623fe42a649e
acl: add support for OS-level groups using @group syntax
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
10955
diff
changeset
|
326 return False |
2344
ae12e5a2c4a3
add acl extension, to limit who can push to subdirs of central repo.
Vadim Gelfer <vadim.gelfer@gmail.com>
parents:
diff
changeset
|
327 |
43076
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
328 |
6766 | 329 def buildmatch(ui, repo, user, key): |
330 '''return tuple of (match function, list enabled).''' | |
331 if not ui.has_section(key): | |
43077
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
332 ui.debug(b'acl: %s not enabled\n' % key) |
6766 | 333 return None |
2344
ae12e5a2c4a3
add acl extension, to limit who can push to subdirs of central repo.
Vadim Gelfer <vadim.gelfer@gmail.com>
parents:
diff
changeset
|
334 |
43076
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
335 pats = [ |
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
336 pat for pat, users in ui.configitems(key) if _usermatch(ui, user, users) |
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
337 ] |
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
338 ui.debug( |
43077
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
339 b'acl: %s enabled, %d entries for user %s\n' % (key, len(pats), user) |
43076
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
340 ) |
11092
2dd91779eb27
acl: add support for branch-based access control
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11058
diff
changeset
|
341 |
16765
754e98e0a615
acl: added some comments to easily identify branch- and path-based verifications
Elifarley Callado Coelho Cruz
parents:
16764
diff
changeset
|
342 # Branch-based ACL |
11092
2dd91779eb27
acl: add support for branch-based access control
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11058
diff
changeset
|
343 if not repo: |
2dd91779eb27
acl: add support for branch-based access control
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11058
diff
changeset
|
344 if pats: |
16766
9d778f80ad2a
acl: perform some computations earlier, so that returned lambda functions are simpler
Elifarley Callado Coelho Cruz
parents:
16765
diff
changeset
|
345 # If there's an asterisk (meaning "any branch"), always return True; |
9d778f80ad2a
acl: perform some computations earlier, so that returned lambda functions are simpler
Elifarley Callado Coelho Cruz
parents:
16765
diff
changeset
|
346 # Otherwise, test if b is in pats |
43077
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
347 if b'*' in pats: |
16766
9d778f80ad2a
acl: perform some computations earlier, so that returned lambda functions are simpler
Elifarley Callado Coelho Cruz
parents:
16765
diff
changeset
|
348 return util.always |
9d778f80ad2a
acl: perform some computations earlier, so that returned lambda functions are simpler
Elifarley Callado Coelho Cruz
parents:
16765
diff
changeset
|
349 return lambda b: b in pats |
16764 | 350 return util.never |
11092
2dd91779eb27
acl: add support for branch-based access control
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11058
diff
changeset
|
351 |
16765
754e98e0a615
acl: added some comments to easily identify branch- and path-based verifications
Elifarley Callado Coelho Cruz
parents:
16764
diff
changeset
|
352 # Path-based ACL |
6766 | 353 if pats: |
43077
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
354 return match.match(repo.root, b'', pats) |
16767
363bde4224c8
acl: 'util.never' can be used instead of a more complex expression
Elifarley Callado Coelho Cruz
parents:
16766
diff
changeset
|
355 return util.never |
2344
ae12e5a2c4a3
add acl extension, to limit who can push to subdirs of central repo.
Vadim Gelfer <vadim.gelfer@gmail.com>
parents:
diff
changeset
|
356 |
43076
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
357 |
34829
120c5c155ba4
acl: make sure the extensions is enabled when the acl-hooks run
Boris Feld <boris.feld@octobus.net>
parents:
34779
diff
changeset
|
358 def ensureenabled(ui): |
120c5c155ba4
acl: make sure the extensions is enabled when the acl-hooks run
Boris Feld <boris.feld@octobus.net>
parents:
34779
diff
changeset
|
359 """make sure the extension is enabled when used as hook |
120c5c155ba4
acl: make sure the extensions is enabled when the acl-hooks run
Boris Feld <boris.feld@octobus.net>
parents:
34779
diff
changeset
|
360 |
120c5c155ba4
acl: make sure the extensions is enabled when the acl-hooks run
Boris Feld <boris.feld@octobus.net>
parents:
34779
diff
changeset
|
361 When acl is used through hooks, the extension is never formally loaded and |
120c5c155ba4
acl: make sure the extensions is enabled when the acl-hooks run
Boris Feld <boris.feld@octobus.net>
parents:
34779
diff
changeset
|
362 enabled. This has some side effect, for example the config declaration is |
120c5c155ba4
acl: make sure the extensions is enabled when the acl-hooks run
Boris Feld <boris.feld@octobus.net>
parents:
34779
diff
changeset
|
363 never loaded. This function ensure the extension is enabled when running |
120c5c155ba4
acl: make sure the extensions is enabled when the acl-hooks run
Boris Feld <boris.feld@octobus.net>
parents:
34779
diff
changeset
|
364 hooks. |
120c5c155ba4
acl: make sure the extensions is enabled when the acl-hooks run
Boris Feld <boris.feld@octobus.net>
parents:
34779
diff
changeset
|
365 """ |
43077
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
366 if b'acl' in ui._knownconfig: |
34829
120c5c155ba4
acl: make sure the extensions is enabled when the acl-hooks run
Boris Feld <boris.feld@octobus.net>
parents:
34779
diff
changeset
|
367 return |
43077
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
368 ui.setconfig(b'extensions', b'acl', b'', source=b'internal') |
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
369 extensions.loadall(ui, [b'acl']) |
34829
120c5c155ba4
acl: make sure the extensions is enabled when the acl-hooks run
Boris Feld <boris.feld@octobus.net>
parents:
34779
diff
changeset
|
370 |
43076
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
371 |
2344
ae12e5a2c4a3
add acl extension, to limit who can push to subdirs of central repo.
Vadim Gelfer <vadim.gelfer@gmail.com>
parents:
diff
changeset
|
372 def hook(ui, repo, hooktype, node=None, source=None, **kwargs): |
34829
120c5c155ba4
acl: make sure the extensions is enabled when the acl-hooks run
Boris Feld <boris.feld@octobus.net>
parents:
34779
diff
changeset
|
373 |
120c5c155ba4
acl: make sure the extensions is enabled when the acl-hooks run
Boris Feld <boris.feld@octobus.net>
parents:
34779
diff
changeset
|
374 ensureenabled(ui) |
120c5c155ba4
acl: make sure the extensions is enabled when the acl-hooks run
Boris Feld <boris.feld@octobus.net>
parents:
34779
diff
changeset
|
375 |
43077
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
376 if hooktype not in [b'pretxnchangegroup', b'pretxncommit', b'prepushkey']: |
38531
6beb8347b709
acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents:
37120
diff
changeset
|
377 raise error.Abort( |
43076
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
378 _( |
43077
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
379 b'config error - hook type "%s" cannot stop ' |
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
380 b'incoming changesets, commits, nor bookmarks' |
43076
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
381 ) |
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
382 % hooktype |
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
383 ) |
43077
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
384 if hooktype == b'pretxnchangegroup' and source not in ui.configlist( |
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
385 b'acl', b'sources' |
43076
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
386 ): |
43077
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
387 ui.debug(b'acl: changes have source "%s" - skipping\n' % source) |
2344
ae12e5a2c4a3
add acl extension, to limit who can push to subdirs of central repo.
Vadim Gelfer <vadim.gelfer@gmail.com>
parents:
diff
changeset
|
388 return |
ae12e5a2c4a3
add acl extension, to limit who can push to subdirs of central repo.
Vadim Gelfer <vadim.gelfer@gmail.com>
parents:
diff
changeset
|
389 |
8846
b30775386d40
acl: support for getting authenticated user from web server (issue298)
Henrik Stuart <hg@hstuart.dk>
parents:
8682
diff
changeset
|
390 user = None |
43506
9f70512ae2cf
cleanup: remove pointless r-prefixes on single-quoted strings
Augie Fackler <augie@google.com>
parents:
43117
diff
changeset
|
391 if source == b'serve' and 'url' in kwargs: |
9f70512ae2cf
cleanup: remove pointless r-prefixes on single-quoted strings
Augie Fackler <augie@google.com>
parents:
43117
diff
changeset
|
392 url = kwargs['url'].split(b':') |
43077
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
393 if url[0] == b'remote' and url[1].startswith(b'http'): |
28883
032c4c2f802a
pycompat: switch to util.urlreq/util.urlerr for py3 compat
timeless <timeless@mozdev.org>
parents:
28089
diff
changeset
|
394 user = urlreq.unquote(url[3]) |
8846
b30775386d40
acl: support for getting authenticated user from web server (issue298)
Henrik Stuart <hg@hstuart.dk>
parents:
8682
diff
changeset
|
395 |
b30775386d40
acl: support for getting authenticated user from web server (issue298)
Henrik Stuart <hg@hstuart.dk>
parents:
8682
diff
changeset
|
396 if user is None: |
37120
a8a902d7176e
procutil: bulk-replace function calls to point to new module
Yuya Nishihara <yuya@tcha.org>
parents:
36412
diff
changeset
|
397 user = procutil.getuser() |
8846
b30775386d40
acl: support for getting authenticated user from web server (issue298)
Henrik Stuart <hg@hstuart.dk>
parents:
8682
diff
changeset
|
398 |
43077
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
399 ui.debug(b'acl: checking access for user "%s"\n' % user) |
15207
0f7f9f06c759
acl: more descriptive error messages
Elifarley Callado Coelho Cruz
parents:
12778
diff
changeset
|
400 |
43077
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
401 if hooktype == b'prepushkey': |
38531
6beb8347b709
acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents:
37120
diff
changeset
|
402 _pkhook(ui, repo, hooktype, node, source, user, **kwargs) |
6beb8347b709
acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents:
37120
diff
changeset
|
403 else: |
6beb8347b709
acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents:
37120
diff
changeset
|
404 _txnhook(ui, repo, hooktype, node, source, user, **kwargs) |
6beb8347b709
acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents:
37120
diff
changeset
|
405 |
43076
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
406 |
38531
6beb8347b709
acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents:
37120
diff
changeset
|
407 def _pkhook(ui, repo, hooktype, node, source, user, **kwargs): |
43506
9f70512ae2cf
cleanup: remove pointless r-prefixes on single-quoted strings
Augie Fackler <augie@google.com>
parents:
43117
diff
changeset
|
408 if kwargs['namespace'] == b'bookmarks': |
9f70512ae2cf
cleanup: remove pointless r-prefixes on single-quoted strings
Augie Fackler <augie@google.com>
parents:
43117
diff
changeset
|
409 bookmark = kwargs['key'] |
9f70512ae2cf
cleanup: remove pointless r-prefixes on single-quoted strings
Augie Fackler <augie@google.com>
parents:
43117
diff
changeset
|
410 ctx = kwargs['new'] |
43077
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
411 allowbookmarks = buildmatch(ui, None, user, b'acl.allow.bookmarks') |
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
412 denybookmarks = buildmatch(ui, None, user, b'acl.deny.bookmarks') |
38531
6beb8347b709
acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents:
37120
diff
changeset
|
413 |
6beb8347b709
acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents:
37120
diff
changeset
|
414 if denybookmarks and denybookmarks(bookmark): |
43076
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
415 raise error.Abort( |
43077
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
416 _( |
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
417 b'acl: user "%s" denied on bookmark "%s"' |
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
418 b' (changeset "%s")' |
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
419 ) |
43076
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
420 % (user, bookmark, ctx) |
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
421 ) |
38531
6beb8347b709
acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents:
37120
diff
changeset
|
422 if allowbookmarks and not allowbookmarks(bookmark): |
43076
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
423 raise error.Abort( |
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
424 _( |
43077
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
425 b'acl: user "%s" not allowed on bookmark "%s"' |
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
426 b' (changeset "%s")' |
43076
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
427 ) |
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
428 % (user, bookmark, ctx) |
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
429 ) |
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
430 ui.debug( |
43077
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
431 b'acl: bookmark access granted: "%s" on bookmark "%s"\n' |
43076
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
432 % (ctx, bookmark) |
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
433 ) |
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
434 |
38531
6beb8347b709
acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents:
37120
diff
changeset
|
435 |
6beb8347b709
acl: add bookmarks support
Sandu Turcan <idlsoft@gmail.com>
parents:
37120
diff
changeset
|
436 def _txnhook(ui, repo, hooktype, node, source, user, **kwargs): |
25792
dd166d42e7b2
acl: mark deprecated config option
Matt Mackall <mpm@selenic.com>
parents:
25186
diff
changeset
|
437 # deprecated config: acl.config |
43077
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
438 cfg = ui.config(b'acl', b'config') |
6766 | 439 if cfg: |
43076
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
440 ui.readconfig( |
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
441 cfg, |
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
442 sections=[ |
43077
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
443 b'acl.groups', |
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
444 b'acl.allow.branches', |
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
445 b'acl.deny.branches', |
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
446 b'acl.allow', |
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
447 b'acl.deny', |
43076
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
448 ], |
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
449 ) |
11092
2dd91779eb27
acl: add support for branch-based access control
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11058
diff
changeset
|
450 |
43077
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
451 allowbranches = buildmatch(ui, None, user, b'acl.allow.branches') |
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
452 denybranches = buildmatch(ui, None, user, b'acl.deny.branches') |
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
453 allow = buildmatch(ui, repo, user, b'acl.allow') |
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
454 deny = buildmatch(ui, repo, user, b'acl.deny') |
6766 | 455 |
38783
e7aa113b14f7
global: use pycompat.xrange()
Gregory Szorc <gregory.szorc@gmail.com>
parents:
38531
diff
changeset
|
456 for rev in pycompat.xrange(repo[node].rev(), len(repo)): |
6766 | 457 ctx = repo[rev] |
11092
2dd91779eb27
acl: add support for branch-based access control
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11058
diff
changeset
|
458 branch = ctx.branch() |
2dd91779eb27
acl: add support for branch-based access control
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11058
diff
changeset
|
459 if denybranches and denybranches(branch): |
43076
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
460 raise error.Abort( |
43117
8ff1ecfadcd1
cleanup: join string literals that are already on one line
Martin von Zweigbergk <martinvonz@google.com>
parents:
43077
diff
changeset
|
461 _(b'acl: user "%s" denied on branch "%s" (changeset "%s")') |
43076
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
462 % (user, branch, ctx) |
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
463 ) |
11092
2dd91779eb27
acl: add support for branch-based access control
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11058
diff
changeset
|
464 if allowbranches and not allowbranches(branch): |
43076
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
465 raise error.Abort( |
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
466 _( |
43077
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
467 b'acl: user "%s" not allowed on branch "%s"' |
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
468 b' (changeset "%s")' |
43076
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
469 ) |
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
470 % (user, branch, ctx) |
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
471 ) |
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
472 ui.debug( |
43077
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
473 b'acl: branch access granted: "%s" on branch "%s"\n' % (ctx, branch) |
43076
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
474 ) |
11092
2dd91779eb27
acl: add support for branch-based access control
Elifarley Callado Coelho Cruz <elifarley@gmail.com>
parents:
11058
diff
changeset
|
475 |
6766 | 476 for f in ctx.files(): |
477 if deny and deny(f): | |
43076
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
478 raise error.Abort( |
43117
8ff1ecfadcd1
cleanup: join string literals that are already on one line
Martin von Zweigbergk <martinvonz@google.com>
parents:
43077
diff
changeset
|
479 _(b'acl: user "%s" denied on "%s" (changeset "%s")') |
43076
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
480 % (user, f, ctx) |
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
481 ) |
6766 | 482 if allow and not allow(f): |
43076
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
483 raise error.Abort( |
43077
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
484 _( |
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
485 b'acl: user "%s" not allowed on "%s"' |
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
486 b' (changeset "%s")' |
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
487 ) |
43076
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
488 % (user, f, ctx) |
2372284d9457
formatting: blacken the codebase
Augie Fackler <augie@google.com>
parents:
41759
diff
changeset
|
489 ) |
43077
687b865b95ad
formatting: byteify all mercurial/ and hgext/ string literals
Augie Fackler <augie@google.com>
parents:
43076
diff
changeset
|
490 ui.debug(b'acl: path access granted: "%s"\n' % ctx) |