Mercurial > hg
comparison mercurial/wireprotoserver.py @ 36800:0b18604db95e
wireproto: declare permissions requirements in @wireprotocommand (API)
With the security patches from 4.5.2 merged into default, we now
have a per-command attribute defining what permissions are needed
to run that command. We now have a richer @wireprotocommand that
can be extended to record additional command metadata. So we
port the permissions mechanism to be based on @wireprotocommand.
.. api::
hgweb_mod.perms and wireproto.permissions have been removed. Wire
protocol commands should declare their required permissions in the
@wireprotocommand decorator.
Differential Revision: https://phab.mercurial-scm.org/D2718
| author | Gregory Szorc <gregory.szorc@gmail.com> |
|---|---|
| date | Wed, 07 Mar 2018 16:02:24 -0800 |
| parents | c638a13093cf |
| children | 66de4555cefd |
comparison
equal
deleted
inserted
replaced
| 36799:c638a13093cf | 36800:0b18604db95e |
|---|---|
| 240 req.respond(HTTP_OK, HGERRTYPE, | 240 req.respond(HTTP_OK, HGERRTYPE, |
| 241 body=_('requested wire protocol command is not available ' | 241 body=_('requested wire protocol command is not available ' |
| 242 'over HTTP')) | 242 'over HTTP')) |
| 243 return [] | 243 return [] |
| 244 | 244 |
| 245 # Assume commands with no defined permissions are writes / | 245 checkperm(wireproto.commands[cmd].permission) |
| 246 # for pushes. This is the safest from a security perspective | |
| 247 # because it doesn't allow commands with undefined semantics | |
| 248 # from bypassing permissions checks. | |
| 249 checkperm(wireproto.permissions.get(cmd, 'push')) | |
| 250 | 246 |
| 251 rsp = wireproto.dispatch(repo, proto, cmd) | 247 rsp = wireproto.dispatch(repo, proto, cmd) |
| 252 | 248 |
| 253 if isinstance(rsp, bytes): | 249 if isinstance(rsp, bytes): |
| 254 req.respond(HTTP_OK, HGTYPE, body=rsp) | 250 req.respond(HTTP_OK, HGTYPE, body=rsp) |