Mercurial > hg
comparison mercurial/wireprotoserver.py @ 36800:0b18604db95e
wireproto: declare permissions requirements in @wireprotocommand (API)
With the security patches from 4.5.2 merged into default, we now
have a per-command attribute defining what permissions are needed
to run that command. We now have a richer @wireprotocommand that
can be extended to record additional command metadata. So we
port the permissions mechanism to be based on @wireprotocommand.
.. api::
hgweb_mod.perms and wireproto.permissions have been removed. Wire
protocol commands should declare their required permissions in the
@wireprotocommand decorator.
Differential Revision: https://phab.mercurial-scm.org/D2718
author | Gregory Szorc <gregory.szorc@gmail.com> |
---|---|
date | Wed, 07 Mar 2018 16:02:24 -0800 |
parents | c638a13093cf |
children | 66de4555cefd |
comparison
equal
deleted
inserted
replaced
36799:c638a13093cf | 36800:0b18604db95e |
---|---|
240 req.respond(HTTP_OK, HGERRTYPE, | 240 req.respond(HTTP_OK, HGERRTYPE, |
241 body=_('requested wire protocol command is not available ' | 241 body=_('requested wire protocol command is not available ' |
242 'over HTTP')) | 242 'over HTTP')) |
243 return [] | 243 return [] |
244 | 244 |
245 # Assume commands with no defined permissions are writes / | 245 checkperm(wireproto.commands[cmd].permission) |
246 # for pushes. This is the safest from a security perspective | |
247 # because it doesn't allow commands with undefined semantics | |
248 # from bypassing permissions checks. | |
249 checkperm(wireproto.permissions.get(cmd, 'push')) | |
250 | 246 |
251 rsp = wireproto.dispatch(repo, proto, cmd) | 247 rsp = wireproto.dispatch(repo, proto, cmd) |
252 | 248 |
253 if isinstance(rsp, bytes): | 249 if isinstance(rsp, bytes): |
254 req.respond(HTTP_OK, HGTYPE, body=rsp) | 250 req.respond(HTTP_OK, HGTYPE, body=rsp) |