Mercurial > hg
comparison hgext/acl.py @ 9052:1344e607180b
acl: wrapped docstrings at 78 characters
| author | Martin Geisler <mg@lazybytes.net> |
|---|---|
| date | Tue, 07 Jul 2009 23:54:42 +0200 |
| parents | 5ed463d0ebdb |
| children | 3d6c9659886b |
comparison
equal
deleted
inserted
replaced
| 9051:f8e25885d975 | 9052:1344e607180b |
|---|---|
| 6 # GNU General Public License version 2, incorporated herein by reference. | 6 # GNU General Public License version 2, incorporated herein by reference. |
| 7 # | 7 # |
| 8 | 8 |
| 9 '''hooks for controlling repository access | 9 '''hooks for controlling repository access |
| 10 | 10 |
| 11 This hook makes it possible to allow or deny write access to portions | 11 This hook makes it possible to allow or deny write access to portions of a |
| 12 of a repository when receiving incoming changesets. | 12 repository when receiving incoming changesets. |
| 13 | 13 |
| 14 The authorization is matched based on the local user name on the | 14 The authorization is matched based on the local user name on the system where |
| 15 system where the hook runs, and not the committer of the original | 15 the hook runs, and not the committer of the original changeset (since the |
| 16 changeset (since the latter is merely informative). | 16 latter is merely informative). |
| 17 | 17 |
| 18 The acl hook is best used along with a restricted shell like hgsh, | 18 The acl hook is best used along with a restricted shell like hgsh, preventing |
| 19 preventing authenticating users from doing anything other than | 19 authenticating users from doing anything other than pushing or pulling. The |
| 20 pushing or pulling. The hook is not safe to use if users have | 20 hook is not safe to use if users have interactive shell access, as they can |
| 21 interactive shell access, as they can then disable the hook. | 21 then disable the hook. Nor is it safe if remote users share an account, |
| 22 Nor is it safe if remote users share an account, because then there | 22 because then there is no way to distinguish them. |
| 23 is no way to distinguish them. | |
| 24 | 23 |
| 25 To use this hook, configure the acl extension in your hgrc like this: | 24 To use this hook, configure the acl extension in your hgrc like this: |
| 26 | 25 |
| 27 [extensions] | 26 [extensions] |
| 28 hgext.acl = | 27 hgext.acl = |
| 33 [acl] | 32 [acl] |
| 34 # Check whether the source of incoming changes is in this list | 33 # Check whether the source of incoming changes is in this list |
| 35 # ("serve" == ssh or http, "push", "pull", "bundle") | 34 # ("serve" == ssh or http, "push", "pull", "bundle") |
| 36 sources = serve | 35 sources = serve |
| 37 | 36 |
| 38 The allow and deny sections take a subtree pattern as key (with a | 37 The allow and deny sections take a subtree pattern as key (with a glob syntax |
| 39 glob syntax by default), and a comma separated list of users as | 38 by default), and a comma separated list of users as the corresponding value. |
| 40 the corresponding value. The deny list is checked before the allow | 39 The deny list is checked before the allow list is. |
| 41 list is. | |
| 42 | 40 |
| 43 [acl.allow] | 41 [acl.allow] |
| 44 # If acl.allow is not present, all users are allowed by default. | 42 # If acl.allow is not present, all users are allowed by default. |
| 45 # An empty acl.allow section means no users allowed. | 43 # An empty acl.allow section means no users allowed. |
| 46 docs/** = doc_writer | 44 docs/** = doc_writer |