Mercurial > hg
comparison mercurial/exchange.py @ 38790:3e7387337a3c
exchange: move narrow acl functionality into core
This function is called by the custom changegroup generation code
in the narrow extension. I want to move that changegroup code into
core. That means we need to move this function.
The code is kinda hacky in that assumes existence of REMOTE_USER,
which is only present on authenticated HTTP requests. I've added
a comment indicating that.
Differential Revision: https://phab.mercurial-scm.org/D4008
| author | Gregory Szorc <gregory.szorc@gmail.com> |
|---|---|
| date | Mon, 02 Jul 2018 18:24:26 -0700 |
| parents | 9b64b73d702b |
| children | 7e66e7999bdd |
comparison
equal
deleted
inserted
replaced
| 38789:9b64b73d702b | 38790:3e7387337a3c |
|---|---|
| 25 changegroup, | 25 changegroup, |
| 26 discovery, | 26 discovery, |
| 27 error, | 27 error, |
| 28 lock as lockmod, | 28 lock as lockmod, |
| 29 logexchange, | 29 logexchange, |
| 30 narrowspec, | |
| 30 obsolete, | 31 obsolete, |
| 31 phases, | 32 phases, |
| 32 pushkey, | 33 pushkey, |
| 33 pycompat, | 34 pycompat, |
| 34 scmutil, | 35 scmutil, |
| 1830 if markers: | 1831 if markers: |
| 1831 pullop.repo.obsstore.add(tr, markers) | 1832 pullop.repo.obsstore.add(tr, markers) |
| 1832 pullop.repo.invalidatevolatilesets() | 1833 pullop.repo.invalidatevolatilesets() |
| 1833 return tr | 1834 return tr |
| 1834 | 1835 |
| 1836 def applynarrowacl(repo, kwargs): | |
| 1837 """Apply narrow fetch access control. | |
| 1838 | |
| 1839 This massages the named arguments for getbundle wire protocol commands | |
| 1840 so requested data is filtered through access control rules. | |
| 1841 """ | |
| 1842 ui = repo.ui | |
| 1843 # TODO this assumes existence of HTTP and is a layering violation. | |
| 1844 username = ui.shortuser(ui.environ.get('REMOTE_USER') or ui.username()) | |
| 1845 user_includes = ui.configlist( | |
| 1846 _NARROWACL_SECTION, username + '.includes', | |
| 1847 ui.configlist(_NARROWACL_SECTION, 'default.includes')) | |
| 1848 user_excludes = ui.configlist( | |
| 1849 _NARROWACL_SECTION, username + '.excludes', | |
| 1850 ui.configlist(_NARROWACL_SECTION, 'default.excludes')) | |
| 1851 if not user_includes: | |
| 1852 raise error.Abort(_("{} configuration for user {} is empty") | |
| 1853 .format(_NARROWACL_SECTION, username)) | |
| 1854 | |
| 1855 user_includes = [ | |
| 1856 'path:.' if p == '*' else 'path:' + p for p in user_includes] | |
| 1857 user_excludes = [ | |
| 1858 'path:.' if p == '*' else 'path:' + p for p in user_excludes] | |
| 1859 | |
| 1860 req_includes = set(kwargs.get(r'includepats', [])) | |
| 1861 req_excludes = set(kwargs.get(r'excludepats', [])) | |
| 1862 | |
| 1863 req_includes, req_excludes, invalid_includes = narrowspec.restrictpatterns( | |
| 1864 req_includes, req_excludes, user_includes, user_excludes) | |
| 1865 | |
| 1866 if invalid_includes: | |
| 1867 raise error.Abort( | |
| 1868 _("The following includes are not accessible for {}: {}") | |
| 1869 .format(username, invalid_includes)) | |
| 1870 | |
| 1871 new_args = {} | |
| 1872 new_args.update(kwargs) | |
| 1873 new_args['includepats'] = req_includes | |
| 1874 if req_excludes: | |
| 1875 new_args['excludepats'] = req_excludes | |
| 1876 return new_args | |
| 1877 | |
| 1835 def caps20to10(repo, role): | 1878 def caps20to10(repo, role): |
| 1836 """return a set with appropriate options to use bundle20 during getbundle""" | 1879 """return a set with appropriate options to use bundle20 during getbundle""" |
| 1837 caps = {'HG20'} | 1880 caps = {'HG20'} |
| 1838 capsblob = bundle2.encodecaps(bundle2.getrepocaps(repo, role=role)) | 1881 capsblob = bundle2.encodecaps(bundle2.getrepocaps(repo, role=role)) |
| 1839 caps.add('bundle2=' + urlreq.quote(capsblob)) | 1882 caps.add('bundle2=' + urlreq.quote(capsblob)) |