Mercurial > hg
comparison mercurial/exchange.py @ 38790:3e7387337a3c
exchange: move narrow acl functionality into core
This function is called by the custom changegroup generation code
in the narrow extension. I want to move that changegroup code into
core. That means we need to move this function.
The code is kinda hacky in that assumes existence of REMOTE_USER,
which is only present on authenticated HTTP requests. I've added
a comment indicating that.
Differential Revision: https://phab.mercurial-scm.org/D4008
author | Gregory Szorc <gregory.szorc@gmail.com> |
---|---|
date | Mon, 02 Jul 2018 18:24:26 -0700 |
parents | 9b64b73d702b |
children | 7e66e7999bdd |
comparison
equal
deleted
inserted
replaced
38789:9b64b73d702b | 38790:3e7387337a3c |
---|---|
25 changegroup, | 25 changegroup, |
26 discovery, | 26 discovery, |
27 error, | 27 error, |
28 lock as lockmod, | 28 lock as lockmod, |
29 logexchange, | 29 logexchange, |
30 narrowspec, | |
30 obsolete, | 31 obsolete, |
31 phases, | 32 phases, |
32 pushkey, | 33 pushkey, |
33 pycompat, | 34 pycompat, |
34 scmutil, | 35 scmutil, |
1830 if markers: | 1831 if markers: |
1831 pullop.repo.obsstore.add(tr, markers) | 1832 pullop.repo.obsstore.add(tr, markers) |
1832 pullop.repo.invalidatevolatilesets() | 1833 pullop.repo.invalidatevolatilesets() |
1833 return tr | 1834 return tr |
1834 | 1835 |
1836 def applynarrowacl(repo, kwargs): | |
1837 """Apply narrow fetch access control. | |
1838 | |
1839 This massages the named arguments for getbundle wire protocol commands | |
1840 so requested data is filtered through access control rules. | |
1841 """ | |
1842 ui = repo.ui | |
1843 # TODO this assumes existence of HTTP and is a layering violation. | |
1844 username = ui.shortuser(ui.environ.get('REMOTE_USER') or ui.username()) | |
1845 user_includes = ui.configlist( | |
1846 _NARROWACL_SECTION, username + '.includes', | |
1847 ui.configlist(_NARROWACL_SECTION, 'default.includes')) | |
1848 user_excludes = ui.configlist( | |
1849 _NARROWACL_SECTION, username + '.excludes', | |
1850 ui.configlist(_NARROWACL_SECTION, 'default.excludes')) | |
1851 if not user_includes: | |
1852 raise error.Abort(_("{} configuration for user {} is empty") | |
1853 .format(_NARROWACL_SECTION, username)) | |
1854 | |
1855 user_includes = [ | |
1856 'path:.' if p == '*' else 'path:' + p for p in user_includes] | |
1857 user_excludes = [ | |
1858 'path:.' if p == '*' else 'path:' + p for p in user_excludes] | |
1859 | |
1860 req_includes = set(kwargs.get(r'includepats', [])) | |
1861 req_excludes = set(kwargs.get(r'excludepats', [])) | |
1862 | |
1863 req_includes, req_excludes, invalid_includes = narrowspec.restrictpatterns( | |
1864 req_includes, req_excludes, user_includes, user_excludes) | |
1865 | |
1866 if invalid_includes: | |
1867 raise error.Abort( | |
1868 _("The following includes are not accessible for {}: {}") | |
1869 .format(username, invalid_includes)) | |
1870 | |
1871 new_args = {} | |
1872 new_args.update(kwargs) | |
1873 new_args['includepats'] = req_includes | |
1874 if req_excludes: | |
1875 new_args['excludepats'] = req_excludes | |
1876 return new_args | |
1877 | |
1835 def caps20to10(repo, role): | 1878 def caps20to10(repo, role): |
1836 """return a set with appropriate options to use bundle20 during getbundle""" | 1879 """return a set with appropriate options to use bundle20 during getbundle""" |
1837 caps = {'HG20'} | 1880 caps = {'HG20'} |
1838 capsblob = bundle2.encodecaps(bundle2.getrepocaps(repo, role=role)) | 1881 capsblob = bundle2.encodecaps(bundle2.getrepocaps(repo, role=role)) |
1839 caps.add('bundle2=' + urlreq.quote(capsblob)) | 1882 caps.add('bundle2=' + urlreq.quote(capsblob)) |