Mercurial > hg
comparison mercurial/hgweb/common.py @ 50439:4077d6222cf1
hgweb: add support to explicitly access hidden changesets
This changeset adds a "global" `access-hidden` argument to hgweb. This argument
lift the "hidden" filtering. This means the request has access to hidden (eg:
obsolete) changesets. Secret changesets remains filtered.
This feature has multiple applications. The first main use case is to allow the
hgweb interface to display more obsolescence related data, such as the Anton
Shestakov work to add `obslog` support to hgweb.
The second foreseen usecase is support for a `--remote-hidden` argument to `hg
pull` and `hg clone`. This flag will make it possible to retrieve hidden
(typically obsolete) changeset under some conditions. This is useful when
digging up obsolescence history or when doing full mirroring. More on this
feature coming in later changesets.
To avoid exposing information by mistake, access to this feature is currently
controlled with the `experimental.server.allow-hidden-access` config option. The
option works the same way as `web.allow-push`. The current default is to not
allow any hidden access. However we might change it before the feature stop
being experimental.
| author | Pierre-Yves David <pierre-yves.david@octobus.net> |
|---|---|
| date | Sat, 13 Apr 2019 01:17:56 +0200 |
| parents | 642e31cb55f0 |
| children | 4bddc2f72879 |
comparison
equal
deleted
inserted
replaced
| 50438:3973b1dc3ee3 | 50439:4077d6222cf1 |
|---|---|
| 11 import errno | 11 import errno |
| 12 import mimetypes | 12 import mimetypes |
| 13 import os | 13 import os |
| 14 import stat | 14 import stat |
| 15 | 15 |
| 16 from ..i18n import _ | |
| 16 from ..pycompat import ( | 17 from ..pycompat import ( |
| 17 getattr, | 18 getattr, |
| 18 open, | 19 open, |
| 19 ) | 20 ) |
| 20 from .. import ( | 21 from .. import ( |
| 45 If userlist has a single '*' member, all users are considered members. | 46 If userlist has a single '*' member, all users are considered members. |
| 46 Can be overridden by extensions to provide more complex authorization | 47 Can be overridden by extensions to provide more complex authorization |
| 47 schemes. | 48 schemes. |
| 48 """ | 49 """ |
| 49 return userlist == [b'*'] or username in userlist | 50 return userlist == [b'*'] or username in userlist |
| 51 | |
| 52 | |
| 53 def hashiddenaccess(repo, req): | |
| 54 if bool(req.qsparams.get(b'access-hidden')): | |
| 55 # Disable this by default for now. Main risk is to get critical | |
| 56 # information exposed through this. This is expecially risky if | |
| 57 # someone decided to make a changeset secret for good reason, but | |
| 58 # its predecessors are still draft. | |
| 59 # | |
| 60 # The feature is currently experimental, so we can still decide to | |
| 61 # change the default. | |
| 62 ui = repo.ui | |
| 63 allow = ui.configlist(b'experimental', b'server.allow-hidden-access') | |
| 64 user = req.remoteuser | |
| 65 if allow and ismember(ui, user, allow): | |
| 66 return True | |
| 67 else: | |
| 68 msg = ( | |
| 69 _( | |
| 70 b'ignoring request to access hidden changeset by ' | |
| 71 b'unauthorized user: %r\n' | |
| 72 ) | |
| 73 % user | |
| 74 ) | |
| 75 ui.warn(msg) | |
| 76 return False | |
| 50 | 77 |
| 51 | 78 |
| 52 def checkauthz(hgweb, req, op): | 79 def checkauthz(hgweb, req, op): |
| 53 """Check permission for operation based on request data (including | 80 """Check permission for operation based on request data (including |
| 54 authentication info). Return if op allowed, else raise an ErrorResponse | 81 authentication info). Return if op allowed, else raise an ErrorResponse |