Mercurial > hg
comparison hgext/acl.py @ 38531:6beb8347b709
acl: add bookmarks support
Originally submitted at
https://www.mercurial-scm.org/pipermail/mercurial-devel/2016-March/080650.html
as an RFC by timeless.
.. feature::
The `acl` extension now has support for bookmarks as well as branches.
Differential Revision: https://phab.mercurial-scm.org/D3750
| author | Sandu Turcan <idlsoft@gmail.com> |
|---|---|
| date | Fri, 15 Jun 2018 14:07:13 -0400 |
| parents | a8a902d7176e |
| children | e7aa113b14f7 |
comparison
equal
deleted
inserted
replaced
| 38530:c82ea938efbb | 38531:6beb8347b709 |
|---|---|
| 54 | 54 |
| 55 Use the ``acl.deny`` and ``acl.allow`` sections to have path-based | 55 Use the ``acl.deny`` and ``acl.allow`` sections to have path-based |
| 56 access control. Keys in these sections accept a subtree pattern (with | 56 access control. Keys in these sections accept a subtree pattern (with |
| 57 a glob syntax by default). The corresponding values follow the same | 57 a glob syntax by default). The corresponding values follow the same |
| 58 syntax as the other sections above. | 58 syntax as the other sections above. |
| 59 | |
| 60 Bookmark-based Access Control | |
| 61 ----------------------------- | |
| 62 Use the ``acl.deny.bookmarks`` and ``acl.allow.bookmarks`` sections to | |
| 63 have bookmark-based access control. Keys in these sections can be | |
| 64 either: | |
| 65 | |
| 66 - a bookmark name, or | |
| 67 - an asterisk, to match any bookmark; | |
| 68 | |
| 69 The corresponding values can be either: | |
| 70 | |
| 71 - a comma-separated list containing users and groups, or | |
| 72 - an asterisk, to match anyone; | |
| 73 | |
| 74 You can add the "!" prefix to a user or group name to invert the sense | |
| 75 of the match. | |
| 76 | |
| 77 Note: for interactions between clients and servers using Mercurial 3.6+ | |
| 78 a rejection will generally reject the entire push, for interactions | |
| 79 involving older clients, the commit transactions will already be accepted, | |
| 80 and only the bookmark movement will be rejected. | |
| 59 | 81 |
| 60 Groups | 82 Groups |
| 61 ------ | 83 ------ |
| 62 | 84 |
| 63 Group names must be prefixed with an ``@`` symbol. Specifying a group | 85 Group names must be prefixed with an ``@`` symbol. Specifying a group |
| 324 | 346 |
| 325 def hook(ui, repo, hooktype, node=None, source=None, **kwargs): | 347 def hook(ui, repo, hooktype, node=None, source=None, **kwargs): |
| 326 | 348 |
| 327 ensureenabled(ui) | 349 ensureenabled(ui) |
| 328 | 350 |
| 329 if hooktype not in ['pretxnchangegroup', 'pretxncommit']: | 351 if hooktype not in ['pretxnchangegroup', 'pretxncommit', 'prepushkey']: |
| 330 raise error.Abort(_('config error - hook type "%s" cannot stop ' | 352 raise error.Abort( |
| 331 'incoming changesets nor commits') % hooktype) | 353 _('config error - hook type "%s" cannot stop ' |
| 354 'incoming changesets, commits, nor bookmarks') % hooktype) | |
| 332 if (hooktype == 'pretxnchangegroup' and | 355 if (hooktype == 'pretxnchangegroup' and |
| 333 source not in ui.configlist('acl', 'sources')): | 356 source not in ui.configlist('acl', 'sources')): |
| 334 ui.debug('acl: changes have source "%s" - skipping\n' % source) | 357 ui.debug('acl: changes have source "%s" - skipping\n' % source) |
| 335 return | 358 return |
| 336 | 359 |
| 343 if user is None: | 366 if user is None: |
| 344 user = procutil.getuser() | 367 user = procutil.getuser() |
| 345 | 368 |
| 346 ui.debug('acl: checking access for user "%s"\n' % user) | 369 ui.debug('acl: checking access for user "%s"\n' % user) |
| 347 | 370 |
| 371 if hooktype == 'prepushkey': | |
| 372 _pkhook(ui, repo, hooktype, node, source, user, **kwargs) | |
| 373 else: | |
| 374 _txnhook(ui, repo, hooktype, node, source, user, **kwargs) | |
| 375 | |
| 376 def _pkhook(ui, repo, hooktype, node, source, user, **kwargs): | |
| 377 if kwargs['namespace'] == 'bookmarks': | |
| 378 bookmark = kwargs['key'] | |
| 379 ctx = kwargs['new'] | |
| 380 allowbookmarks = buildmatch(ui, None, user, 'acl.allow.bookmarks') | |
| 381 denybookmarks = buildmatch(ui, None, user, 'acl.deny.bookmarks') | |
| 382 | |
| 383 if denybookmarks and denybookmarks(bookmark): | |
| 384 raise error.Abort(_('acl: user "%s" denied on bookmark "%s"' | |
| 385 ' (changeset "%s")') | |
| 386 % (user, bookmark, ctx)) | |
| 387 if allowbookmarks and not allowbookmarks(bookmark): | |
| 388 raise error.Abort(_('acl: user "%s" not allowed on bookmark "%s"' | |
| 389 ' (changeset "%s")') | |
| 390 % (user, bookmark, ctx)) | |
| 391 ui.debug('acl: bookmark access granted: "%s" on bookmark "%s"\n' | |
| 392 % (ctx, bookmark)) | |
| 393 | |
| 394 def _txnhook(ui, repo, hooktype, node, source, user, **kwargs): | |
| 348 # deprecated config: acl.config | 395 # deprecated config: acl.config |
| 349 cfg = ui.config('acl', 'config') | 396 cfg = ui.config('acl', 'config') |
| 350 if cfg: | 397 if cfg: |
| 351 ui.readconfig(cfg, sections=['acl.groups', 'acl.allow.branches', | 398 ui.readconfig(cfg, sections=['acl.groups', 'acl.allow.branches', |
| 352 'acl.deny.branches', 'acl.allow', 'acl.deny']) | 399 'acl.deny.branches', 'acl.allow', 'acl.deny']) |