Mercurial > hg
comparison hgext/acl.py @ 38531:6beb8347b709
acl: add bookmarks support
Originally submitted at
https://www.mercurial-scm.org/pipermail/mercurial-devel/2016-March/080650.html
as an RFC by timeless.
.. feature::
The `acl` extension now has support for bookmarks as well as branches.
Differential Revision: https://phab.mercurial-scm.org/D3750
author | Sandu Turcan <idlsoft@gmail.com> |
---|---|
date | Fri, 15 Jun 2018 14:07:13 -0400 |
parents | a8a902d7176e |
children | e7aa113b14f7 |
comparison
equal
deleted
inserted
replaced
38530:c82ea938efbb | 38531:6beb8347b709 |
---|---|
54 | 54 |
55 Use the ``acl.deny`` and ``acl.allow`` sections to have path-based | 55 Use the ``acl.deny`` and ``acl.allow`` sections to have path-based |
56 access control. Keys in these sections accept a subtree pattern (with | 56 access control. Keys in these sections accept a subtree pattern (with |
57 a glob syntax by default). The corresponding values follow the same | 57 a glob syntax by default). The corresponding values follow the same |
58 syntax as the other sections above. | 58 syntax as the other sections above. |
59 | |
60 Bookmark-based Access Control | |
61 ----------------------------- | |
62 Use the ``acl.deny.bookmarks`` and ``acl.allow.bookmarks`` sections to | |
63 have bookmark-based access control. Keys in these sections can be | |
64 either: | |
65 | |
66 - a bookmark name, or | |
67 - an asterisk, to match any bookmark; | |
68 | |
69 The corresponding values can be either: | |
70 | |
71 - a comma-separated list containing users and groups, or | |
72 - an asterisk, to match anyone; | |
73 | |
74 You can add the "!" prefix to a user or group name to invert the sense | |
75 of the match. | |
76 | |
77 Note: for interactions between clients and servers using Mercurial 3.6+ | |
78 a rejection will generally reject the entire push, for interactions | |
79 involving older clients, the commit transactions will already be accepted, | |
80 and only the bookmark movement will be rejected. | |
59 | 81 |
60 Groups | 82 Groups |
61 ------ | 83 ------ |
62 | 84 |
63 Group names must be prefixed with an ``@`` symbol. Specifying a group | 85 Group names must be prefixed with an ``@`` symbol. Specifying a group |
324 | 346 |
325 def hook(ui, repo, hooktype, node=None, source=None, **kwargs): | 347 def hook(ui, repo, hooktype, node=None, source=None, **kwargs): |
326 | 348 |
327 ensureenabled(ui) | 349 ensureenabled(ui) |
328 | 350 |
329 if hooktype not in ['pretxnchangegroup', 'pretxncommit']: | 351 if hooktype not in ['pretxnchangegroup', 'pretxncommit', 'prepushkey']: |
330 raise error.Abort(_('config error - hook type "%s" cannot stop ' | 352 raise error.Abort( |
331 'incoming changesets nor commits') % hooktype) | 353 _('config error - hook type "%s" cannot stop ' |
354 'incoming changesets, commits, nor bookmarks') % hooktype) | |
332 if (hooktype == 'pretxnchangegroup' and | 355 if (hooktype == 'pretxnchangegroup' and |
333 source not in ui.configlist('acl', 'sources')): | 356 source not in ui.configlist('acl', 'sources')): |
334 ui.debug('acl: changes have source "%s" - skipping\n' % source) | 357 ui.debug('acl: changes have source "%s" - skipping\n' % source) |
335 return | 358 return |
336 | 359 |
343 if user is None: | 366 if user is None: |
344 user = procutil.getuser() | 367 user = procutil.getuser() |
345 | 368 |
346 ui.debug('acl: checking access for user "%s"\n' % user) | 369 ui.debug('acl: checking access for user "%s"\n' % user) |
347 | 370 |
371 if hooktype == 'prepushkey': | |
372 _pkhook(ui, repo, hooktype, node, source, user, **kwargs) | |
373 else: | |
374 _txnhook(ui, repo, hooktype, node, source, user, **kwargs) | |
375 | |
376 def _pkhook(ui, repo, hooktype, node, source, user, **kwargs): | |
377 if kwargs['namespace'] == 'bookmarks': | |
378 bookmark = kwargs['key'] | |
379 ctx = kwargs['new'] | |
380 allowbookmarks = buildmatch(ui, None, user, 'acl.allow.bookmarks') | |
381 denybookmarks = buildmatch(ui, None, user, 'acl.deny.bookmarks') | |
382 | |
383 if denybookmarks and denybookmarks(bookmark): | |
384 raise error.Abort(_('acl: user "%s" denied on bookmark "%s"' | |
385 ' (changeset "%s")') | |
386 % (user, bookmark, ctx)) | |
387 if allowbookmarks and not allowbookmarks(bookmark): | |
388 raise error.Abort(_('acl: user "%s" not allowed on bookmark "%s"' | |
389 ' (changeset "%s")') | |
390 % (user, bookmark, ctx)) | |
391 ui.debug('acl: bookmark access granted: "%s" on bookmark "%s"\n' | |
392 % (ctx, bookmark)) | |
393 | |
394 def _txnhook(ui, repo, hooktype, node, source, user, **kwargs): | |
348 # deprecated config: acl.config | 395 # deprecated config: acl.config |
349 cfg = ui.config('acl', 'config') | 396 cfg = ui.config('acl', 'config') |
350 if cfg: | 397 if cfg: |
351 ui.readconfig(cfg, sections=['acl.groups', 'acl.allow.branches', | 398 ui.readconfig(cfg, sections=['acl.groups', 'acl.allow.branches', |
352 'acl.deny.branches', 'acl.allow', 'acl.deny']) | 399 'acl.deny.branches', 'acl.allow', 'acl.deny']) |