Mercurial > hg
comparison hgext/acl.py @ 8873:e872ef2e6758
help: add/fix docstrings for a bunch of extensions
| author | Dirkjan Ochtman <dirkjan@ochtman.nl> |
|---|---|
| date | Sun, 21 Jun 2009 16:45:47 +0200 |
| parents | b30775386d40 |
| children | cc0593af30d4 |
comparison
equal
deleted
inserted
replaced
| 8872:d0c0013f8713 | 8873:e872ef2e6758 |
|---|---|
| 3 # Copyright 2006 Vadim Gelfer <vadim.gelfer@gmail.com> | 3 # Copyright 2006 Vadim Gelfer <vadim.gelfer@gmail.com> |
| 4 # | 4 # |
| 5 # This software may be used and distributed according to the terms of the | 5 # This software may be used and distributed according to the terms of the |
| 6 # GNU General Public License version 2, incorporated herein by reference. | 6 # GNU General Public License version 2, incorporated herein by reference. |
| 7 # | 7 # |
| 8 # this hook allows to allow or deny access to parts of a repo when | 8 |
| 9 # taking incoming changesets. | 9 '''provide simple hooks for access control |
| 10 # | 10 |
| 11 # authorization is against local user name on system where hook is | 11 Authorization is against local user name on system where hook is run, not |
| 12 # run, not committer of original changeset (since that is easy to | 12 committer of original changeset (since that is easy to spoof). |
| 13 # spoof). | 13 |
| 14 # | 14 The acl hook is best to use if you use hgsh to set up restricted shells for |
| 15 # acl hook is best to use if you use hgsh to set up restricted shells | 15 authenticated users to only push to / pull from. It's not safe if user has |
| 16 # for authenticated users to only push to / pull from. not safe if | 16 interactive shell access, because they can disable the hook. It's also not |
| 17 # user has interactive shell access, because they can disable hook. | 17 safe if remote users share one local account, because then there's no way to |
| 18 # also not safe if remote users share one local account, because then | 18 tell remote users apart. |
| 19 # no way to tell remote users apart. | 19 |
| 20 # | 20 To use, configure the acl extension in hgrc like this: |
| 21 # to use, configure acl extension in hgrc like this: | 21 |
| 22 # | 22 [extensions] |
| 23 # [extensions] | 23 hgext.acl = |
| 24 # hgext.acl = | 24 |
| 25 # | 25 [hooks] |
| 26 # [hooks] | 26 pretxnchangegroup.acl = python:hgext.acl.hook |
| 27 # pretxnchangegroup.acl = python:hgext.acl.hook | 27 |
| 28 # | 28 [acl] |
| 29 # [acl] | 29 sources = serve # check if source of incoming changes in this list |
| 30 # sources = serve # check if source of incoming changes in this list | 30 # ("serve" == ssh or http, "push", "pull", "bundle") |
| 31 # # ("serve" == ssh or http, "push", "pull", "bundle") | 31 |
| 32 # | 32 Allow and deny lists have a subtree pattern (default syntax is glob) on the |
| 33 # allow and deny lists have subtree pattern (default syntax is glob) | 33 left and user names on right. The deny list is checked before the allow list. |
| 34 # on left, user names on right. deny list checked before allow list. | 34 |
| 35 # | 35 [acl.allow] |
| 36 # [acl.allow] | 36 # if acl.allow not present, all users allowed by default |
| 37 # # if acl.allow not present, all users allowed by default | 37 # empty acl.allow = no users allowed |
| 38 # # empty acl.allow = no users allowed | 38 docs/** = doc_writer |
| 39 # docs/** = doc_writer | 39 .hgtags = release_engineer |
| 40 # .hgtags = release_engineer | 40 |
| 41 # | 41 [acl.deny] |
| 42 # [acl.deny] | 42 # if acl.deny not present, no users denied by default |
| 43 # # if acl.deny not present, no users denied by default | 43 # empty acl.deny = all users allowed |
| 44 # # empty acl.deny = all users allowed | 44 glob pattern = user4, user5 |
| 45 # glob pattern = user4, user5 | 45 ** = user6 |
| 46 # ** = user6 | 46 ''' |
| 47 | 47 |
| 48 from mercurial.i18n import _ | 48 from mercurial.i18n import _ |
| 49 from mercurial import util, match | 49 from mercurial import util, match |
| 50 import getpass, urllib | 50 import getpass, urllib |
| 51 | 51 |