Mercurial > hg
comparison mercurial/hgweb/hgwebdir_mod.py @ 36890:f8d6d9b29b39
hgweb: move readallowed to a standalone function
hgwebdir s kind of large. Let's make the class smaller by
moving things that don't need to be there.
Differential Revision: https://phab.mercurial-scm.org/D2812
| author | Gregory Szorc <gregory.szorc@gmail.com> |
|---|---|
| date | Sun, 11 Mar 2018 10:15:33 -0700 |
| parents | fc4e31297ffb |
| children | 04af43e0a997 |
comparison
equal
deleted
inserted
replaced
| 36889:fc4e31297ffb | 36890:f8d6d9b29b39 |
|---|---|
| 108 if not path.startswith('/'): | 108 if not path.startswith('/'): |
| 109 path = '/' + path | 109 path = '/' + path |
| 110 | 110 |
| 111 return name, pycompat.bytestr(port), path | 111 return name, pycompat.bytestr(port), path |
| 112 | 112 |
| 113 def readallowed(ui, req): | |
| 114 """Check allow_read and deny_read config options of a repo's ui object | |
| 115 to determine user permissions. By default, with neither option set (or | |
| 116 both empty), allow all users to read the repo. There are two ways a | |
| 117 user can be denied read access: (1) deny_read is not empty, and the | |
| 118 user is unauthenticated or deny_read contains user (or *), and (2) | |
| 119 allow_read is not empty and the user is not in allow_read. Return True | |
| 120 if user is allowed to read the repo, else return False.""" | |
| 121 | |
| 122 user = req.remoteuser | |
| 123 | |
| 124 deny_read = ui.configlist('web', 'deny_read', untrusted=True) | |
| 125 if deny_read and (not user or ismember(ui, user, deny_read)): | |
| 126 return False | |
| 127 | |
| 128 allow_read = ui.configlist('web', 'allow_read', untrusted=True) | |
| 129 # by default, allow reading if no allow_read option has been set | |
| 130 if not allow_read or ismember(ui, user, allow_read): | |
| 131 return True | |
| 132 | |
| 133 return False | |
| 134 | |
| 113 class hgwebdir(object): | 135 class hgwebdir(object): |
| 114 """HTTP server for multiple repositories. | 136 """HTTP server for multiple repositories. |
| 115 | 137 |
| 116 Given a configuration, different repositories will be served depending | 138 Given a configuration, different repositories will be served depending |
| 117 on the request path. | 139 on the request path. |
| 197 wsgicgi.launch(self) | 219 wsgicgi.launch(self) |
| 198 | 220 |
| 199 def __call__(self, env, respond): | 221 def __call__(self, env, respond): |
| 200 wsgireq = requestmod.wsgirequest(env, respond) | 222 wsgireq = requestmod.wsgirequest(env, respond) |
| 201 return self.run_wsgi(wsgireq) | 223 return self.run_wsgi(wsgireq) |
| 202 | |
| 203 def readallowed(self, ui, req): | |
| 204 """Check allow_read and deny_read config options of a repo's ui object | |
| 205 to determine user permissions. By default, with neither option set (or | |
| 206 both empty), allow all users to read the repo. There are two ways a | |
| 207 user can be denied read access: (1) deny_read is not empty, and the | |
| 208 user is unauthenticated or deny_read contains user (or *), and (2) | |
| 209 allow_read is not empty and the user is not in allow_read. Return True | |
| 210 if user is allowed to read the repo, else return False.""" | |
| 211 | |
| 212 user = req.remoteuser | |
| 213 | |
| 214 deny_read = ui.configlist('web', 'deny_read', untrusted=True) | |
| 215 if deny_read and (not user or ismember(ui, user, deny_read)): | |
| 216 return False | |
| 217 | |
| 218 allow_read = ui.configlist('web', 'allow_read', untrusted=True) | |
| 219 # by default, allow reading if no allow_read option has been set | |
| 220 if (not allow_read) or ismember(ui, user, allow_read): | |
| 221 return True | |
| 222 | |
| 223 return False | |
| 224 | 224 |
| 225 def run_wsgi(self, wsgireq): | 225 def run_wsgi(self, wsgireq): |
| 226 profile = self.ui.configbool('profiling', 'enabled') | 226 profile = self.ui.configbool('profiling', 'enabled') |
| 227 with profiling.profile(self.ui, enabled=profile): | 227 with profiling.profile(self.ui, enabled=profile): |
| 228 for r in self._runwsgi(wsgireq): | 228 for r in self._runwsgi(wsgireq): |
| 427 return u.config(section, name, default, untrusted=True) | 427 return u.config(section, name, default, untrusted=True) |
| 428 | 428 |
| 429 if u.configbool("web", "hidden", untrusted=True): | 429 if u.configbool("web", "hidden", untrusted=True): |
| 430 continue | 430 continue |
| 431 | 431 |
| 432 if not self.readallowed(u, req): | 432 if not readallowed(u, req): |
| 433 continue | 433 continue |
| 434 | 434 |
| 435 # update time with local timezone | 435 # update time with local timezone |
| 436 try: | 436 try: |
| 437 r = hg.repository(self.ui, path) | 437 r = hg.repository(self.ui, path) |