acl: support for group definitions in section [acl.groups], which take precedence over OS-level groups
--- a/hgext/acl.py Fri May 07 14:14:41 2010 -0500
+++ b/hgext/acl.py Thu May 06 14:23:14 2010 -0300
@@ -145,16 +145,24 @@
from mercurial import util, match
import getpass, urllib, grp
-def _getusers(group):
+def _getusers(ui, group):
+
+ # First, try to use group definition from section [acl.groups]
+ hgrcusers = ui.configlist('acl.groups', group)
+ if hgrcusers:
+ return hgrcusers
+
+ ui.debug('acl: "%s" not defined in [acl.groups]\n' % group)
+ # If no users found in group definition, get users from OS-level group
return grp.getgrnam(group).gr_mem
-def _usermatch(user, usersorgroups):
+def _usermatch(ui, user, usersorgroups):
if usersorgroups == '*':
return True
for ug in usersorgroups.replace(',', ' ').split():
- if user == ug or ug.find('@') == 0 and user in _getusers(ug[1:]):
+ if user == ug or ug.find('@') == 0 and user in _getusers(ui, ug[1:]):
return True
return False
@@ -166,7 +174,7 @@
return None
pats = [pat for pat, users in ui.configitems(key)
- if _usermatch(user, users)]
+ if _usermatch(ui, user, users)]
ui.debug('acl: %s enabled, %d entries for user %s\n' %
(key, len(pats), user))
@@ -200,7 +208,7 @@
cfg = ui.config('acl', 'config')
if cfg:
- ui.readconfig(cfg, sections = ['acl.allow.branches',
+ ui.readconfig(cfg, sections = ['acl.groups', 'acl.allow.branches',
'acl.deny.branches', 'acl.allow', 'acl.deny'])
allowbranches = buildmatch(ui, None, user, 'acl.allow.branches')
--- a/tests/test-acl Fri May 07 14:14:41 2010 -0500
+++ b/tests/test-acl Thu May 06 14:23:14 2010 -0300
@@ -28,7 +28,13 @@
{
cat > fakegroups.py <<EOF
from hgext import acl
-acl._getusers = lambda x: ["fred", "betty"]
+def fakegetusers(ui, group):
+ try:
+ return acl._getusersorig(ui, group)
+ except:
+ return ["fred", "betty"]
+acl._getusersorig = acl._getusers
+acl._getusers = fakegetusers
EOF
rm -f acl.config