Mercurial > hg
changeset 36890:f8d6d9b29b39
hgweb: move readallowed to a standalone function
hgwebdir s kind of large. Let's make the class smaller by
moving things that don't need to be there.
Differential Revision: https://phab.mercurial-scm.org/D2812
author | Gregory Szorc <gregory.szorc@gmail.com> |
---|---|
date | Sun, 11 Mar 2018 10:15:33 -0700 |
parents | fc4e31297ffb |
children | 04af43e0a997 |
files | mercurial/hgweb/hgwebdir_mod.py |
diffstat | 1 files changed, 23 insertions(+), 23 deletions(-) [+] |
line wrap: on
line diff
--- a/mercurial/hgweb/hgwebdir_mod.py Sun Mar 11 15:51:13 2018 -0700 +++ b/mercurial/hgweb/hgwebdir_mod.py Sun Mar 11 10:15:33 2018 -0700 @@ -110,6 +110,28 @@ return name, pycompat.bytestr(port), path +def readallowed(ui, req): + """Check allow_read and deny_read config options of a repo's ui object + to determine user permissions. By default, with neither option set (or + both empty), allow all users to read the repo. There are two ways a + user can be denied read access: (1) deny_read is not empty, and the + user is unauthenticated or deny_read contains user (or *), and (2) + allow_read is not empty and the user is not in allow_read. Return True + if user is allowed to read the repo, else return False.""" + + user = req.remoteuser + + deny_read = ui.configlist('web', 'deny_read', untrusted=True) + if deny_read and (not user or ismember(ui, user, deny_read)): + return False + + allow_read = ui.configlist('web', 'allow_read', untrusted=True) + # by default, allow reading if no allow_read option has been set + if not allow_read or ismember(ui, user, allow_read): + return True + + return False + class hgwebdir(object): """HTTP server for multiple repositories. @@ -200,28 +222,6 @@ wsgireq = requestmod.wsgirequest(env, respond) return self.run_wsgi(wsgireq) - def readallowed(self, ui, req): - """Check allow_read and deny_read config options of a repo's ui object - to determine user permissions. By default, with neither option set (or - both empty), allow all users to read the repo. There are two ways a - user can be denied read access: (1) deny_read is not empty, and the - user is unauthenticated or deny_read contains user (or *), and (2) - allow_read is not empty and the user is not in allow_read. Return True - if user is allowed to read the repo, else return False.""" - - user = req.remoteuser - - deny_read = ui.configlist('web', 'deny_read', untrusted=True) - if deny_read and (not user or ismember(ui, user, deny_read)): - return False - - allow_read = ui.configlist('web', 'allow_read', untrusted=True) - # by default, allow reading if no allow_read option has been set - if (not allow_read) or ismember(ui, user, allow_read): - return True - - return False - def run_wsgi(self, wsgireq): profile = self.ui.configbool('profiling', 'enabled') with profiling.profile(self.ui, enabled=profile): @@ -429,7 +429,7 @@ if u.configbool("web", "hidden", untrusted=True): continue - if not self.readallowed(u, req): + if not readallowed(u, req): continue # update time with local timezone