[PATCH 1 of 3] acl: add support for branch-based access control

elifarley elifarley at gmail.com
Thu Apr 29 18:28:19 CDT 2010 

Test: quoting a patch using Nabble's interface...


elifarley wrote:
> 
>  hgext/acl.py |  42 +++++++++++++++++++++++++++++++++---------
>  1 files changed, 33 insertions(+), 9 deletions(-)
> 
> 
> 
> # HG changeset patch
> # User Elifarley Callado Coelho Cruz <elifarley at gmail.com>
> # Date 1272543277 10800
> # Node ID edb1463da0631352dfa1e62e9dd1178ca7957323
> # Parent  f778e9a29e2fded4208c2d76688103ac81aa281c
> acl: add support for branch-based access control
> 
> diff --git a/hgext/acl.py b/hgext/acl.py
> --- a/hgext/acl.py
> +++ b/hgext/acl.py
> @@ -97,6 +97,11 @@
>  from mercurial import util, match
>  import getpass, urllib
>  
> +DENY_BRANCHES = 'acl.deny.branches'
> +ALLOW_BRANCHES = 'acl.allow.branches'
> +DENY_FILES = 'acl.deny'
> +ALLOW_FILES = 'acl.allow'
> +
>  def _getusers(group):
>      import grp
>      return grp.getgrnam(group).gr_mem
> @@ -112,20 +117,24 @@
>  
>      return False
>  
> -def buildmatch(ui, repo, user, key):
> +def _buildmatch(ui, repo, user, key):
>      '''return tuple of (match function, list enabled).'''
>      if not ui.has_section(key):
>          ui.debug('acl: %s not enabled\n' % key)
>          return None
>  
> -    pats = [pat for pat, users in ui.configitems(key)
> 
Testing...

elifarley wrote:
> 
> +    items = [item for item, users in ui.configitems(key)
>              if _usermatch(user, users)]
>      ui.debug('acl: %s enabled, %d entries for user %s\n' %
> -             (key, len(pats), user))
> -    if pats:
> -        return match.match(repo.root, '', pats)
> -    return match.exact(repo.root, '', [])
> +             (key, len(items), user))
>  
> +    if not items:
> +        return lambda b: False
> +
> +    if repo:
> +        return match.match(repo.root, '', items)
> +
> +    return lambda b: '*' in items or b in items
>  
>  def hook(ui, repo, hooktype, node=None, source=None, **kwargs):
>      if hooktype not in ['pretxnchangegroup', 'pretxncommit']:
> @@ -147,9 +156,24 @@
>  
>      cfg = ui.config('acl', 'config')
>      if cfg:
> -        ui.readconfig(cfg, sections = ['acl.allow', 'acl.deny'])
> -    allow = buildmatch(ui, repo, user, 'acl.allow')
> -    deny = buildmatch(ui, repo, user, 'acl.deny')
> +        ui.readconfig(cfg, sections = [ALLOW_BRANCHES, DENY_BRANCHES,
> +                                       ALLOW_FILES, DENY_FILES])
> +
> +    allow = _buildmatch(ui, None, user, ALLOW_BRANCHES)
> +    deny = _buildmatch(ui, None, user, DENY_BRANCHES)
> +
> 

Testing: should this second loop really exist?

elifarley wrote:
> 
> +    for rev in xrange(repo[node], len(repo)):
> +        branch = repo[rev].branch()
> +        if deny and deny(branch):
> +            raise util.Abort(_('acl: user "%s" denied on branch "%s"')
> +            % (user, branch))
> +        if allow and not allow(branch):
> +            raise util.Abort(_('acl: user "%s" not allowed on branch
> "%s"')
> +            % (user, branch))
> +        ui.debug('acl: allowing user "%s" on branch "%s"\n' % (user,
> branch))
> +
> +    allow = _buildmatch(ui, repo, user, ALLOW_FILES)
> +    deny = _buildmatch(ui, repo, user, DENY_FILES)
>  
>      for rev in xrange(repo[node], len(repo)):
>          ctx = repo[rev]
> 
> _______________________________________________
> Mercurial-devel mailing list
> Mercurial-devel at selenic.com
> http://selenic.com/mailman/listinfo/mercurial-devel
> 
> 
-- 
View this message in context: http://mercurial-devel.709556.n3.nabble.com/PATCH-0-of-3-support-for-branch-based-access-control-tp765887p766683.html
Sent from the mercurial-devel mailing list archive at Nabble.com.

More information about the Mercurial-devel mailing list