[PATCH 1 of 3] acl: add support for branch-based access control
elifarley
elifarley at gmail.com
Thu Apr 29 18:28:19 CDT 2010
Test: quoting a patch using Nabble's interface...
elifarley wrote:
>
> hgext/acl.py | 42 +++++++++++++++++++++++++++++++++---------
> 1 files changed, 33 insertions(+), 9 deletions(-)
>
>
>
> # HG changeset patch
> # User Elifarley Callado Coelho Cruz <elifarley at gmail.com>
> # Date 1272543277 10800
> # Node ID edb1463da0631352dfa1e62e9dd1178ca7957323
> # Parent f778e9a29e2fded4208c2d76688103ac81aa281c
> acl: add support for branch-based access control
>
> diff --git a/hgext/acl.py b/hgext/acl.py
> --- a/hgext/acl.py
> +++ b/hgext/acl.py
> @@ -97,6 +97,11 @@
> from mercurial import util, match
> import getpass, urllib
>
> +DENY_BRANCHES = 'acl.deny.branches'
> +ALLOW_BRANCHES = 'acl.allow.branches'
> +DENY_FILES = 'acl.deny'
> +ALLOW_FILES = 'acl.allow'
> +
> def _getusers(group):
> import grp
> return grp.getgrnam(group).gr_mem
> @@ -112,20 +117,24 @@
>
> return False
>
> -def buildmatch(ui, repo, user, key):
> +def _buildmatch(ui, repo, user, key):
> '''return tuple of (match function, list enabled).'''
> if not ui.has_section(key):
> ui.debug('acl: %s not enabled\n' % key)
> return None
>
> - pats = [pat for pat, users in ui.configitems(key)
>
Testing...
elifarley wrote:
>
> + items = [item for item, users in ui.configitems(key)
> if _usermatch(user, users)]
> ui.debug('acl: %s enabled, %d entries for user %s\n' %
> - (key, len(pats), user))
> - if pats:
> - return match.match(repo.root, '', pats)
> - return match.exact(repo.root, '', [])
> + (key, len(items), user))
>
> + if not items:
> + return lambda b: False
> +
> + if repo:
> + return match.match(repo.root, '', items)
> +
> + return lambda b: '*' in items or b in items
>
> def hook(ui, repo, hooktype, node=None, source=None, **kwargs):
> if hooktype not in ['pretxnchangegroup', 'pretxncommit']:
> @@ -147,9 +156,24 @@
>
> cfg = ui.config('acl', 'config')
> if cfg:
> - ui.readconfig(cfg, sections = ['acl.allow', 'acl.deny'])
> - allow = buildmatch(ui, repo, user, 'acl.allow')
> - deny = buildmatch(ui, repo, user, 'acl.deny')
> + ui.readconfig(cfg, sections = [ALLOW_BRANCHES, DENY_BRANCHES,
> + ALLOW_FILES, DENY_FILES])
> +
> + allow = _buildmatch(ui, None, user, ALLOW_BRANCHES)
> + deny = _buildmatch(ui, None, user, DENY_BRANCHES)
> +
>
Testing: should this second loop really exist?
elifarley wrote:
>
> + for rev in xrange(repo[node], len(repo)):
> + branch = repo[rev].branch()
> + if deny and deny(branch):
> + raise util.Abort(_('acl: user "%s" denied on branch "%s"')
> + % (user, branch))
> + if allow and not allow(branch):
> + raise util.Abort(_('acl: user "%s" not allowed on branch
> "%s"')
> + % (user, branch))
> + ui.debug('acl: allowing user "%s" on branch "%s"\n' % (user,
> branch))
> +
> + allow = _buildmatch(ui, repo, user, ALLOW_FILES)
> + deny = _buildmatch(ui, repo, user, DENY_FILES)
>
> for rev in xrange(repo[node], len(repo)):
> ctx = repo[rev]
>
> _______________________________________________
> Mercurial-devel mailing list
> Mercurial-devel at selenic.com
> http://selenic.com/mailman/listinfo/mercurial-devel
>
>
--
View this message in context: http://mercurial-devel.709556.n3.nabble.com/PATCH-0-of-3-support-for-branch-based-access-control-tp765887p766683.html
Sent from the mercurial-devel mailing list archive at Nabble.com.
More information about the Mercurial-devel
mailing list