[PATCH 1 of 2] acl: add support for branch-based access control; more informative messages

Bill Barry after.fallout at gmail.com
Fri Apr 30 14:15:46 CDT 2010


elifarley at gmail.com wrote:
>  
> -    for rev in xrange(repo[node], len(repo)):
> -        ctx = repo[rev]
> -        for f in ctx.files():
> -            if deny and deny(f):
> -                ui.debug('acl: user %s denied on %s\n' % (user, f))
> -                raise util.Abort(_('acl: access denied for changeset %s') % ctx)
> -            if allow and not allow(f):
> -                ui.debug('acl: user %s not allowed on %s\n' % (user, f))
> -                raise util.Abort(_('acl: access denied for changeset %s') % ctx)
> -        ui.debug('acl: allowing changeset %s\n' % ctx)
> +    allow = _buildmatch(ui, None, user, ALLOW_BRANCHES)
> +    deny = _buildmatch(ui, None, user, DENY_BRANCHES)
> +
> +    if deny or allow:
> +        ui.debug('acl: checking branch access\n')
> +        for rev in xrange(repo[node], len(repo)):
> +            branch = repo[rev].branch()
> +            if deny and deny(branch):
> +                raise util.Abort(_('acl: user "%s" denied on branch "%s"'
> +                                   ' (changeset "%s")')
> +                                   % (user, branch, repo[rev]))
> +            if allow and not allow(branch):
> +                raise util.Abort(_('acl: user "%s" not allowed on branch "%s"'
> +                                   ' (changeset "%s")')
> +                                   % (user, branch, repo[rev]))
> +            ui.debug('acl: access granted: "%s" on branch "%s"\n'
> +            % (repo[rev], branch))
> +
> +    allow = _buildmatch(ui, repo, user, ALLOW_FILES)
> +    deny = _buildmatch(ui, repo, user, DENY_FILES)
> +
> +    if deny or allow:
> +        ui.debug('acl: checking path access\n')
> +        for rev in xrange(repo[node], len(repo)):
> +            ctx = repo[rev]
> +            for f in ctx.files():
> +                if deny and deny(f):
> +                    raise util.Abort(_('acl: user "%s" denied on "%s"'
> +                    ' (changeset "%s")') % (user, f, ctx))
> +                if allow and not allow(f):
> +                    raise util.Abort(_('acl: user "%s" not allowed on "%s"'
> +                    ' (changeset "%s")') % (user, f, ctx))
> +            ui.debug('acl: access granted: "%s"\n' % ctx)
>   
I meant compared to something like this:
+    allow_branches = _buildmatch(ui, None, user, ALLOW_BRANCHES)
+    deny_branches = _buildmatch(ui, None, user, DENY_BRANCHES)
+    allow = _buildmatch(ui, repo, user, ALLOW_FILES)
+    deny = _buildmatch(ui, repo, user, DENY_FILES)
+
+    ui.debug('acl: checking access\n')
+    for rev in xrange(repo[node], len(repo)):
+        if deny_branches or allow_branches:
+            branch = repo[rev].branch()
+            if deny_branches and deny_branches(branch):
+                raise util.Abort(_('acl: user "%s" denied on branch "%s"'
+                                   ' (changeset "%s")')
+                                   % (user, branch, repo[rev]))
+            if allow_branches and not allow_branches(branch):
+                raise util.Abort(_('acl: user "%s" not allowed on 
branch "%s"'
+                                   ' (changeset "%s")')
+                                   % (user, branch, repo[rev]))
+            ui.debug('acl: access granted: "%s" on branch "%s"\n'
+            % (repo[rev], branch))
+
+        if deny or allow:
+            ctx = repo[rev]
+            for f in ctx.files():
+                if deny and deny(f):
+                    raise util.Abort(_('acl: user "%s" denied on "%s"'
+                    ' (changeset "%s")') % (user, f, ctx))
+                if allow and not allow(f):
+                    raise util.Abort(_('acl: user "%s" not allowed on "%s"'
+                    ' (changeset "%s")') % (user, f, ctx))
+            ui.debug('acl: access granted: "%s"\n' % ctx)




More information about the Mercurial-devel mailing list