[PATCH 1 of 2] acl: add support for branch-based access control; more informative messages
Bill Barry
after.fallout at gmail.com
Fri Apr 30 14:15:46 CDT 2010
elifarley at gmail.com wrote:
>
> - for rev in xrange(repo[node], len(repo)):
> - ctx = repo[rev]
> - for f in ctx.files():
> - if deny and deny(f):
> - ui.debug('acl: user %s denied on %s\n' % (user, f))
> - raise util.Abort(_('acl: access denied for changeset %s') % ctx)
> - if allow and not allow(f):
> - ui.debug('acl: user %s not allowed on %s\n' % (user, f))
> - raise util.Abort(_('acl: access denied for changeset %s') % ctx)
> - ui.debug('acl: allowing changeset %s\n' % ctx)
> + allow = _buildmatch(ui, None, user, ALLOW_BRANCHES)
> + deny = _buildmatch(ui, None, user, DENY_BRANCHES)
> +
> + if deny or allow:
> + ui.debug('acl: checking branch access\n')
> + for rev in xrange(repo[node], len(repo)):
> + branch = repo[rev].branch()
> + if deny and deny(branch):
> + raise util.Abort(_('acl: user "%s" denied on branch "%s"'
> + ' (changeset "%s")')
> + % (user, branch, repo[rev]))
> + if allow and not allow(branch):
> + raise util.Abort(_('acl: user "%s" not allowed on branch "%s"'
> + ' (changeset "%s")')
> + % (user, branch, repo[rev]))
> + ui.debug('acl: access granted: "%s" on branch "%s"\n'
> + % (repo[rev], branch))
> +
> + allow = _buildmatch(ui, repo, user, ALLOW_FILES)
> + deny = _buildmatch(ui, repo, user, DENY_FILES)
> +
> + if deny or allow:
> + ui.debug('acl: checking path access\n')
> + for rev in xrange(repo[node], len(repo)):
> + ctx = repo[rev]
> + for f in ctx.files():
> + if deny and deny(f):
> + raise util.Abort(_('acl: user "%s" denied on "%s"'
> + ' (changeset "%s")') % (user, f, ctx))
> + if allow and not allow(f):
> + raise util.Abort(_('acl: user "%s" not allowed on "%s"'
> + ' (changeset "%s")') % (user, f, ctx))
> + ui.debug('acl: access granted: "%s"\n' % ctx)
>
I meant compared to something like this:
+ allow_branches = _buildmatch(ui, None, user, ALLOW_BRANCHES)
+ deny_branches = _buildmatch(ui, None, user, DENY_BRANCHES)
+ allow = _buildmatch(ui, repo, user, ALLOW_FILES)
+ deny = _buildmatch(ui, repo, user, DENY_FILES)
+
+ ui.debug('acl: checking access\n')
+ for rev in xrange(repo[node], len(repo)):
+ if deny_branches or allow_branches:
+ branch = repo[rev].branch()
+ if deny_branches and deny_branches(branch):
+ raise util.Abort(_('acl: user "%s" denied on branch "%s"'
+ ' (changeset "%s")')
+ % (user, branch, repo[rev]))
+ if allow_branches and not allow_branches(branch):
+ raise util.Abort(_('acl: user "%s" not allowed on
branch "%s"'
+ ' (changeset "%s")')
+ % (user, branch, repo[rev]))
+ ui.debug('acl: access granted: "%s" on branch "%s"\n'
+ % (repo[rev], branch))
+
+ if deny or allow:
+ ctx = repo[rev]
+ for f in ctx.files():
+ if deny and deny(f):
+ raise util.Abort(_('acl: user "%s" denied on "%s"'
+ ' (changeset "%s")') % (user, f, ctx))
+ if allow and not allow(f):
+ raise util.Abort(_('acl: user "%s" not allowed on "%s"'
+ ' (changeset "%s")') % (user, f, ctx))
+ ui.debug('acl: access granted: "%s"\n' % ctx)
More information about the Mercurial-devel
mailing list