[PATCH 1 of 3] acl: support for group definitions in section [acl.groups], which take precedence over OS-level groups

elifarley at gmail.com elifarley at gmail.com
Thu May 6 13:34:55 CDT 2010


 hgext/acl.py   |  18 +++++++++++++-----
 tests/test-acl |   8 +++++++-
 2 files changed, 20 insertions(+), 6 deletions(-)


# HG changeset patch
# User Elifarley Callado Coelho Cruz <elifarley at gmail.com>
# Date 1273166594 10800
# Node ID b31cbda13364833866432b427ceaf540edb6527e
# Parent  5024748392938e4fe0e1a0b08b3583e90189aeff
acl: support for group definitions in section [acl.groups], which take precedence over OS-level groups

diff --git a/hgext/acl.py b/hgext/acl.py
--- a/hgext/acl.py
+++ b/hgext/acl.py
@@ -145,16 +145,24 @@
 from mercurial import util, match
 import getpass, urllib, grp
 
-def _getusers(group):
+def _getusers(ui, group):
+
+    # First, try to use group definition from section [acl.groups]
+    hgrcusers = ui.configlist('acl.groups', group)
+    if hgrcusers:
+        return hgrcusers
+
+    ui.debug('acl: "%s" not defined in [acl.groups]\n' % group)
+    # If no users found in group definition, get users from OS-level group
     return grp.getgrnam(group).gr_mem
 
-def _usermatch(user, usersorgroups):
+def _usermatch(ui, user, usersorgroups):
 
     if usersorgroups == '*':
         return True
 
     for ug in usersorgroups.replace(',', ' ').split():
-        if user == ug or ug.find('@') == 0 and user in _getusers(ug[1:]):
+        if user == ug or ug.find('@') == 0 and user in _getusers(ui, ug[1:]):
             return True
 
     return False
@@ -166,7 +174,7 @@
         return None
 
     pats = [pat for pat, users in ui.configitems(key)
-            if _usermatch(user, users)]
+            if _usermatch(ui, user, users)]
     ui.debug('acl: %s enabled, %d entries for user %s\n' %
              (key, len(pats), user))
 
@@ -200,7 +208,7 @@
 
     cfg = ui.config('acl', 'config')
     if cfg:
-        ui.readconfig(cfg, sections = ['acl.allow.branches',
+        ui.readconfig(cfg, sections = ['acl.groups', 'acl.allow.branches',
         'acl.deny.branches', 'acl.allow', 'acl.deny'])
 
     allowbranches = buildmatch(ui, None, user, 'acl.allow.branches')
diff --git a/tests/test-acl b/tests/test-acl
--- a/tests/test-acl
+++ b/tests/test-acl
@@ -28,7 +28,13 @@
 {
 cat > fakegroups.py <<EOF
 from hgext import acl
-acl._getusers = lambda x: ["fred", "betty"]
+def fakegetusers(ui, group):
+    try:
+        return acl._getusersorig(ui, group)
+    except:
+        return ["fred", "betty"]
+acl._getusersorig = acl._getusers
+acl._getusers = fakegetusers
 EOF
 
 rm -f acl.config


More information about the Mercurial-devel mailing list