[PATCH 2 of 2 v2] hg-ssh: more flexible permissions for hg-ssh
Matt Mackall
mpm at selenic.com
Tue May 22 15:44:02 CDT 2012
On Mon, 2012-05-21 at 16:29 -0700, David Schleimer wrote:
> # HG changeset patch
> # User David Schleimer <dschleimer at fb.com>
> # Date 1337642370 25200
> # Node ID 6be86d4b3a0c424272600164500b6329b43ab946
> # Parent b52b7fe0dd08b257dfc69c8a5de503cec94f4b76
> hg-ssh: more flexible permissions for hg-ssh
>
> This allows more flexible control over the permissions granted to a
> ssh key when using hg-ssh as the command in an authorized_keys file.
>
> Specifically, it allows you to restrict a key to read-only access, as
> well as allowing you to grant a key access to any repo, instead of
> needing to whitelist repos.
Seems lacking in docs.
> + if args[0] == '--all-repos':
> + allrepos = True
> + args.pop(0)
One feature. A little worried about this one as it's super-permissive.
> + elif args[0] == '--read-only':
> + readonly = True
> + args.pop(0)
Two features. Seems fine as it fails safe.
> +def rejectpush(ui, **kwargs):
> + ui.warn("Permission denied\n")
> + # mercurial hooks use unix process conventions for hook return values
> + # so a truthy return means failure
> + return True
Should have been a preliminary refactoring.
So I count at least three patches here.
I'm a little confused as to how adding these things onto keys is easier
than managing the existing config methods.
--
Mathematics is the supreme nostalgia of our time.
More information about the Mercurial-devel
mailing list