[PATCH 1 of 2] acl: use of "!" prefix in user or group names

elifarley at gmail.com elifarley at gmail.com
Mon May 28 18:21:01 CDT 2012


# HG changeset patch
# User Elifarley Callado Coelho Cruz
# Date 1338245115 10800
# Node ID bca172b9bcb52a54d6c7b1a2c8d70f1b290efe1a
# Parent  e9ae770eff1c5728eb397e0bd413af6b93e78a5f
acl: use of "!" prefix in user or group names

The "!" prefix allows you to prevent anyone except a given user or group
to push changesets in a given branch or path.

This patch enables a use case suggested by a user (Julien Bonnet):
There's a branch that only a given user (or group) should be able to push
to, and you don't want to restrict access to any other branch that may be
created.

With the "!" prefix, you simply deny access to "!givenuser" (or "!@givengroup").
Configuration examples below:

#=========================

[acl.deny.branches]
# only 'givenuser' can commit to branch 'default';
# 'givenuser' and anyone else can still use any other branch.
default = !givenuser

#=========================

You can also deny access based on file paths:

#=========================

[acl.deny]
# only 'givenuser' can change the file below;
# 'givenuser' and anyone else can still change any other file.
/path/to/file = !givenuser

#=========================

diff --git a/hgext/acl.py b/hgext/acl.py
--- a/hgext/acl.py
+++ b/hgext/acl.py
@@ -174,7 +174,21 @@
         return True
 
     for ug in usersorgroups.replace(',', ' ').split():
-        if user == ug or ug.startswith('@') and user in _getusers(ui, ug[1:]):
+
+        if ug.startswith('!'):
+            # Test for excluded user or group. Format:
+            # if ug is a user  name: !username
+            # if ug is a group name: !@groupname
+            ug = ug[1:]
+            if not ug.startswith('@') and user != ug \
+                or ug.startswith('@') and user not in _getusers(ui, ug[1:]):
+                return True
+
+        # Test for user or group. Format:
+        # if ug is a user  name: username
+        # if ug is a group name: @groupname
+        elif user == ug \
+             or ug.startswith('@') and user in _getusers(ui, ug[1:]):
             return True
 
     return False


More information about the Mercurial-devel mailing list