pytask.new: eggs/mercurial-1.7.3-py2.6-linux-x86_64.egg/hgext/acl.py@8fcde6f8f750 (annotated)

69 c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	1	# acl.py - changeset access control for mercurial
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	2	#
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	3	# Copyright 2006 Vadim Gelfer <vadim.gelfer@gmail.com>
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	4	#
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	5	# This software may be used and distributed according to the terms of the
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	6	# GNU General Public License version 2 or any later version.
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	7
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	8	'''hooks for controlling repository access
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	9
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	10	This hook makes it possible to allow or deny write access to given
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	11	branches and paths of a repository when receiving incoming changesets
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	12	via pretxnchangegroup and pretxncommit.
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	13
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	14	The authorization is matched based on the local user name on the
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	15	system where the hook runs, and not the committer of the original
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	16	changeset (since the latter is merely informative).
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	17
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	18	The acl hook is best used along with a restricted shell like hgsh,
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	19	preventing authenticating users from doing anything other than pushing
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	20	or pulling. The hook is not safe to use if users have interactive
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	21	shell access, as they can then disable the hook. Nor is it safe if
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	22	remote users share an account, because then there is no way to
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	23	distinguish them.
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	24
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	25	The order in which access checks are performed is:
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	26
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	27	1) Deny list for branches (section ``acl.deny.branches``)
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	28	2) Allow list for branches (section ``acl.allow.branches``)
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	29	3) Deny list for paths (section ``acl.deny``)
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	30	4) Allow list for paths (section ``acl.allow``)
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	31
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	32	The allow and deny sections take key-value pairs.
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	33
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	34	Branch-based Access Control
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	35	...........................
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	36
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	37	Use the ``acl.deny.branches`` and ``acl.allow.branches`` sections to
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	38	have branch-based access control. Keys in these sections can be
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	39	either:
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	40
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	41	- a branch name, or
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	42	- an asterisk, to match any branch;
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	43
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	44	The corresponding values can be either:
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	45
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	46	- a comma-separated list containing users and groups, or
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	47	- an asterisk, to match anyone;
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	48
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	49	Path-based Access Control
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	50	.........................
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	51
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	52	Use the ``acl.deny`` and ``acl.allow`` sections to have path-based
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	53	access control. Keys in these sections accept a subtree pattern (with
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	54	a glob syntax by default). The corresponding values follow the same
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	55	syntax as the other sections above.
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	56
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	57	Groups
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	58	......
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	59
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	60	Group names must be prefixed with an ``@`` symbol. Specifying a group
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	61	name has the same effect as specifying all the users in that group.
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	62
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	63	You can define group members in the ``acl.groups`` section.
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	64	If a group name is not defined there, and Mercurial is running under
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	65	a Unix-like system, the list of users will be taken from the OS.
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	66	Otherwise, an exception will be raised.
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	67
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	68	Example Configuration
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	69	.....................
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	70
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	71	::
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	72
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	73	[hooks]
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	74
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	75	# Use this if you want to check access restrictions at commit time
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	76	pretxncommit.acl = python:hgext.acl.hook
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	77
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	78	# Use this if you want to check access restrictions for pull, push,
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	79	# bundle and serve.
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	80	pretxnchangegroup.acl = python:hgext.acl.hook
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	81
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	82	[acl]
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	83	# Allow or deny access for incoming changes only if their source is
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	84	# listed here, let them pass otherwise. Source is "serve" for all
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	85	# remote access (http or ssh), "push", "pull" or "bundle" when the
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	86	# related commands are run locally.
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	87	# Default: serve
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	88	sources = serve
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	89
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	90	[acl.deny.branches]
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	91
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	92	# Everyone is denied to the frozen branch:
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	93	frozen-branch = *
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	94
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	95	# A bad user is denied on all branches:
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	96	* = bad-user
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	97
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	98	[acl.allow.branches]
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	99
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	100	# A few users are allowed on branch-a:
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	101	branch-a = user-1, user-2, user-3
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	102
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	103	# Only one user is allowed on branch-b:
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	104	branch-b = user-1
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	105
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	106	# The super user is allowed on any branch:
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	107	* = super-user
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	108
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	109	# Everyone is allowed on branch-for-tests:
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	110	branch-for-tests = *
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	111
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	112	[acl.deny]
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	113	# This list is checked first. If a match is found, acl.allow is not
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	114	# checked. All users are granted access if acl.deny is not present.
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	115	# Format for both lists: glob pattern = user, ..., @group, ...
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	116
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	117	# To match everyone, use an asterisk for the user:
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	118	# my/glob/pattern = *
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	119
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	120	# user6 will not have write access to any file:
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	121	** = user6
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	122
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	123	# Group "hg-denied" will not have write access to any file:
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	124	** = @hg-denied
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	125
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	126	# Nobody will be able to change "DONT-TOUCH-THIS.txt", despite
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	127	# everyone being able to change all other files. See below.
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	128	src/main/resources/DONT-TOUCH-THIS.txt = *
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	129
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	130	[acl.allow]
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	131	# if acl.allow is not present, all users are allowed by default
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	132	# empty acl.allow = no users allowed
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	133
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	134	# User "doc_writer" has write access to any file under the "docs"
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	135	# folder:
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	136	docs/** = doc_writer
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	137
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	138	# User "jack" and group "designers" have write access to any file
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	139	# under the "images" folder:
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	140	images/** = jack, @designers
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	141
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	142	# Everyone (except for "user6" - see acl.deny above) will have write
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	143	# access to any file under the "resources" folder (except for 1
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	144	# file. See acl.deny):
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	145	src/main/resources/** = *
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	146
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	147	.hgtags = release_engineer
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	148
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	149	'''
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	150
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	151	from mercurial.i18n import _
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	152	from mercurial import util, match
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	153	import getpass, urllib
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	154
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	155	def _getusers(ui, group):
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	156
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	157	# First, try to use group definition from section [acl.groups]
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	158	hgrcusers = ui.configlist('acl.groups', group)
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	159	if hgrcusers:
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	160	return hgrcusers
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	161
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	162	ui.debug('acl: "%s" not defined in [acl.groups]\n' % group)
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	163	# If no users found in group definition, get users from OS-level group
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	164	try:
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	165	return util.groupmembers(group)
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	166	except KeyError:
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	167	raise util.Abort(_("group '%s' is undefined") % group)
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	168
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	169	def _usermatch(ui, user, usersorgroups):
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	170
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	171	if usersorgroups == '*':
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	172	return True
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	173
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	174	for ug in usersorgroups.replace(',', ' ').split():
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	175	if user == ug or ug.find('@') == 0 and user in _getusers(ui, ug[1:]):
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	176	return True
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	177
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	178	return False
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	179
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	180	def buildmatch(ui, repo, user, key):
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	181	'''return tuple of (match function, list enabled).'''
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	182	if not ui.has_section(key):
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	183	ui.debug('acl: %s not enabled\n' % key)
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	184	return None
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	185
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	186	pats = [pat for pat, users in ui.configitems(key)
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	187	if _usermatch(ui, user, users)]
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	188	ui.debug('acl: %s enabled, %d entries for user %s\n' %
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	189	(key, len(pats), user))
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	190
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	191	if not repo:
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	192	if pats:
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	193	return lambda b: '*' in pats or b in pats
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	194	return lambda b: False
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	195
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	196	if pats:
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	197	return match.match(repo.root, '', pats)
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	198	return match.exact(repo.root, '', [])
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	199
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	200
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	201	def hook(ui, repo, hooktype, node=None, source=None, **kwargs):
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	202	if hooktype not in ['pretxnchangegroup', 'pretxncommit']:
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	203	raise util.Abort(_('config error - hook type "%s" cannot stop '
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	204	'incoming changesets nor commits') % hooktype)
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	205	if (hooktype == 'pretxnchangegroup' and
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	206	source not in ui.config('acl', 'sources', 'serve').split()):
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	207	ui.debug('acl: changes have source "%s" - skipping\n' % source)
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	208	return
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	209
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	210	user = None
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	211	if source == 'serve' and 'url' in kwargs:
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	212	url = kwargs['url'].split(':')
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	213	if url[0] == 'remote' and url[1].startswith('http'):
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	214	user = urllib.unquote(url[3])
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	215
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	216	if user is None:
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	217	user = getpass.getuser()
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	218
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	219	cfg = ui.config('acl', 'config')
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	220	if cfg:
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	221	ui.readconfig(cfg, sections = ['acl.groups', 'acl.allow.branches',
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	222	'acl.deny.branches', 'acl.allow', 'acl.deny'])
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	223
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	224	allowbranches = buildmatch(ui, None, user, 'acl.allow.branches')
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	225	denybranches = buildmatch(ui, None, user, 'acl.deny.branches')
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	226	allow = buildmatch(ui, repo, user, 'acl.allow')
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	227	deny = buildmatch(ui, repo, user, 'acl.deny')
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	228
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	229	for rev in xrange(repo[node], len(repo)):
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	230	ctx = repo[rev]
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	231	branch = ctx.branch()
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	232	if denybranches and denybranches(branch):
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	233	raise util.Abort(_('acl: user "%s" denied on branch "%s"'
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	234	' (changeset "%s")')
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	235	% (user, branch, ctx))
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	236	if allowbranches and not allowbranches(branch):
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	237	raise util.Abort(_('acl: user "%s" not allowed on branch "%s"'
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	238	' (changeset "%s")')
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	239	% (user, branch, ctx))
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	240	ui.debug('acl: branch access granted: "%s" on branch "%s"\n'
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	241	% (ctx, branch))
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	242
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	243	for f in ctx.files():
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	244	if deny and deny(f):
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	245	ui.debug('acl: user %s denied on %s\n' % (user, f))
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	246	raise util.Abort(_('acl: access denied for changeset %s') % ctx)
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	247	if allow and not allow(f):
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	248	ui.debug('acl: user %s not allowed on %s\n' % (user, f))
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	249	raise util.Abort(_('acl: access denied for changeset %s') % ctx)
c6bca38c1cbf Added buildout stuff and made changes accordingly Nishanth Amuluru <nishanth@fossee.in> parents: diff changeset	250	ui.debug('acl: allowing changeset %s\n' % ctx)

author	Nishanth Amuluru <nishanth@fossee.in>
	Tue, 11 Jan 2011 12:30:10 +0530
changeset 140	8fcde6f8f750
parent 69	c6bca38c1cbf
permissions	-rw-r--r--