equal
deleted
inserted
replaced
360 try: |
360 try: |
361 if query: |
361 if query: |
362 raise ErrorResponse(HTTP_NOT_FOUND) |
362 raise ErrorResponse(HTTP_NOT_FOUND) |
363 |
363 |
364 req.checkperm = lambda op: self.check_perm(rctx, req, op) |
364 req.checkperm = lambda op: self.check_perm(rctx, req, op) |
365 if cmd in perms: |
365 # Assume commands with no defined permissions are writes / |
366 req.checkperm(perms[cmd]) |
366 # for pushes. This is the safest from a security perspective |
|
367 # because it doesn't allow commands with undefined semantics |
|
368 # from bypassing permissions checks. |
|
369 req.checkperm(perms.get(cmd, 'push')) |
367 return protocol.call(rctx.repo, req, cmd) |
370 return protocol.call(rctx.repo, req, cmd) |
368 except ErrorResponse as inst: |
371 except ErrorResponse as inst: |
369 # A client that sends unbundle without 100-continue will |
372 # A client that sends unbundle without 100-continue will |
370 # break if we respond early. |
373 # break if we respond early. |
371 if (cmd == 'unbundle' and |
374 if (cmd == 'unbundle' and |