Mercurial > public > mercurial-scm > hg
comparison mercurial/commands.py @ 50444:45c7bada5200
hidden: add support to explicitly access hidden changesets with SSH peers
This implements support for using --remote-hidden with an SSH server. The
remote `hg serve --stdio` call is passed the `--hidden` flag as a request to
access hidden changesets.
This approach has benefits similar to the one we used for HTTP peers. It
* works around the lack of global parameters in wire protocol v1,
* reuses the `--hidden` flag (that does not use the wireproto), and
* can be safely ignored by older client (fitting the best effort contract).
Same as for HTTP, the feature is experimental so we have all the room we needs
to update the implementation in the future if deemed necessary.
The SSH version of the `--remote-hidden` config uses the same configuration as
the HTTP support to control the access to this feature. The name of the user
running the command is used for the checking.
Test written by Pierre-Yves David.
| author | Manuel Jacob <me@manueljacob.de> |
|---|---|
| date | Sat, 13 Apr 2019 03:44:55 +0200 |
| parents | 3a2df812e1c7 |
| children | 0ab3956540a6 |
comparison
equal
deleted
inserted
replaced
| 50443:afb27fc92717 | 50444:45c7bada5200 |
|---|---|
| 67 vfs as vfsmod, | 67 vfs as vfsmod, |
| 68 wireprotoserver, | 68 wireprotoserver, |
| 69 ) | 69 ) |
| 70 from .utils import ( | 70 from .utils import ( |
| 71 dateutil, | 71 dateutil, |
| 72 procutil, | |
| 72 stringutil, | 73 stringutil, |
| 73 urlutil, | 74 urlutil, |
| 74 ) | 75 ) |
| 75 | 76 |
| 76 table = {} | 77 table = {} |
| 6670 if opts[b"stdio"]: | 6671 if opts[b"stdio"]: |
| 6671 if repo is None: | 6672 if repo is None: |
| 6672 raise error.RepoError( | 6673 raise error.RepoError( |
| 6673 _(b"there is no Mercurial repository here (.hg not found)") | 6674 _(b"there is no Mercurial repository here (.hg not found)") |
| 6674 ) | 6675 ) |
| 6675 s = wireprotoserver.sshserver(ui, repo) | 6676 accesshidden = False |
| 6677 if repo.filtername is None: | |
| 6678 allow = ui.configlist( | |
| 6679 b'experimental', b'server.allow-hidden-access' | |
| 6680 ) | |
| 6681 user = procutil.getuser() | |
| 6682 if allow and scmutil.ismember(ui, user, allow): | |
| 6683 accesshidden = True | |
| 6684 else: | |
| 6685 msg = ( | |
| 6686 _( | |
| 6687 b'ignoring request to access hidden changeset by ' | |
| 6688 b'unauthorized user: %s\n' | |
| 6689 ) | |
| 6690 % user | |
| 6691 ) | |
| 6692 ui.warn(msg) | |
| 6693 | |
| 6694 s = wireprotoserver.sshserver(ui, repo, accesshidden=accesshidden) | |
| 6676 s.serve_forever() | 6695 s.serve_forever() |
| 6677 return | 6696 return |
| 6678 | 6697 |
| 6679 service = server.createservice(ui, repo, opts) | 6698 service = server.createservice(ui, repo, opts) |
| 6680 return server.runservice(opts, initfn=service.init, runfn=service.run) | 6699 return server.runservice(opts, initfn=service.init, runfn=service.run) |