Mercurial > public > mercurial-scm > hg
comparison mercurial/hgweb/hgwebdir_mod.py @ 19032:7d31f2e42a8a
hgweb: refactor checks for granting and revoking user permissions
Provides an entry point for extensions implementing more complex
authorization schemes.
Original patch proposed by Markus Zapke-Gr?ndemann.
| author | Wagner Bruna <wbruna@softwareexpress.com.br> |
|---|---|
| date | Mon, 15 Apr 2013 18:57:04 -0300 |
| parents | 76ff3a715cf2 |
| children | 1dba26575dba |
comparison
equal
deleted
inserted
replaced
| 19031:341083b02d1b | 19032:7d31f2e42a8a |
|---|---|
| 8 | 8 |
| 9 import os, re, time | 9 import os, re, time |
| 10 from mercurial.i18n import _ | 10 from mercurial.i18n import _ |
| 11 from mercurial import ui, hg, scmutil, util, templater | 11 from mercurial import ui, hg, scmutil, util, templater |
| 12 from mercurial import error, encoding | 12 from mercurial import error, encoding |
| 13 from common import ErrorResponse, get_mtime, staticfile, paritygen, \ | 13 from common import ErrorResponse, get_mtime, staticfile, paritygen, ismember, \ |
| 14 get_contact, HTTP_OK, HTTP_NOT_FOUND, HTTP_SERVER_ERROR | 14 get_contact, HTTP_OK, HTTP_NOT_FOUND, HTTP_SERVER_ERROR |
| 15 from hgweb_mod import hgweb, makebreadcrumb | 15 from hgweb_mod import hgweb, makebreadcrumb |
| 16 from request import wsgirequest | 16 from request import wsgirequest |
| 17 import webutil | 17 import webutil |
| 18 | 18 |
| 162 if user is allowed to read the repo, else return False.""" | 162 if user is allowed to read the repo, else return False.""" |
| 163 | 163 |
| 164 user = req.env.get('REMOTE_USER') | 164 user = req.env.get('REMOTE_USER') |
| 165 | 165 |
| 166 deny_read = ui.configlist('web', 'deny_read', untrusted=True) | 166 deny_read = ui.configlist('web', 'deny_read', untrusted=True) |
| 167 if deny_read and (not user or deny_read == ['*'] or user in deny_read): | 167 if deny_read and (not user or ismember(ui, user, deny_read)): |
| 168 return False | 168 return False |
| 169 | 169 |
| 170 allow_read = ui.configlist('web', 'allow_read', untrusted=True) | 170 allow_read = ui.configlist('web', 'allow_read', untrusted=True) |
| 171 # by default, allow reading if no allow_read option has been set | 171 # by default, allow reading if no allow_read option has been set |
| 172 if (not allow_read) or (allow_read == ['*']) or (user in allow_read): | 172 if (not allow_read) or ismember(ui, user, allow_read): |
| 173 return True | 173 return True |
| 174 | 174 |
| 175 return False | 175 return False |
| 176 | 176 |
| 177 def run_wsgi(self, req): | 177 def run_wsgi(self, req): |