108 if not path.startswith('/'): |
108 if not path.startswith('/'): |
109 path = '/' + path |
109 path = '/' + path |
110 |
110 |
111 return name, pycompat.bytestr(port), path |
111 return name, pycompat.bytestr(port), path |
112 |
112 |
|
113 def readallowed(ui, req): |
|
114 """Check allow_read and deny_read config options of a repo's ui object |
|
115 to determine user permissions. By default, with neither option set (or |
|
116 both empty), allow all users to read the repo. There are two ways a |
|
117 user can be denied read access: (1) deny_read is not empty, and the |
|
118 user is unauthenticated or deny_read contains user (or *), and (2) |
|
119 allow_read is not empty and the user is not in allow_read. Return True |
|
120 if user is allowed to read the repo, else return False.""" |
|
121 |
|
122 user = req.remoteuser |
|
123 |
|
124 deny_read = ui.configlist('web', 'deny_read', untrusted=True) |
|
125 if deny_read and (not user or ismember(ui, user, deny_read)): |
|
126 return False |
|
127 |
|
128 allow_read = ui.configlist('web', 'allow_read', untrusted=True) |
|
129 # by default, allow reading if no allow_read option has been set |
|
130 if not allow_read or ismember(ui, user, allow_read): |
|
131 return True |
|
132 |
|
133 return False |
|
134 |
113 class hgwebdir(object): |
135 class hgwebdir(object): |
114 """HTTP server for multiple repositories. |
136 """HTTP server for multiple repositories. |
115 |
137 |
116 Given a configuration, different repositories will be served depending |
138 Given a configuration, different repositories will be served depending |
117 on the request path. |
139 on the request path. |
197 wsgicgi.launch(self) |
219 wsgicgi.launch(self) |
198 |
220 |
199 def __call__(self, env, respond): |
221 def __call__(self, env, respond): |
200 wsgireq = requestmod.wsgirequest(env, respond) |
222 wsgireq = requestmod.wsgirequest(env, respond) |
201 return self.run_wsgi(wsgireq) |
223 return self.run_wsgi(wsgireq) |
202 |
|
203 def readallowed(self, ui, req): |
|
204 """Check allow_read and deny_read config options of a repo's ui object |
|
205 to determine user permissions. By default, with neither option set (or |
|
206 both empty), allow all users to read the repo. There are two ways a |
|
207 user can be denied read access: (1) deny_read is not empty, and the |
|
208 user is unauthenticated or deny_read contains user (or *), and (2) |
|
209 allow_read is not empty and the user is not in allow_read. Return True |
|
210 if user is allowed to read the repo, else return False.""" |
|
211 |
|
212 user = req.remoteuser |
|
213 |
|
214 deny_read = ui.configlist('web', 'deny_read', untrusted=True) |
|
215 if deny_read and (not user or ismember(ui, user, deny_read)): |
|
216 return False |
|
217 |
|
218 allow_read = ui.configlist('web', 'allow_read', untrusted=True) |
|
219 # by default, allow reading if no allow_read option has been set |
|
220 if (not allow_read) or ismember(ui, user, allow_read): |
|
221 return True |
|
222 |
|
223 return False |
|
224 |
224 |
225 def run_wsgi(self, wsgireq): |
225 def run_wsgi(self, wsgireq): |
226 profile = self.ui.configbool('profiling', 'enabled') |
226 profile = self.ui.configbool('profiling', 'enabled') |
227 with profiling.profile(self.ui, enabled=profile): |
227 with profiling.profile(self.ui, enabled=profile): |
228 for r in self._runwsgi(wsgireq): |
228 for r in self._runwsgi(wsgireq): |
427 return u.config(section, name, default, untrusted=True) |
427 return u.config(section, name, default, untrusted=True) |
428 |
428 |
429 if u.configbool("web", "hidden", untrusted=True): |
429 if u.configbool("web", "hidden", untrusted=True): |
430 continue |
430 continue |
431 |
431 |
432 if not self.readallowed(u, req): |
432 if not readallowed(u, req): |
433 continue |
433 continue |
434 |
434 |
435 # update time with local timezone |
435 # update time with local timezone |
436 try: |
436 try: |
437 r = hg.repository(self.ui, path) |
437 r = hg.repository(self.ui, path) |