Mercurial Mercurial > mercurial / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
hgext/acl.py
changeset 11058 f6dcbeb5babe
parent 11057 7f0796a0b35c
child 11092 2dd91779eb27
equal deleted inserted replaced
11057:7f0796a0b35c 11058:f6dcbeb5babe 
    20 pushing or pulling. The hook is not safe to use if users have
 
    20 pushing or pulling. The hook is not safe to use if users have
 
    21 interactive shell access, as they can then disable the hook.
 
    21 interactive shell access, as they can then disable the hook.
 
    22 Nor is it safe if remote users share an account, because then there
 
    22 Nor is it safe if remote users share an account, because then there
 
    23 is no way to distinguish them.
 
    23 is no way to distinguish them.
 
    24 
    24 
    25 The deny list is checked before the allow list is.
 
    25 The deny list is checked before the allow list.
 
    26 
    26 
    27 The allow and deny sections take key-value pairs, having a subtree pattern
 
    27 The allow and deny sections take key-value pairs, having a subtree pattern
 
    28 as key (with a glob syntax by default). The corresponding value can be either:
 
    28 as key (with a glob syntax by default). The corresponding value can be either:
 
    29 
    29 
    30 1) an asterisk, to match everyone;
 
    30 1) an asterisk, to match everyone;
 
    31 2) a comma-separated list containing users and groups.
 
    31 2) a comma-separated list containing users and groups.
 
    32 
    32 
    33 Group names must be prefixed with an @ symbol.
 
    33 Group names must be prefixed with an ``@`` symbol.
 
    34 Specifying a group name has the same effect as specifying all the users in
 
    34 Specifying a group name has the same effect as specifying all the users in
 
    35 that group.
 
    35 that group.
 
    36 The set of users for a group is taken from "grp.getgrnam"
 
       
    37 (see http://docs.python.org/library/grp.html#grp.getgrnam).
 
       
    38 
    36 
    39 To use this hook, configure the acl extension in your hgrc like this::
 
    37 To use this hook, configure the acl extension in your hgrc like this::
 
    40 
    38 
    41   [extensions]
 
    39   [extensions]
 
    42   acl =
 
    40   acl =
 
    43 
    41 
    44   [hooks]
 
    42   [hooks]
 
    45 
    43 
    46   # Use this if you want to check access restrictions at commit time
 
    44   # Use this if you want to check access restrictions at commit time.
 
    47   pretxncommit.acl = python:hgext.acl.hook
 
    45   pretxncommit.acl = python:hgext.acl.hook
 
    48   
    46   
    49   # Use this if you want to check access restrictions for pull, push, bundle
 
    47   # Use this if you want to check access restrictions for pull, push, bundle
 
    50   # and serve.
 
    48   # and serve.
 
    51   pretxnchangegroup.acl = python:hgext.acl.hook
 
    49   pretxnchangegroup.acl = python:hgext.acl.hook
 
    52 
    50 
    53   [acl]
 
    51   [acl]
 
    54   # Check whether the source of incoming changes is in this list
 
    52   # Check whether the source of incoming changes is in this list where
 
    55   # ("serve" == ssh or http, "push", "pull", "bundle")
 
    53   # "serve" == ssh or http, and "push", "pull" and "bundle" are the
 
       
    54   # corresponding hg commands.
 
    56   sources = serve
 
    55   sources = serve
 
    57 
    56 
    58   [acl.deny]
 
    57   [acl.deny]
 
    59   # This list is checked first. If a match is found, 'acl.allow' will not be
 
    58   # This list is checked first. If a match is found, 'acl.allow' will not be
 
    60   # checked.
 
    59   # checked. All users are granted access if acl.deny is not present.
 
    61   # if acl.deny is not present, no users denied by default
 
    60   # Format for both lists: glob pattern = user, ..., @group, ...
 
    62   # empty acl.deny = all users allowed
 
       
    63   # Format for both lists: glob pattern = user4, user5, @group1
 
       
    64 
    61 
    65   # To match everyone, use an asterisk for the user:
 
    62   # To match everyone, use an asterisk for the user:
 
    66   # my/glob/pattern = *
 
    63   # my/glob/pattern = *
 
    67 
    64 
    68   # user6 will not have write access to any file:
 
    65   # user6 will not have write access to any file:
 
    85   # User "jack" and group "designers" have write access to any file under the
 
    82   # User "jack" and group "designers" have write access to any file under the
 
    86   # "images" folder:
 
    83   # "images" folder:
 
    87   images/** = jack, @designers
 
    84   images/** = jack, @designers
 
    88 
    85 
    89   # Everyone (except for "user6" - see "acl.deny" above) will have write access
 
    86   # Everyone (except for "user6" - see "acl.deny" above) will have write access
 
    90   to any file under the "resources" folder (except for 1 file. See "acl.deny"):
 
    87   # to any file under the "resources" folder (except for 1 file. See "acl.deny"):
 
    91   src/main/resources/** = *
 
    88   src/main/resources/** = *
 
    92 
    89 
    93   .hgtags = release_engineer
 
    90   .hgtags = release_engineer
 
    94 
    91 
    95 '''
 
    92 '''
mercurial