« back to all changes in this revision
Viewing changes to contrib/bzr_access
- browse files at revision 3475.1.1
- compare with another revision
- compare with revision 5425.5.4
- download diff
- download tarball
- view history from revision 3475.1.1
- Committer: j at oil21
- Date: 2008-06-05 12:13:14 UTC
- mto: This revision was merged to the branch mainline in revision 3488.
- Revision ID: j@oil21.org-20080605121314-kv2l34nc1knvj7q5
fix contrib/bzr_access
* permissions work for the full repository only
* permissions work for the full repository only
- files modified:
- contrib/bzr_access
added
removed
contrib/bzr_access
40
40
the users belonging to the given groups. (User names must be separated by
41
41
commas.)
42
42
43
All other sections names should be path names (starting with '/'), defining
44
the permissions for the given path. The options in those sections are user
45
names or group references (group name with a leading '@'), the corresponding
46
values are the permissions: 'rw', 'r' and '' (without the quotes) for
47
read-write, read-only and no access, respectively.
48
49
Only the options in the section with the longest matching name are evaluated.
50
The last relevant option for the user is used.
43
Right now only one section is supported [/], defining the permissions for the
44
repository. The options in those sections are user names or group references
45
(group name with a leading '@'), the corresponding values are the
46
permissions: 'rw', 'r' and '' (without the quotes)
47
for read-write, read-only and no access, respectively.
51
48
52
49
Sample bzr_access.conf::
53
50
55
52
admins = alpha
56
53
devels = beta, gamma, delta
57
54
58
[/test/trunk]
55
[/]
59
56
@admins = rw
60
57
@devels = r
61
62
[/test/branches]
63
@admins = rw
64
@devels = rw
65
66
58
67
59
This allows you to set up a single SSH user, and customize the access based on
68
60
ssh key. Your ``.ssh/authorized_key`` file should look something like this::
131
123
self.groups[group] = set([ s.strip() for s in users.split(",")])
132
124
133
125
134
def permission(self, user, path):
126
def permission(self, user):
135
127
"""Determines the permission for a given user and a given path
136
128
:param user: user to look for.
137
:param path: path to look for.
138
129
:return: permission.
139
130
"""
140
if not path.startswith("/"):
141
return PERM_DENIED
131
configSection = "/"
142
132
perm = PERM_DENIED
143
pathFound = False
144
while not pathFound and path != "/":
145
print >>sys.stderr, "DEBUG:", path
146
pathFound = self.config.has_section(path)
147
if (pathFound):
148
options = reversed(self.config.options(path))
149
for option in options:
150
value = PERM_DICT.get(self.config.get(path, option),
151
PERM_DENIED)
152
if self._is_relevant(option, user):
153
perm = value
154
else:
155
path = os.path.dirname(path)
133
pathFound = self.config.has_section(configSection)
134
if (pathFound):
135
options = reversed(self.config.options(configSection))
136
for option in options:
137
value = PERM_DICT.get(self.config.get(configSection, option),
138
PERM_DENIED)
139
if self._is_relevant(option, user):
140
perm = value
156
141
return perm
157
142
158
143
159
144
def _is_relevant(self, option, user):
160
145
"""Decides if a certain option is relevant for a given user.
225
210
error("Can't read config file.", EXIT_NOCONF)
226
211
227
212
# Determine permission and execute bzr with appropriate options
228
perm = accessMan.permission(user, directory)
229
absDir = os.path.join(repoRoot, directory)
230
command = [bzrExec] + BZR_OPTIONS + [absDir]
213
perm = accessMan.permission(user)
214
command = [bzrExec] + BZR_OPTIONS + [repoRoot]
231
215
if perm == PERM_READ:
232
216
# Nothing extra needed for readonly operations
233
217
pass
Loggerhead is a web-based interface for Breezy
Version: 2.0.1