2007-04-26 00:07:13 +04:00
|
|
|
# -*-python-*-
|
|
|
|
#
|
2013-01-04 23:01:54 +04:00
|
|
|
# Copyright (C) 2006-2013 The ViewCVS Group. All Rights Reserved.
|
2007-04-26 00:07:13 +04:00
|
|
|
#
|
|
|
|
# By using this file, you agree to the terms and conditions set forth in
|
|
|
|
# the LICENSE.html file which can be found at the top level of the ViewVC
|
|
|
|
# distribution or at http://viewvc.org/license-1.html.
|
|
|
|
#
|
|
|
|
# For more information, visit http://viewvc.org/
|
|
|
|
#
|
|
|
|
# -----------------------------------------------------------------------
|
|
|
|
import vcauth
|
2007-05-21 18:45:00 +04:00
|
|
|
import vclib
|
2007-04-26 00:07:13 +04:00
|
|
|
import fnmatch
|
|
|
|
|
|
|
|
class ViewVCAuthorizer(vcauth.GenericViewVCAuthorizer):
|
|
|
|
"""A simple top-level module authorizer."""
|
2008-02-06 22:22:53 +03:00
|
|
|
def __init__(self, username, params={}):
|
2007-06-20 17:23:52 +04:00
|
|
|
forbidden = params.get('forbidden', '')
|
Wow. Drop a "general code cleanup" kind of bomb on the codebase. All
of this is aimed at not paying the maintenance price of supporting
Python versions prior to 2.4 any longer, plus a little bit of just
getting dead code out of the way.
* lib/compat.py
Remove as unused.
* bin/cvsdbadmin,
* bin/loginfo-handler,
* bin/make-database,
* bin/svndbadmin,
* lib/accept.py,
* lib/blame.py,
* lib/cvsdb.py,
* lib/popen.py,
* lib/query.py,
* lib/sapi.py,
* lib/vcauth/forbidden/__init__.py
* lib/vcauth/forbiddenre/__init__.py,
* lib/vcauth/svnauthz/__init__.py,
* lib/vclib/__init__.py,
* lib/vclib/ccvs/blame.py,
* lib/win32popen.py,
* tests/timelog.py
Replace explicit import and use of the 'string' module with newer constructs.
* bin/standalone.py,
* lib/viewvc.py
No longer use 'compat' module. Replace explicit import and use of
the 'string' module with newer constructs.
* lib/dbi.py
Use calender.timegm() instead of compat.timegm().
* lib/vcauth/__init__.py
Lose unused module imports.
* lib/config.py,
Replace explicit import and use of the 'string' module with newer
constructs where possible. Lose old ConfigParser patch-up code for
Python 1.5.1.
* lib/vclib/ccvs/ccvs.py
Replace explicit import and use of the 'string' module with newer
constructs where possible. Import _path_join() from bincvs, and use
it instead of a bunch of copy-and-pasted string join() statements
throughout.
* lib/vclib/ccvs/__init__.py
(cvs_strptime): Moved here from the 'compat' module.
* lib/vclib/ccvs/bincvs.py
(): No longer use 'compat' module. Replace explicit import and use
of the 'string' module with newer constructs.
(_path_join): New, used now instead of a bunch of copy-and-pasted
string join() statements throughout.
* viewvc-install
Don't use the 'compat' module any more.
Also, so some rearranging of non-critical bits.
* misc/: New directory.
* misc/py2html.py: Moved from 'lib/py2html.py'.
* misc/PyFontify.py: Moved from 'lib/PyFontify.py'.
* misc/elemx/: Moved from 'elemx/'.
* misc/tparse/: Moved from 'tparse/'.
* tools/make-release
Omit 'misc' directory from releases, too.
git-svn-id: http://viewvc.tigris.org/svn/viewvc/trunk@2437 8cb11bc2-c004-0410-86c3-e597b4017df7
2010-09-03 20:49:52 +04:00
|
|
|
self.forbidden = map(lambda x: x.strip(),
|
|
|
|
filter(None, forbidden.split(',')))
|
2008-02-06 22:22:53 +03:00
|
|
|
|
|
|
|
def check_root_access(self, rootname):
|
|
|
|
return 1
|
2010-12-09 19:10:04 +03:00
|
|
|
|
|
|
|
def check_universal_access(self, rootname):
|
|
|
|
# If there aren't any forbidden paths, we can grant universal read
|
|
|
|
# access. Otherwise, we make no claim.
|
|
|
|
if not self.forbidden:
|
|
|
|
return 1
|
|
|
|
return None
|
|
|
|
|
2008-02-06 22:22:53 +03:00
|
|
|
def check_path_access(self, rootname, path_parts, pathtype, rev=None):
|
For issue #268: Merge the Authorizers' check_directory_access() and
check_file_access() functions into a single check_path_access(). Most
authorizers won't need to care about the distinction.
* lib/vcauth/__init__.py
(GenericViewVCAuthorizer.check_path_access): New, replaces ...
(GenericViewVCAuthorizer.check_file_access,
GenericViewVCAuthorizer.check_directory_access): ...these
now-removed functions.
(ViewVCAuthorizer.check_path_access): New.
(ViewVCAuthorizer.check_file_access,
ViewVCAuthorizer.check_directory_access): Removed.
* lib/vcauth/forbidden/__init__.py
(ViewVCAuthorizer.__init__): Squirrel away 'root' so we can use it ...
(ViewVCAuthorizer.check_path_access): ...here. Was
check_directory_access(), and now optionally checks the path's type
before making the access determination.
(ViewVCAuthorizer.check_file_access): Removed.
* lib/vcauth/svnauthz/__init__.py
(ViewVCAuthorizer.check_path_access): Was _check_path_access(). Add
'rev' parameter.
(ViewVCAuthorizer.check_file_access,
ViewVCAuthorizer.check_directory_access): Removed.
* lib/viewvc.py
(Request.run_viewvc, view_directory, _get_diff_path_parts,
generate_tarball, view_revision, build_commit): Use the
authorizor's check_path_access() instead of the now-removed
check_directory_access() and check_file_access() functions.
* lib/query.py
(build_commit): Use check_path_access() instead of
check_directory_access().
git-svn-id: http://viewvc.tigris.org/svn/viewvc/trunk@1661 8cb11bc2-c004-0410-86c3-e597b4017df7
2007-05-16 00:18:56 +04:00
|
|
|
# No path? No problem.
|
2007-04-26 00:07:13 +04:00
|
|
|
if not path_parts:
|
|
|
|
return 1
|
For issue #268: Merge the Authorizers' check_directory_access() and
check_file_access() functions into a single check_path_access(). Most
authorizers won't need to care about the distinction.
* lib/vcauth/__init__.py
(GenericViewVCAuthorizer.check_path_access): New, replaces ...
(GenericViewVCAuthorizer.check_file_access,
GenericViewVCAuthorizer.check_directory_access): ...these
now-removed functions.
(ViewVCAuthorizer.check_path_access): New.
(ViewVCAuthorizer.check_file_access,
ViewVCAuthorizer.check_directory_access): Removed.
* lib/vcauth/forbidden/__init__.py
(ViewVCAuthorizer.__init__): Squirrel away 'root' so we can use it ...
(ViewVCAuthorizer.check_path_access): ...here. Was
check_directory_access(), and now optionally checks the path's type
before making the access determination.
(ViewVCAuthorizer.check_file_access): Removed.
* lib/vcauth/svnauthz/__init__.py
(ViewVCAuthorizer.check_path_access): Was _check_path_access(). Add
'rev' parameter.
(ViewVCAuthorizer.check_file_access,
ViewVCAuthorizer.check_directory_access): Removed.
* lib/viewvc.py
(Request.run_viewvc, view_directory, _get_diff_path_parts,
generate_tarball, view_revision, build_commit): Use the
authorizor's check_path_access() instead of the now-removed
check_directory_access() and check_file_access() functions.
* lib/query.py
(build_commit): Use check_path_access() instead of
check_directory_access().
git-svn-id: http://viewvc.tigris.org/svn/viewvc/trunk@1661 8cb11bc2-c004-0410-86c3-e597b4017df7
2007-05-16 00:18:56 +04:00
|
|
|
|
2008-02-06 22:22:53 +03:00
|
|
|
# Not a directory? We aren't interested.
|
|
|
|
if pathtype != vclib.DIR:
|
|
|
|
return 1
|
For issue #268: Merge the Authorizers' check_directory_access() and
check_file_access() functions into a single check_path_access(). Most
authorizers won't need to care about the distinction.
* lib/vcauth/__init__.py
(GenericViewVCAuthorizer.check_path_access): New, replaces ...
(GenericViewVCAuthorizer.check_file_access,
GenericViewVCAuthorizer.check_directory_access): ...these
now-removed functions.
(ViewVCAuthorizer.check_path_access): New.
(ViewVCAuthorizer.check_file_access,
ViewVCAuthorizer.check_directory_access): Removed.
* lib/vcauth/forbidden/__init__.py
(ViewVCAuthorizer.__init__): Squirrel away 'root' so we can use it ...
(ViewVCAuthorizer.check_path_access): ...here. Was
check_directory_access(), and now optionally checks the path's type
before making the access determination.
(ViewVCAuthorizer.check_file_access): Removed.
* lib/vcauth/svnauthz/__init__.py
(ViewVCAuthorizer.check_path_access): Was _check_path_access(). Add
'rev' parameter.
(ViewVCAuthorizer.check_file_access,
ViewVCAuthorizer.check_directory_access): Removed.
* lib/viewvc.py
(Request.run_viewvc, view_directory, _get_diff_path_parts,
generate_tarball, view_revision, build_commit): Use the
authorizor's check_path_access() instead of the now-removed
check_directory_access() and check_file_access() functions.
* lib/query.py
(build_commit): Use check_path_access() instead of
check_directory_access().
git-svn-id: http://viewvc.tigris.org/svn/viewvc/trunk@1661 8cb11bc2-c004-0410-86c3-e597b4017df7
2007-05-16 00:18:56 +04:00
|
|
|
|
2008-02-06 22:22:53 +03:00
|
|
|
# At this point we're looking at a directory path.
|
2007-04-26 00:07:13 +04:00
|
|
|
module = path_parts[0]
|
|
|
|
default = 1
|
|
|
|
for pat in self.forbidden:
|
|
|
|
if pat[0] == '!':
|
|
|
|
default = 0
|
|
|
|
if fnmatch.fnmatchcase(module, pat[1:]):
|
|
|
|
return 1
|
|
|
|
elif fnmatch.fnmatchcase(module, pat):
|
|
|
|
return 0
|
|
|
|
return default
|