Introduce a new authz module, like 'forbidden' but with support for
checking all roots and paths against regular expressions. * viewvc.conf.dist (forbidden): New authz-forbiddenre section. * lib/vcauth/forbiddenre, * lib/vcauth/forbiddenre/__init__.py New authorizer based on simple regular expressions. git-svn-id: http://viewvc.tigris.org/svn/viewvc/trunk@1763 8cb11bc2-c004-0410-86c3-e597b4017df7remotes/issue-57-dev
parent
220792f72c
commit
057ab0fe25
|
@ -0,0 +1,55 @@
|
|||
# -*-python-*-
|
||||
#
|
||||
# Copyright (C) 2006 The ViewCVS Group. All Rights Reserved.
|
||||
#
|
||||
# By using this file, you agree to the terms and conditions set forth in
|
||||
# the LICENSE.html file which can be found at the top level of the ViewVC
|
||||
# distribution or at http://viewvc.org/license-1.html.
|
||||
#
|
||||
# For more information, visit http://viewvc.org/
|
||||
#
|
||||
# -----------------------------------------------------------------------
|
||||
import vcauth
|
||||
import vclib
|
||||
import fnmatch
|
||||
import string
|
||||
import re
|
||||
|
||||
|
||||
def _split_regexp(restr):
|
||||
"""Return a 2-tuple consisting of a compiled regular expression
|
||||
object and a boolean flag indicating if that object should be
|
||||
interpreted inversely."""
|
||||
if restr[0] == '!':
|
||||
return re.compile(restr[1:]), 1
|
||||
return re.compile(restr), 0
|
||||
|
||||
|
||||
class ViewVCAuthorizer(vcauth.GenericViewVCAuthorizer):
|
||||
"""A simple regular-expression-based authorizer."""
|
||||
def __init__(self, username, params={}):
|
||||
forbidden = params.get('forbidden', '')
|
||||
self.forbidden = map(lambda x: _split_regexp(string.strip(x)),
|
||||
filter(None, string.split(forbidden, ',')))
|
||||
|
||||
def _check_root_path_access(self, rootname, path_parts):
|
||||
path = rootname
|
||||
if path_parts:
|
||||
path = path + '/' + string.join(path_parts, '/')
|
||||
|
||||
default = 1
|
||||
for forbidden, negated in self.forbidden:
|
||||
if negated:
|
||||
default = 0
|
||||
if forbidden.search(path):
|
||||
return 1
|
||||
elif forbidden.search(path):
|
||||
return 0
|
||||
return default
|
||||
|
||||
def check_root_access(self, rootname):
|
||||
return self._check_root_path_access(rootname, None)
|
||||
|
||||
def check_path_access(self, rootname, path_parts, pathtype, rev=None):
|
||||
return self._check_root_path_access(rootname, path_parts)
|
||||
|
|
@ -732,6 +732,43 @@ enabled = 0
|
|||
#
|
||||
forbidden =
|
||||
|
||||
#---------------------------------------------------------------------------
|
||||
[authz-forbiddenre]
|
||||
|
||||
# The "forbiddenre" authorizer forbids access to repository paths by
|
||||
# comparing a list of regular expressions (separated by commas)
|
||||
# against paths consisting of the repository (or root) name plus the
|
||||
# path of the versioned file or directory to be tested. For example,
|
||||
# to see if the user is authorized to see the path
|
||||
# "/trunk/www/index.html" in the repository whose root name is
|
||||
# "svnrepos", this authorizer will check the path
|
||||
# "svnrepos/trunk/www/index.html" against the list of forbidden
|
||||
# regular expressions.
|
||||
#
|
||||
# Like the "forbidden" authorizer...
|
||||
#
|
||||
# *) The "!" can be used before a module to explicitly state that it
|
||||
# is NOT forbidden. Whenever this form is seen, then all modules will
|
||||
# be forbidden unless one of the "!" modules match.
|
||||
#
|
||||
# *) Tests are performed in sequence. The first match will terminate the
|
||||
# testing. This allows for more complex allow/deny patterns.
|
||||
#
|
||||
# NOTE: Again, this is for the hiding of modules within repositories, *not*
|
||||
# for the hiding of repositories (roots) themselves.
|
||||
#
|
||||
# Some examples:
|
||||
#
|
||||
# Disallow files named "PRIVATE", but allow all others:
|
||||
# forbidden = /PRIVATE$
|
||||
#
|
||||
# Allow only the "example1" and "example2" roots and the paths inside them,
|
||||
# disallowing all others (which can be done in multiple ways):
|
||||
# forbidden = !^example1(/|$), !^example2(/|$)/
|
||||
# forbidden = !^example[12](/|$)
|
||||
#
|
||||
forbidden =
|
||||
|
||||
#---------------------------------------------------------------------------
|
||||
[authz-svnauthz]
|
||||
|
||||
|
|
Loading…
Reference in New Issue