Forward-port tweak to forbiddenre support made in r1817 on the 1.0.x branch.

* lib/vcauth/forbiddenre/__init__.py (ViewVCAuthorizer._check_root_path_access): Lose 'rootname' and 'path_parts' parameters and logic to combine them; just accept the combined form as a new 'root_path' parameter. (ViewVCAuthorizer.check_root_access): Update call to _check_root_path_access(). (ViewVCAuthorizer.check_path_access): Do root and path combination here, and Update call to _check_root_path_access(). * viewvc.conf.dist (forbiddenre.forbidden): Update documentation and examples. git-svn-id: http://viewvc.tigris.org/svn/viewvc/trunk@1818 8cb11bc2-c004-0410-86c3-e597b4017df7
2008-02-25 21:07:06 +00:00 · 2008-02-25 21:07:06 +00:00 · 8916fe3969
parent 301281228b
commit 8916fe3969
2 changed files with 20 additions and 10 deletions
--- a/lib/vcauth/forbiddenre/init.py
+++ b/lib/vcauth/forbiddenre/init.py
@ -32,24 +32,27 @@ class ViewVCAuthorizer(vcauth.GenericViewVCAuthorizer):
    self.forbidden = map(lambda x: _split_regexp(string.strip(x)),
                         filter(None, string.split(forbidden, ',')))
                         
-  def _check_root_path_access(self, rootname, path_parts):
-    path = rootname
-    if path_parts:
-      path = path + '/' + string.join(path_parts, '/')
-
+  def _check_root_path_access(self, root_path):
    default = 1
    for forbidden, negated in self.forbidden:
      if negated:
        default = 0
-        if forbidden.search(path):
+        if forbidden.search(root_path):
          return 1
-      elif forbidden.search(path):
+      elif forbidden.search(root_path):
        return 0
    return default
      
  def check_root_access(self, rootname):
-    return self._check_root_path_access(rootname, None)
+    return self._check_root_path_access(rootname)
  
  def check_path_access(self, rootname, path_parts, pathtype, rev=None):
-    return self._check_root_path_access(rootname, path_parts)
+    root_path = rootname
+    if path_parts:
+      root_path = root_path + '/' + string.join(path_parts, '/')
+      if pathtype == vclib.DIR:
+        root_path = root_path + '/'
+    else:
+      root_path = root_path + '/'
+    return self._check_root_path_access(root_path)
    
--- a/viewvc.conf.dist
+++ b/viewvc.conf.dist
@ -748,7 +748,8 @@ forbidden =
 # path "/trunk/www/index.html" in the repository whose root name is
 # "svnrepos", this authorizer will check the path
 # "svnrepos/trunk/www/index.html" against the list of forbidden
-# regular expressions.
+# regular expressions.  Directory paths will be terminated by a forward
+# slash.
 #
 # Like the "forbidden" authorizer...
 #
@ -766,11 +767,17 @@ forbidden =
 #    Disallow files named "PRIVATE", but allow all others:
 #       forbidden = /PRIVATE$
 #
+#    Disallow the "hidden" repository, allowing all others:
+#       forbidden = ^hidden(/|$)
+#
 #    Allow only the "example1" and "example2" roots and the paths inside them,
 #    disallowing all others (which can be done in multiple ways):
 #       forbidden = !^example1(/|$), !^example2(/|$)/
 #       forbidden = !^example[12](/|$)
 #
+#    Only allow visibility of HTML files and the directories that hold them:
+#       forbidden = !^([^/]+|.*(/|\.html))$
+#
 forbidden = 

 #---------------------------------------------------------------------------