Forward-port tweak to forbiddenre support made in r1817 on the 1.0.x branch.
* lib/vcauth/forbiddenre/__init__.py (ViewVCAuthorizer._check_root_path_access): Lose 'rootname' and 'path_parts' parameters and logic to combine them; just accept the combined form as a new 'root_path' parameter. (ViewVCAuthorizer.check_root_access): Update call to _check_root_path_access(). (ViewVCAuthorizer.check_path_access): Do root and path combination here, and Update call to _check_root_path_access(). * viewvc.conf.dist (forbiddenre.forbidden): Update documentation and examples. git-svn-id: http://viewvc.tigris.org/svn/viewvc/trunk@1818 8cb11bc2-c004-0410-86c3-e597b4017df7remotes/log-paging
parent
301281228b
commit
8916fe3969
|
@ -32,24 +32,27 @@ class ViewVCAuthorizer(vcauth.GenericViewVCAuthorizer):
|
||||||
self.forbidden = map(lambda x: _split_regexp(string.strip(x)),
|
self.forbidden = map(lambda x: _split_regexp(string.strip(x)),
|
||||||
filter(None, string.split(forbidden, ',')))
|
filter(None, string.split(forbidden, ',')))
|
||||||
|
|
||||||
def _check_root_path_access(self, rootname, path_parts):
|
def _check_root_path_access(self, root_path):
|
||||||
path = rootname
|
|
||||||
if path_parts:
|
|
||||||
path = path + '/' + string.join(path_parts, '/')
|
|
||||||
|
|
||||||
default = 1
|
default = 1
|
||||||
for forbidden, negated in self.forbidden:
|
for forbidden, negated in self.forbidden:
|
||||||
if negated:
|
if negated:
|
||||||
default = 0
|
default = 0
|
||||||
if forbidden.search(path):
|
if forbidden.search(root_path):
|
||||||
return 1
|
return 1
|
||||||
elif forbidden.search(path):
|
elif forbidden.search(root_path):
|
||||||
return 0
|
return 0
|
||||||
return default
|
return default
|
||||||
|
|
||||||
def check_root_access(self, rootname):
|
def check_root_access(self, rootname):
|
||||||
return self._check_root_path_access(rootname, None)
|
return self._check_root_path_access(rootname)
|
||||||
|
|
||||||
def check_path_access(self, rootname, path_parts, pathtype, rev=None):
|
def check_path_access(self, rootname, path_parts, pathtype, rev=None):
|
||||||
return self._check_root_path_access(rootname, path_parts)
|
root_path = rootname
|
||||||
|
if path_parts:
|
||||||
|
root_path = root_path + '/' + string.join(path_parts, '/')
|
||||||
|
if pathtype == vclib.DIR:
|
||||||
|
root_path = root_path + '/'
|
||||||
|
else:
|
||||||
|
root_path = root_path + '/'
|
||||||
|
return self._check_root_path_access(root_path)
|
||||||
|
|
||||||
|
|
|
@ -748,7 +748,8 @@ forbidden =
|
||||||
# path "/trunk/www/index.html" in the repository whose root name is
|
# path "/trunk/www/index.html" in the repository whose root name is
|
||||||
# "svnrepos", this authorizer will check the path
|
# "svnrepos", this authorizer will check the path
|
||||||
# "svnrepos/trunk/www/index.html" against the list of forbidden
|
# "svnrepos/trunk/www/index.html" against the list of forbidden
|
||||||
# regular expressions.
|
# regular expressions. Directory paths will be terminated by a forward
|
||||||
|
# slash.
|
||||||
#
|
#
|
||||||
# Like the "forbidden" authorizer...
|
# Like the "forbidden" authorizer...
|
||||||
#
|
#
|
||||||
|
@ -766,11 +767,17 @@ forbidden =
|
||||||
# Disallow files named "PRIVATE", but allow all others:
|
# Disallow files named "PRIVATE", but allow all others:
|
||||||
# forbidden = /PRIVATE$
|
# forbidden = /PRIVATE$
|
||||||
#
|
#
|
||||||
|
# Disallow the "hidden" repository, allowing all others:
|
||||||
|
# forbidden = ^hidden(/|$)
|
||||||
|
#
|
||||||
# Allow only the "example1" and "example2" roots and the paths inside them,
|
# Allow only the "example1" and "example2" roots and the paths inside them,
|
||||||
# disallowing all others (which can be done in multiple ways):
|
# disallowing all others (which can be done in multiple ways):
|
||||||
# forbidden = !^example1(/|$), !^example2(/|$)/
|
# forbidden = !^example1(/|$), !^example2(/|$)/
|
||||||
# forbidden = !^example[12](/|$)
|
# forbidden = !^example[12](/|$)
|
||||||
#
|
#
|
||||||
|
# Only allow visibility of HTML files and the directories that hold them:
|
||||||
|
# forbidden = !^([^/]+|.*(/|\.html))$
|
||||||
|
#
|
||||||
forbidden =
|
forbidden =
|
||||||
|
|
||||||
#---------------------------------------------------------------------------
|
#---------------------------------------------------------------------------
|
||||||
|
|
Loading…
Reference in New Issue