65 lines
2.0 KiB
Python
65 lines
2.0 KiB
Python
# -*-python-*-
|
|
#
|
|
# Copyright (C) 2008-2013 The ViewCVS Group. All Rights Reserved.
|
|
#
|
|
# By using this file, you agree to the terms and conditions set forth in
|
|
# the LICENSE.html file which can be found at the top level of the ViewVC
|
|
# distribution or at http://viewvc.org/license-1.html.
|
|
#
|
|
# For more information, visit http://viewvc.org/
|
|
#
|
|
# -----------------------------------------------------------------------
|
|
import vcauth
|
|
import vclib
|
|
import fnmatch
|
|
import re
|
|
|
|
|
|
def _split_regexp(restr):
|
|
"""Return a 2-tuple consisting of a compiled regular expression
|
|
object and a boolean flag indicating if that object should be
|
|
interpreted inversely."""
|
|
if restr[0] == '!':
|
|
return re.compile(restr[1:]), 1
|
|
return re.compile(restr), 0
|
|
|
|
|
|
class ViewVCAuthorizer(vcauth.GenericViewVCAuthorizer):
|
|
"""A simple regular-expression-based authorizer."""
|
|
def __init__(self, username, params={}):
|
|
forbidden = params.get('forbiddenre', '')
|
|
self.forbidden = map(lambda x: _split_regexp(x.strip()),
|
|
filter(None, forbidden.split(',')))
|
|
|
|
def _check_root_path_access(self, root_path):
|
|
default = 1
|
|
for forbidden, negated in self.forbidden:
|
|
if negated:
|
|
default = 0
|
|
if forbidden.search(root_path):
|
|
return 1
|
|
elif forbidden.search(root_path):
|
|
return 0
|
|
return default
|
|
|
|
def check_root_access(self, rootname):
|
|
return self._check_root_path_access(rootname)
|
|
|
|
def check_universal_access(self, rootname):
|
|
# If there aren't any forbidden regexps, we can grant universal
|
|
# read access. Otherwise, we make no claim.
|
|
if not self.forbidden:
|
|
return 1
|
|
return None
|
|
|
|
def check_path_access(self, rootname, path_parts, pathtype, rev=None):
|
|
root_path = rootname
|
|
if path_parts:
|
|
root_path = root_path + '/' + '/'.join(path_parts)
|
|
if pathtype == vclib.DIR:
|
|
root_path = root_path + '/'
|
|
else:
|
|
root_path = root_path + '/'
|
|
return self._check_root_path_access(root_path)
|
|
|