コード例 #1
0
ファイル: test_group.py プロジェクト: handmoney/gitosis
def test_no_notListed():
    cfg = RawConfigParser()
    cfg.add_section("group hackers")
    cfg.set("group hackers", "members", "wsmith")
    gen = group.getMembership(config=cfg, user="jdoe")
    eq(gen.next(), "all")
    assert_raises(StopIteration, gen.next)
コード例 #2
0
ファイル: test_group.py プロジェクト: PhilMiller/gitosis
def test_no_notListed():
    cfg = RawConfigParser()
    cfg.add_section('group hackers')
    cfg.set('group hackers', 'members', 'wsmith')
    gen = group.getMembership(config=cfg, user='jdoe')
    eq(gen.next(), 'all')
    assert_raises(StopIteration, gen.next)
コード例 #3
0
ファイル: test_group.py プロジェクト: PhilMiller/gitosis
def test_no_recurse_loop():
    cfg = RawConfigParser()
    cfg.add_section('group hackers')
    cfg.set('group hackers', 'members', '@smackers')
    cfg.add_section('group smackers')
    cfg.set('group smackers', 'members', '@hackers')
    gen = group.getMembership(config=cfg, user='jdoe')
    eq(gen.next(), 'all')
    assert_raises(StopIteration, gen.next)
コード例 #4
0
ファイル: access.py プロジェクト: tzuryby/gitosis-fork
def haveAccess(config, user, mode, path):
    """
    Map request for write access to allowed path.

    Note for read-only access, the caller should check for write
    access too.

    Returns ``None`` for no access, or a tuple of toplevel directory
    containing repositories and a relative path to the physical repository.
    """
    log = logging.getLogger('gitosis.access.haveAccess')

    log.debug('Access check for %(user)r as %(mode)r on %(path)r...'  % dict(user=user, mode=mode, path=path))

    basename, ext = os.path.splitext(path)
    if ext == '.git':
        log.debug('Stripping .git suffix from %(path)r, new value %(basename)r' % 
            dict(path=path, basename=basename,))        
        path = basename

    for groupname in group.getMembership(config=config, user=user):
        try:
            repos = config.get('group %s' % groupname, mode)
        except (NoSectionError, NoOptionError):
            repos = []
        else:
            repos = repos.split()

        mapping = None

        if path in repos:
            log.debug('Access ok for %(user)r as %(mode)r on %(path)r' % 
                dict(user=user, mode=mode, path=path ))
            mapping = path
        else:
            try:
                mapping = config.get('group %s' % groupname, 'map %s %s' % (mode, path))
            except (NoSectionError, NoOptionError):
                pass
            else:
                log.debug('Access ok for %(user)r as %(mode)r on %(path)r=%(mapping)r'
                    % dict(user=user, mode=mode, path=path, mapping=mapping,))

        if mapping is not None:
            prefix = None
            try:
                prefix = config.get('group %s' % groupname, 'repositories')
            except (NoSectionError, NoOptionError):
                try:
                    prefix = config.get('gitosis', 'repositories')
                except (NoSectionError, NoOptionError):
                    prefix = 'repositories'

            log.debug('Using prefix %(prefix)r for %(path)r' 
                % dict(prefix=prefix, path=mapping,))
                
            return (prefix, mapping)
コード例 #5
0
ファイル: test_group.py プロジェクト: handmoney/gitosis
def test_no_recurse_loop():
    cfg = RawConfigParser()
    cfg.add_section("group hackers")
    cfg.set("group hackers", "members", "@smackers")
    cfg.add_section("group smackers")
    cfg.set("group smackers", "members", "@hackers")
    gen = group.getMembership(config=cfg, user="jdoe")
    eq(gen.next(), "all")
    assert_raises(StopIteration, gen.next)
コード例 #6
0
ファイル: access.py プロジェクト: superbobry/gitosis
def allowed(config, user, mode, path):
    """Check if a user is allowed to access a given path.

    Returns ``None`` for no access, or a tuple of toplevel directory
    containing repositories and a relative path to the physical
    repository.

    :param config: ``gitosis`` config object
    :param str user: a user to check access rights for
    :param str mode: access `readonly` or `writable`
    :param str path: name of the repository to check access
                     rights for (this is what you write in ``[repo ... ]``
                     section of your ``gitosis.conf``)
    """
    log = logging.getLogger("gitosis.access.allowed")
    log.debug("Access check for {0} as {1} on {2}...".format(user, mode, path))

    basename, ext = os.path.splitext(path)
    if ext == ".git":
        log.debug("Stripped `.git` suffix from {0}, new value {1}."
                  .format(path, basename))
        path = basename

    # a) first check if a user is an owner of the repository
    #    == has unlimited access.
    owner = config.get("repo {0}".format(path), "owner")
    if owner and owner == user:
        log.debug("Acces ok for {0!r} as {1!r} on {2!r} (owner)"
                  .format(user, mode, path))
        return get_repository_prefix(config), path

    # b) iterate over user's groups and check if it has requested
    #    pass in any of the sections.
    ok = False
    for group in _group.getMembership(config=config, user=user):
        repos = config.get("group {0}".format(group), mode, default="").split()
        if path in repos:
            log.debug("Access ok for {0!r} as {1!r} on {2!r}"
                      .format(user, mode, path))
            ok = True
        elif os.path.join(os.path.dirname(path), "*") in repos:
            log.debug("Wildcard access ok for {0!r} as {1!r} on {2!r}"
                      .format(user, mode, path))
            ok = True
        else:
            mapping = config.get("group {0}".format(group),
                                 "map {0} {1}".format(mode, path))

            if mapping:
                log.debug("Access ok for {0!r} as {1!r} on {2!r}={3!r}"
                          .format(user, mode, path, mapping))
                ok, path = True, mapping

        if ok:
            prefix = get_repository_prefix(config, group)
            log.debug("Using prefix {0!r}for {1!r}".format(prefix, path))
            return prefix, path
コード例 #7
0
ファイル: test_group.py プロジェクト: PhilMiller/gitosis
def test_yes_recurse_one_ordering():
    cfg = RawConfigParser()
    cfg.add_section('group smackers')
    cfg.set('group smackers', 'members', 'danny jdoe')
    cfg.add_section('group hackers')
    cfg.set('group hackers', 'members', 'wsmith @smackers')
    gen = group.getMembership(config=cfg, user='jdoe')
    eq(gen.next(), 'smackers')
    eq(gen.next(), 'hackers')
    eq(gen.next(), 'all')
    assert_raises(StopIteration, gen.next)
コード例 #8
0
ファイル: test_group.py プロジェクト: handmoney/gitosis
def test_yes_recurse_one_ordering():
    cfg = RawConfigParser()
    cfg.add_section("group smackers")
    cfg.set("group smackers", "members", "danny jdoe")
    cfg.add_section("group hackers")
    cfg.set("group hackers", "members", "wsmith @smackers")
    gen = group.getMembership(config=cfg, user="jdoe")
    eq(gen.next(), "smackers")
    eq(gen.next(), "hackers")
    eq(gen.next(), "all")
    assert_raises(StopIteration, gen.next)
コード例 #9
0
ファイル: test_group.py プロジェクト: PhilMiller/gitosis
def test_no_emptyConfig():
    cfg = RawConfigParser()
    gen = group.getMembership(config=cfg, user='jdoe')
    eq(gen.next(), 'all')
    assert_raises(StopIteration, gen.next)
コード例 #10
0
ファイル: test_group.py プロジェクト: PhilMiller/gitosis
def test_no_emptyGroup():
    cfg = RawConfigParser()
    cfg.add_section('group hackers')
    gen = group.getMembership(config=cfg, user='jdoe')
    eq(gen.next(), 'all')
    assert_raises(StopIteration, gen.next)
コード例 #11
0
ファイル: access.py プロジェクト: PhilMiller/gitosis
def haveAccess(config, user, mode, path):
    """
    Map request for write access to allowed path.

    Note for read-only access, the caller should check for write
    access too.

    Returns ``None`` for no access, or a tuple of toplevel directory
    containing repositories and a relative path to the physical repository.
    """
    log = logging.getLogger('gitosis.access.haveAccess')

    log.debug(
        'Access check for %(user)r as %(mode)r on %(path)r...'
        % dict(
        user=user,
        mode=mode,
        path=path,
        ))

    basename, ext = os.path.splitext(path)
    if ext == '.git':
        log.debug(
            'Stripping .git suffix from %(path)r, new value %(basename)r'
            % dict(
            path=path,
            basename=basename,
            ))
        path = basename

    sections = ['group %s' % item for item in
                 group.getMembership(config=config, user=user)]
    sections.insert(0, 'user %s' % user)

    for sectname in sections:
        repos = util.getConfigList(config, sectname, mode)

        mapping = None

        if pathMatchPatterns(path, repos):
            log.debug(
                'Access ok for %(user)r as %(mode)r on %(path)r'
                % dict(
                user=user,
                mode=mode,
                path=path,
                ))
            mapping = path
        else:
            mapping = util.getConfigDefault(config,
                                            sectname,
                                            'map %s %s' % (mode, path),
                                            None)
            if mapping:
                log.debug(
                    'Access ok for %(user)r as %(mode)r on %(path)r=%(mapping)r'
                    % dict(
                    user=user,
                    mode=mode,
                    path=path,
                    mapping=mapping,
                    ))

        if mapping is not None:
            prefix = util.getConfigDefault(config,
                                           sectname,
                                           'repositories',
                                           'repositories',
                                           'gitosis')

            log.debug(
                'Using prefix %(prefix)r for %(path)r'
                % dict(
                prefix=prefix,
                path=mapping,
                ))
            return (prefix, mapping)
コード例 #12
0
ファイル: access.py プロジェクト: JamsGu/gitosis
def haveAccess(config, user, mode, path):
    """
    Map request for write access to allowed path.

    Note for read-only access, the caller should check for write
    access too.

    Returns ``None`` for no access, or a tuple of toplevel directory
    containing repositories and a relative path to the physical repository.
    """
    log = logging.getLogger('gitosis.access.haveAccess')

    synonyms = {}
    synonyms['read'] = ['readonly', 'readable']
    synonyms['write'] = ['writable', 'writeable']
    synonyms['admin'] = ['init','initial']

    mode_syns = []
    for key, mode_syns in synonyms.items():
        if mode == key:
            break
        elif mode in mode_syns:
            if mod != mode_syns[0]:
                log.warning(
                    'Provide haveAccess with mode: "'
                    + mode + '" '
                    + 'for repository %r should be "' + key +'"',
                    path,
                    )
            mode = key
            break
    if key != mode:
        log.warning('Unknown acl mode %s, check gitosis config file.' % mode)
        mode_syns = [mode]
    else:
        mode_syns.append(mode)


    log.debug(
        'Access check for %(user)r as %(mode)r on %(path)r...'
        % dict(
        user=user,
        mode=mode,
        path=path,
        ))

    basename, ext = os.path.splitext(path)
    if ext == '.git':
        log.debug(
            'Stripping .git suffix from %(path)r, new value %(basename)r'
            % dict(
            path=path,
            basename=basename,
            ))
        path = basename

    for groupname in group.getMembership(config=config, user=user):
        repos = ""
        try:
            options = config.options('group %s' % groupname)
            for syn in mode_syns:
                if syn in options:
                    if syn != mode and syn != mode_syns[0]:
                        log.warning(
                            'Repository %r config has typo "'
                            + syn + '", '
                            +'should be "' + mode +'"',
                            path,
                            )
                    repos = config.get('group %s' % groupname, syn)
                    break
        except (NoSectionError, NoOptionError):
            repos = []
        else:
            repos = repos.split()

        mapping = None

        # fnmatch provide glob match support. Jiang Xin <jiangxin AT ossxp.com>
        for r in repos:
            if fnmatch(path, r):
                log.debug(
                    'Access ok for %(user)r as %(mode)r on %(path)r'
                    % dict(
                    user=user,
                    mode=mode,
                    path=path,
                    ))
                mapping = path
                break

        # Check mapping even if (path,mode) found in this group.
        try:
            re_mapping = None
            for option in config.options('group %s' % groupname):
                if not option.startswith('map'):
                    continue
                (_ignore, opt_right) = option.split(' ',1)
                (opt_mode, opt_path) = opt_right.strip().split(' ',1)
                opt_path = opt_path.strip()
                if opt_mode not in mode_syns:
                    continue
                if fnmatch(path, opt_path):
                    re_mapping = config.get('group %s' % groupname, option)
                    if ':' in re_mapping:
                        (opt_from, opt_to) = re_mapping.split(':',1)
                        re_mapping = re.sub(opt_from, opt_to, path)
                    elif '\\1' in re_mapping:
                        re_mapping = re_mapping.replace('\\1', path)
                    break
        except (NoSectionError, NoOptionError):
            pass
        else:
            if re_mapping is not None:
                mapping = re_mapping
                log.debug(
                    'Mapping ok for %(user)r as %(mode)r on %(path)r=%(mapping)r'
                    % dict(
                    user=user,
                    mode=mode,
                    path=path,
                    mapping=mapping,
                    ))

        if mapping is not None:
            prefix = None
            try:
                prefix = config.get(
                    'group %s' % groupname, 'repositories')
            except (NoSectionError, NoOptionError):
                try:
                    prefix = config.get('gitosis', 'repositories')
                except (NoSectionError, NoOptionError):
                    prefix = 'repositories'

            log.debug(
                'Using prefix %(prefix)r for %(path)r'
                % dict(
                prefix=prefix,
                path=mapping,
                ))
            return (prefix, mapping, mode)
コード例 #13
0
ファイル: test_group.py プロジェクト: handmoney/gitosis
def test_no_emptyGroup():
    cfg = RawConfigParser()
    cfg.add_section("group hackers")
    gen = group.getMembership(config=cfg, user="jdoe")
    eq(gen.next(), "all")
    assert_raises(StopIteration, gen.next)
コード例 #14
0
ファイル: access.py プロジェクト: angavrilov/gitosis
def haveAccess(config, user, mode, path):
    """
    Map request for write access to allowed path.

    Note for read-only access, the caller should check for write
    access too.

    Returns ``None`` for no access, or a tuple of toplevel directory
    containing repositories and a relative path to the physical repository.
    """
    log = logging.getLogger('gitosis.access.haveAccess')

    log.debug(
        'Access check for %(user)r as %(mode)r on %(path)r...'
        % dict(
        user=user,
        mode=mode,
        path=path,
        ))

    basename, ext = os.path.splitext(path)
    if ext == '.git':
        log.debug(
            'Stripping .git suffix from %(path)r, new value %(basename)r'
            % dict(
            path=path,
            basename=basename,
            ))
        path = basename

    try:
        default_prefix = config.get('gitosis', 'repositories')
    except (NoSectionError, NoOptionError):
        default_prefix = 'repositories'

    sections = ['group %s' % item for item in
                 group.getMembership(config=config, user=user)]
    sections.insert(0, 'user %s' % user)

    for sectname in sections:
        try:
            repos = config.get(sectname, mode)
        except (NoSectionError, NoOptionError):
            repos = []
        else:
            repos = repos.split()

        mapping = None

        if path in repos:
            log.debug(
                'Access ok for %(user)r as %(mode)r on %(path)r'
                % dict(
                user=user,
                mode=mode,
                path=path,
                ))
            mapping = path
        else:
            try:
                mapping = config.get(sectname,
                                     'map %s %s' % (mode, path))
            except (NoSectionError, NoOptionError):
                pass
            else:
                log.debug(
                    'Access ok for %(user)r as %(mode)r on %(path)r=%(mapping)r'
                    % dict(
                    user=user,
                    mode=mode,
                    path=path,
                    mapping=mapping,
                    ))

        if mapping is None and mode == 'readonly':
            try:
                if config.getboolean(sectname, 'allow-read-all'):
                    log.debug(
                        'Access ok for %(user)r as %(mode)r on %(path)r via allow-read-all'
                        % dict(user=user,mode=mode,path=path))
                    mapping = path
            except (NoSectionError, NoOptionError):
                pass

        if mapping is not None:
            prefix = None
            try:
                prefix = config.get(sectname, 'repositories')
            except (NoSectionError, NoOptionError):
                prefix = default_prefix

            log.debug(
                'Using prefix %(prefix)r for %(path)r'
                % dict(
                prefix=prefix,
                path=mapping,
                ))
            return (prefix, mapping)

    owner = getOwnerAccess(config, mode, path)
    if owner == user:
        try:
            prefix = config.get('user %s' % owner, 'repositories')
        except (NoSectionError, NoOptionError):
            prefix = default_prefix

        log.debug(
            'Access ok for %(user)r as %(mode)r on owned %(path)r, using prefix %(prefix)r'
            % dict(
                prefix=prefix,
                path=path,
                user=user,
                mode=mode,
                ))
        return (prefix, path)
コード例 #15
0
ファイル: access.py プロジェクト: cee1/gitosis-hack
def haveAccess(config, user, mode, path):
    """
    Map request for write access to allowed path.

    Note for read-only access, the caller should check for write
    access too.

    Returns ``None`` for no access, or a tuple of toplevel directory
    containing repositories and a relative path to the physical repository.
    """
    detail = []
    log = logging.getLogger('gitosis.access.haveAccess')

    log.debug(
        'Access check for %(user)r as %(mode)r on %(path)r...'
        % dict(
        user=user,
        mode=mode,
        path=path,
        ))

    basename, ext = os.path.splitext(path)
    if ext == '.git':
        log.debug(
            'Stripping .git suffix from %(path)r, new value %(basename)r'
            % dict(
            path=path,
            basename=basename,
            ))
        path = basename

    repo = None
    try:
        repo = config.lookup_repo(path)
    except GitoliteConfigException:
        log.exception("When lookup which repo contains '%s'" % path)

    if not repo:
        log.warning("No repo contains path '%s'" % path)
        return

    mapping = None
    try:
        users = config.get_repo(repo, mode)
    except GitoliteConfigException:
        log.exception("When get '%s' of '%s':" % (mode, repo))
        return

    if users:
        if user in users:
            mapping = path
        else:
            for groupname in group.getMembership(config=config, user=user):
                if groupname in users:
                    mapping = path
                    detail.append("as group '%s'" % groupname)
                    break
            
    if mapping is not None:
        if detail:
            detail = '(%s)' % ', '.join(detail)
        else:
            detail = ''

        log.debug(
            'Access ok for %(user)r as %(mode)r on %(path)r(%(detail)s)'
            % dict(
            user=user,
            mode=mode,
            path=path,
            detail=detail
            ))

        prefix = config.get_gitosis('repositories')
        if prefix == None:
            prefix = 'repositories'

        log.debug(
            'Using prefix %(prefix)r for %(path)r'
            % dict(
            prefix=prefix,
            path=mapping,
            ))
        return (prefix, mapping)