grim/hgkeeper
Clone
Summary
Browse
Changes
Graph
Remove the mercurial 6.1 pin from the container image
22 months ago, Gary Kramlich
653b933ba715
Remove the mercurial 6.1 pin from the container image
package
access
import
(
"io/ioutil"
"os"
"path/filepath"
"sync"
log
"github.com/sirupsen/logrus"
)
const
(
modelFilename
=
"model.conf"
policyFilename
=
"policy.csv"
)
var
(
accessLock
sync
.
Mutex
reposPath
string
adminRepoPath
string
adminRepoName
string
hgwebConfigPath
string
)
func
Setup
(
repositoriesPath
,
adminRepo
string
)
error
{
reposPath
=
repositoriesPath
adminRepoName
=
adminRepo
adminRepoPath
=
filepath
.
Join
(
reposPath
,
adminRepo
)
configPath
,
err
:=
ioutil
.
TempFile
(
""
,
"hgkeeper-hgweb-access-*.config"
)
if
err
!=
nil
{
return
err
}
configPath
.
Close
()
hgwebConfigPath
=
configPath
.
Name
()
return
Refresh
()
}
func
Teardown
()
{
if
err
:=
os
.
Remove
(
hgwebConfigPath
);
err
!=
nil
{
log
.
Warnf
(
"failed to remove temporary hgweb config from %q"
,
hgwebConfigPath
,
)
}
}
func
AdminRepo
()
string
{
return
adminRepoName
}
func
AdminRepoPath
()
string
{
return
adminRepoPath
}
func
HgwebConfigPath
()
string
{
return
hgwebConfigPath
}
func
ReposPath
()
string
{
return
reposPath
}
// Refresh will try to reload the casbin model and policies followed by SSH
// keys. If there is an error it's possible that the casbin model and polcies
// could have been updated but the ssh keys were not.
func
Refresh
()
error
{
accessLock
.
Lock
()
defer
accessLock
.
Unlock
()
if
err
:=
refreshEnforcer
();
err
!=
nil
{
return
err
}
if
err
:=
refreshKeys
();
err
!=
nil
{
return
err
}
if
err
:=
refreshHgWeb
();
err
!=
nil
{
return
err
}
return
nil
}
func
check
(
user
,
repo
,
action
string
)
bool
{
r
,
err
:=
enforcer
.
Enforce
(
user
,
repo
,
action
)
if
err
!=
nil
{
log
.
Errorf
(
"failed to authenticate (%q, %q, %q): %v"
,
user
,
repo
,
action
,
err
,
)
return
false
}
return
r
}
func
CanRead
(
user
,
repo
string
)
bool
{
return
check
(
user
,
repo
,
"read"
)
}
func
CanWrite
(
user
,
repo
string
)
bool
{
return
check
(
user
,
repo
,
"write"
)
}
func
CanInit
(
user
,
repo
string
)
bool
{
return
check
(
user
,
repo
,
"init"
)
}