grim/hgkeeper
Clone
Summary
Browse
Changes
Graph
Add support for specifying which mercurial executable to use
14 months ago, Gary Kramlich
8275959b76f0
Add support for specifying which mercurial executable to use
package
access
import
(
"io/ioutil"
"os"
"path/filepath"
"strings"
"sync"
log
"github.com/sirupsen/logrus"
)
const
(
modelFilename
=
"model.conf"
policyFilename
=
"policy.csv"
)
var
(
accessLock
sync
.
Mutex
reposPath
string
adminRepoPath
string
adminRepoName
string
hgwebConfigPath
string
)
func
Setup
(
repositoriesPath
,
adminRepo
string
)
error
{
reposPath
=
repositoriesPath
adminRepoName
=
adminRepo
adminRepoPath
=
filepath
.
Join
(
reposPath
,
adminRepo
)
configPath
,
err
:=
ioutil
.
TempFile
(
""
,
"hgkeeper-hgweb-access-*.config"
)
if
err
!=
nil
{
return
err
}
configPath
.
Close
()
hgwebConfigPath
=
configPath
.
Name
()
return
Refresh
()
}
func
Teardown
()
{
if
err
:=
os
.
Remove
(
hgwebConfigPath
);
err
!=
nil
{
log
.
Warnf
(
"failed to remove temporary hgweb config from %q"
,
hgwebConfigPath
,
)
}
}
func
AdminRepo
()
string
{
return
adminRepoName
}
func
AdminRepoPath
()
string
{
return
adminRepoPath
}
func
HgwebConfigPath
()
string
{
return
hgwebConfigPath
}
func
ReposPath
()
string
{
return
reposPath
}
// Refresh will try to reload the casbin model and policies followed by SSH
// keys. If there is an error it's possible that the casbin model and polcies
// could have been updated but the ssh keys were not.
func
Refresh
()
error
{
accessLock
.
Lock
()
defer
accessLock
.
Unlock
()
if
err
:=
refreshEnforcer
();
err
!=
nil
{
return
err
}
if
err
:=
refreshKeys
();
err
!=
nil
{
return
err
}
if
err
:=
refreshHgWeb
();
err
!=
nil
{
return
err
}
return
nil
}
func
check
(
user
,
repo
,
action
string
)
bool
{
// Normalize the repo to remove all trailing /'s and \'s.
repo
=
strings
.
TrimRight
(
repo
,
"\\/"
)
r
,
err
:=
enforcer
.
Enforce
(
user
,
repo
,
action
)
if
err
!=
nil
{
log
.
Errorf
(
"failed to authenticate (%q, %q, %q): %v"
,
user
,
repo
,
action
,
err
,
)
return
false
}
return
r
}
func
CanRead
(
user
,
repo
string
)
bool
{
return
check
(
user
,
repo
,
"read"
)
}
func
CanWrite
(
user
,
repo
string
)
bool
{
return
check
(
user
,
repo
,
"write"
)
}
func
CanInit
(
user
,
repo
string
)
bool
{
return
check
(
user
,
repo
,
"init"
)
}