ACLs and Web Interfaces

Jeff Abbott fdiv_bug at sniping.org
Wed Mar 5 05:32:42 GMT 2008


James Westby wrote:

> On Tue, 2008-03-04 at 15:56 -0500, Jeff Abbott wrote:
>> Something that Mercurial's hgweb supports is the ability to tell it "all 
>> my repos live below here" with the [collections] section in the hgweb 
>> config.  hgweb walks that file system path and finds any repos it can, 
>> and presents them to the user if it can access that location with the 
>> credentials it's running under.  Usually, when running with mod_python 
>> in Apache, that's the apache user, but if you add mod_auth_kerb into the 
>> equation to authenticate users to the Kerberos realm, and mod_waklog to 
>> run CGI and mod_python scripts with the Kerberos-authenticated user's 
>> credentials, hgweb will only show them the repositories in AFS that they 
>> can read.
> 
> bazaar-webserve is a fork of hgweb, so it may not be that difficult.

... You're right, that wasn't that difficult.

It's been a rainy, blustery evening, so I decided to sit inside and hack 
at bzr-webserve.  The result is that it now has some of the 
functionality that hgweb has that I so appreciate.

I've published a branch at:

   https://code.launchpad.net/~fdivbug/bzr-webserve/collections

Python hasn't been my primary language for quite some time, and I'm 
still rather new to the Bazaar and bzr-webserve codebases, so please let 
me know if there are better ways to do what I've done.

What I've added is this.  There's a new config option in the 
bzr-webserve config file, in the [DEFAULT] section, called 
"collections".  It's a comma-delimited set of paths -- or a single path 
-- that will be walked looking for Bazaar branches.  Any that are found 
will have their .bzr/branch/branch.conf files read, and the following 
settings will be pulled out of the [web] section of that file:

   name
   repopath
   author
   description
   email
   mapfile
   tararchive
   profile
   encoding

These have the exact same meanings there as they do in the main 
bzr-webserve config.  In essence what it's doing is adding any branches 
it finds to the bzr-webserve ConfigObj instance as though they were 
explicitly specified in sections the main bzr-webserve config.

I have no idea how to proceed from here, really.  If there are any valid 
criticisms of my code I will happily change it to account for those 
concerns, but once the code is up to snuff I guess I'd need Goffredo to 
merge it; are you around, Signor Baroncelli?

Thanks,
Jeff



More information about the bazaar mailing list