This change has been marked as completed.

Describe the completed change (optional):

Pushed to release-4.0.x (3afe364)

Summary

Add FileDiffACLsHook to allow people to hook up repository ACLs.

Review Request #11857 — Created Oct. 18, 2021 and submitted 3 years, 3 months ago — Latest diff uploaded 3 years, 3 months ago

Information

Owner

david*

Repository

Review Board

Branch

release-4.0.x

Bugs

Depends On

~~11856~~

Reviewers

Groups

reviewboard

People

Description*

One common request we've had over the years is to mirror repository
access control into Review Board. This is complicated by a few factors.
Review Board has always used a single account to access the remote
repository, and it caches aggressively to provide reasonable interactive
performance, so we can't just rely on the repository access directly. In
addition, it's not uncommon for repository users/usernames to not match
up with Review Board users/usernames (especially when repositories are
hosted on SaaS services).

In order to make this possible, we're adding a new extension hook,
FileDiffACLsHook. This hook is invoked when a user attempts to access
a review request, and is run for each DiffSet/FileDiff. The result
of this is cached per DiffSet to keep reasonable performance overall.
People can then create an extension implementing this hook to do
whatever access control they want, whether that's querying the
repository or referencing external config files.

Testing Done


Implemented a sample extension that queried p4 protect information

  to do access control for Perforce repositories. This implementation is

  visible in the documentation for the hook.
Ran unit tests.

Changes between revision 1 and 2

orig

Commits

	Summary	ID	Author
	Add FileDiffACLsHook to allow people to hook up repository ACLs. One common request we've had over the years is to mirror repository access control into Review Board. This is complicated by a few factors. Review Board has always used a single account to access the remote repository, and it caches aggressively to provide reasonable interactive performance, so we can't just rely on the repository access directly. In addition, it's not uncommon for repository users/usernames to not match up with Review Board users/usernames (especially when repositories are hosted on SaaS services). In order to make this possible, we're adding a new extension hook, `FileDiffACLsHook`. This hook is invoked when a user attempts to access a review request, and is run for each `DiffSet`/`FileDiff`. The result of this is cached per `DiffSet` to keep reasonable performance overall. People can then create an extension implementing this hook to do whatever access control they want, whether that's querying the repository or referencing external config files. Testing Done: - Implemented a sample extension that queried `p4 protect` information to do access control for Perforce repositories. This implementation is visible in the documentation for the hook. - Ran unit tests.	548cbf935825de3c7605e49c2a629d0852288bf1	David Trowbridge
	Add FileDiffACLsHook to allow people to hook up repository ACLs. One common request we've had over the years is to mirror repository access control into Review Board. This is complicated by a few factors. Review Board has always used a single account to access the remote repository, and it caches aggressively to provide reasonable interactive performance, so we can't just rely on the repository access directly. In addition, it's not uncommon for repository users/usernames to not match up with Review Board users/usernames (especially when repositories are hosted on SaaS services). In order to make this possible, we're adding a new extension hook, `FileDiffACLsHook`. This hook is invoked when a user attempts to access a review request, and is run for each `DiffSet`/`FileDiff`. The result of this is cached per `DiffSet` to keep reasonable performance overall. People can then create an extension implementing this hook to do whatever access control they want, whether that's querying the repository or referencing external config files. Testing Done: - Implemented a sample extension that queried `p4 protect` information to do access control for Perforce repositories. This implementation is visible in the documentation for the hook. - Ran unit tests.	6762b040281c2d3ebec676acf9d9f726b14ab642	David Trowbridge

Files

	docs/manual/extending/index.rst
	docs/manual/extending/extensions/hooks/filediff-acl-hook.rst
	reviewboard/extensions/hooks.py
	reviewboard/reviews/models/review_request.py

docs/manual/extending/index.rst

docs/manual/extending/extensions/hooks/filediff-acl-hook.rst

reviewboard/extensions/hooks.py

reviewboard/reviews/models/review_request.py