Add FileDiffACLsHook to allow people to hook up repository ACLs.

Review Request #11857 — Created Oct. 18, 2021 and submitted — Latest diff uploaded

Information

Review Board
release-4.0.x

Reviewers

One common request we've had over the years is to mirror repository
access control into Review Board. This is complicated by a few factors.
Review Board has always used a single account to access the remote
repository, and it caches aggressively to provide reasonable interactive
performance, so we can't just rely on the repository access directly. In
addition, it's not uncommon for repository users/usernames to not match
up with Review Board users/usernames (especially when repositories are
hosted on SaaS services).

In order to make this possible, we're adding a new extension hook,
FileDiffACLsHook. This hook is invoked when a user attempts to access
a review request, and is run for each DiffSet/FileDiff. The result
of this is cached per DiffSet to keep reasonable performance overall.
People can then create an extension implementing this hook to do
whatever access control they want, whether that's querying the
repository or referencing external config files.

  • Implemented a sample extension that queried p4 protect information
    to do access control for Perforce repositories. This implementation is
    visible in the documentation for the hook.
  • Ran unit tests.

Commits

Files