[PATCH] support for deny_read/allow_read options

Nilton Volpato nilton.volpato at gmail.com
Mon Dec 17 17:48:08 CST 2007

On Dec 14, 2007 4:55 PM, Matt Mackall <mpm at selenic.com> wrote:
> Remind us what the use case here is, preferably by adding a better
> commit message and some docs.

The scenario is this:

You have a number of repositories, for instance
http://hg.example.com/some_repo1, http://hg.example.com/some_repo2,
etc. You are using some authentication method provided by your web
server, like apache, but this way any valid user can see any
repository, which is not desirable (unless in simple setups). You
would like to specify which of the users can read from and which users
can write to these repositories, however mercurial has no such
feature. Currently, you can just tell which user can write to each
repository, but everyone can read. Subversion solves this by using
svn_authz authentication method.

This patch solves this problem by introducing a new variable under the
web section, a counterpart of allow_push/deny_push: the
allow_read/deny_read variables. Which takes the same arguments as
allow_push/deny_push. Like this:

allow_read = bob alice
allow_push = bob


allow_read = *
deny_read = eve
allow_push = bob alice

I can update the wiki documents:
and http://www.selenic.com/mercurial/wiki/index.cgi/HgWebDirStepByStep
by explaining about the allow_read/deny_read variable if this patch
gets into some next release.

-- Nilton

More information about the Mercurial-devel mailing list