[PATCH 1 of 2] acl: add support for branch-based access control

Martin Geisler mg at aragost.com
Tue May 4 12:02:20 CDT 2010 

elifarley at gmail.com writes:

> # HG changeset patch
> # User Elifarley Callado Coelho Cruz <elifarley at gmail.com>
> # Date 1272973040 10800
> # Node ID e65678957b997c936d4f964f4d16fa9f3d842693
> # Parent  c4347e48b0d0b05c3677f3c12ef465467584672c
> acl: add support for branch-based access control

Hi,

I don't think you are aware that the help strings are parsed for
reStructuredText markup. Please always double-check how things look in a
narrow and in a wide terminal when updating the docstrings.

You can find a reST primer here:

  http://docutils.sourceforge.net/docs/user/rst/quickstart.html

For example, you need a blank line before the list:

> +The order in which access checks are performed is:
> +1) Deny  list for branches (section [acl.deny.branches])
> +2) Allow list for branches (section [acl.allow.branches])
> +3) Deny  list for paths    (section [acl.deny])
> +4) Allow list for paths    (section [acl.allow])

Headings are underlined in reST, not like this:

> +--- Path-based Access Control ---


> +--- Groups ---
> +
> +Group names must be prefixed with an @ symbol.
>  Specifying a group name has the same effect as specifying all the users in
>  that group.
> +The set of users for a group is taken from "grp.getgrnam"
> +(see http://docs.python.org/library/grp.html#grp.getgrnam).

The above undoes my commit here where I tried to clean things up:

  http://selenic.com/hg/rev/f6dcbeb5babe

I removed the reference to the Python homepage since we don't normally
have links in our docstrings and because I think it is an implementation
detail that should not be in user-level documentation.

>    [acl.deny]
> -  # This list is checked first. If a match is found, 'acl.allow' will not be
> -  # checked. All users are granted access if acl.deny is not present.
> -  # Format for both lists: glob pattern = user, ..., @group, ...
> +  # If a match is found, "acl.allow" will not be checked.
> +  # if acl.deny is not present, no users denied by default
> +  # empty acl.deny = all users allowed
> +  # Format for both lists: glob pattern = user4, user5, @group1

I like the wording of my version from f6dcbeb5babe better :-)

>    # To match everyone, use an asterisk for the user:
>    # my/glob/pattern = *
> @@ -84,7 +126,7 @@
>    images/** = jack, @designers
>  
>    # Everyone (except for "user6" - see "acl.deny" above) will have write access
> -  # to any file under the "resources" folder (except for 1 file. See "acl.deny"):
> +  to any file under the "resources" folder (except for 1 file. See "acl.deny"):
>    src/main/resources/** = *

I'll fix the above again if/when Matt pushes the patch.

-- 
Martin Geisler

aragost Trifork
Professional Mercurial support
http://aragost.com/mercurial/

More information about the Mercurial-devel mailing list