[Bug 4013] New: ACL extension not working properly with branch namespacing

mercurial-bugs at selenic.com mercurial-bugs at selenic.com
Fri Aug 9 02:25:50 CDT 2013


          Priority: normal
            Bug ID: 4013
                CC: mercurial-devel at selenic.com
          Assignee: bugzilla at selenic.com
           Summary: ACL extension not working properly with branch
          Severity: bug
    Classification: Unclassified
                OS: All
          Reporter: dhs at recommind.com
          Hardware: PC
            Status: UNCONFIRMED
           Version: 2.4.2
         Component: Mercurial
           Product: Mercurial


I'm currently testing the use of branch namespacing to make access control to
different branches easier (for example: only the CI system should be allowed to
push to release branches).

So I created a test repository on the server, and put the following in its
.hg/hgrc as a first test:

acl =

pretxnchangegroup.acl = python:hgext.acl.hook

sources = serve

* = *

This disallows pushes to any branch and works fine, so when I

1) clone the empty repository,
2) create a branch releases/current,
3) add a new file
4) commit
5) push

the push is disallowed as expected:

remote: error: pretxnchangegroup.acl hook failed: acl: user "xxx" denied on
branch "releases/current" (changeset "5f981a4197a0")
remote: transaction abort!
remote: rollback completed

However, when I change the last line to

releases/* = *

it doesn't work (means: the push succeeds). I also tried using regular
expressions, as mentioned in #3517 (for example: re:releases\/.* = *), but that
didn't work, too.

You are receiving this mail because:
You are on the CC list for the bug.

More information about the Mercurial-devel mailing list