[PATCH] acl: add support for bookmarks [RFC]

[Pierre-Yves David]

On 03/04/2016 12:08 AM, timeless wrote:
> # HG changeset patch
> # User timeless <timeless at mozdev.org>
> # Date 1457047766 0
> #      Thu Mar 03 23:29:26 2016 +0000
> # Node ID ffccdee9c9c6e3e86991043c0d56d58f26e746f6
> # Parent  e00e57d836535aadcb13337613d2f891492d8e04
> acl: add support for bookmarks [RFC]
>
> Someone asked about whether acl could support bookmarks.
> Before this, it couldn't.
>
> This code isn't particularly well tested, but it seems to work.
>
> It's also a template for using acl to control `phases`.

This seems a good improvement (a bit fragile as I can foresee bookmark 
move without pushkey at some point, we should probably have this as the 
transaction level instead). I've some feedback on the doc

>
> diff --git a/hgext/acl.py b/hgext/acl.py
> --- a/hgext/acl.py
> +++ b/hgext/acl.py
> @@ -57,6 +57,27 @@
>   a glob syntax by default). The corresponding values follow the same
>   syntax as the other sections above.
>
> +Bookmark-based Access Control
> +-----------------------------
> +Use the ``acl.deny.bookmarks`` and ``acl.allow.bookmarks`` sections to
> +have bookmark-based access control. Keys in these sections can be
> +either:
> +
> +- a bookmark name, or
> +- an asterisk, to match any bookmark;
> +
> +The corresponding values can be either:
> +
> +- a comma-separated list containing users and groups, or
> +- an asterisk, to match anyone;
> +
> +You can add the "!" prefix to a user or group name to invert the sense
> +of the match.
> +
> +Note: for bundle2 requests, a rejection will reject the entire push,
> +for bundle1 requests, the commit transactions will already be accepted,
> +and only the bookmark moveent will be rejected.

bundle2 and bundle1 will be totally opaque to user. We need to be more 
helpful here. Maybe mention Mercurial version number that will use the 
legacy protocol.

Cheers,

-- 
Pierre-Yves David