Accessing hidden commits by hash (directaccess extension)
Durham Goode
durham at fb.com
Mon Aug 28 13:13:10 EDT 2017
On 8/27/17 6:51 PM, Augie Fackler wrote:
> On Fri, Aug 25, 2017 at 11:26:05AM -0700, Durham Goode wrote:
> [...]
>> Preventing Mistakes
>> ===
>>
>> One of the reasons for preventing users from accessing hidden commits is to
>> prevent them from doing bad things with them (like pushing them, or amending
>> them and causing divergence). To address this, directaccess treats read
>> commands, recoverable-write commands, and unrecoverable-write commands
>> separately.
>>
>> For read commands (a whitelist of commands in the code), it allows the user
>> to access the commit like normal.
>>
>> For recoverable-write commands, like commit/amend/rebase, it prints
>> "Warning: accessing hidden changesets %s for write operation".
>>
>> For unrecoverable-write commands (a whitelist), like push and serve, it
>> blocks the command like normal, with the 'abort: hidden revision' error.
>
> It sounds like you whitelist read and unrecoverable-write
> commands. Does that mean "ercoverable-write" commands are inferred
> from not being in those two whitelists? How has that interacted with
> users finding random extensions or defining custom aliases?
Yea, the default behavior is warn-the-user. Very, very few of our users
have ever enabled random extensions so that has not been an issue.
As for custom aliases, I believe directaccess hooks in at the command
function level, so it doesn't matter what you type at the command line,
as long as it invokes the command function.
More information about the Mercurial-devel
mailing list