ACLs and hgweb?

[Jeff Abbott]

Folks,

I'm evaluating whether or not Mercurial could replace our existing 
Subversion-based workflow, and the largest question that's come up is 
with access control.

We take great advantage of Subversion's authorization facilities with 
mod_authz_svn, and the ability of ViewVC to use that same authorization 
file to determine who should and shouldn't be able to see portions of 
the repository over the web.  It looks like we could accomplish what we 
largely need to accomplish with hgweb (and providing people access to 
the repositories via HTTPS), but that doesn't take care of access 
controls.  Also, the acl extension doesn't appear to work with hgweb, 
and while I'm not completely opposed to providing SSH repo access with 
hgsh to prevent people from having full shell access to the server, that 
wouldn't stop them from browsing whatever they want to browse through 
the web.

Does anyone on the mailing list have any suggestions?  Basically, what I 
need is the ability to restrict read and write access for users and 
groups to different repositories on the server.  Ideally I'd also like 
for that same authorization source to apply to the web interface, though 
that's not a /strict/ requirement.  Thoughts?

Thanks,
Jeff