Access control to parts of the repository

Bryan O'Sullivan bos at
Mon Mar 3 10:48:21 CST 2008

Jesse Glick wrote:

> Nor I. So out of curiosity: how does this deal with the need to merge 
> changes from others?

As far as I know, it doesn't.  If a changeset modifies a file, I don't
believe the extension checks to see whether it's a merge changeset or
not.  The file is checked solely based upon its name.

> So if for example I am a doc writer with access to 
> docs/** and programmers have access to src/**, and I have a clone of 
> yesterday's sources with some commits in docs and I run 'hg fetch' to 
> pull and merge with today's changes in src, will I be allowed to push 
> the merge changeset, even though it contains changes in src relative to 
> the first parent?

I think that the merge would currently not be allowed to be pushed.  It
would be straightforward to check each file in a merge to see whether
it's the same as in one of the parents of the merge, though this is not
obviously desirable.  The current strategy, conservative as it is, is
arguably better from an access control point of view: you can't mess in
any way with the history of a file to which you don't have push access.


More information about the Mercurial mailing list