Acl extension to prevent pushing into default branch

Matt Mackall mpm at selenic.com
Fri Jan 7 12:05:39 CST 2011


On Fri, 2011-01-07 at 10:32 +0100, Felix Dorner wrote:
> Hi,
> 
> I need a setup a repository so that only users in a certain unix (LDAP
> managed) group are allowed to push changes to the default branch.
> Everyone else should have 'read' access to all branches and write
> access to all branches except the default. Is this possible with the
> ACL extension, and if so, could someone please give an example?
> Especially I don't seem to find a solution that specifies distinct
> permissions for read (pull) and write(push) operations.

That's because the ACL extension deals only with write permissions!

"This hook makes it possible to allow or deny write access to given
branches and paths of a repository when receiving incoming changesets
via pretxnchangegroup and pretxncommit."

The ACL extension only prevents unauthorized _pushes_ that touch
particular parts of particular repositories. It's basically impossible
to deny read access to just part of a repository in Mercurial's model.

-- 
Mathematics is the supreme nostalgia of our time.




More information about the Mercurial mailing list