Finer-grained access restrictions to hgwebdir
Nilton Volpato
nilton.volpato at gmail.com
Sat Oct 20 02:00:07 UTC 2007
Hi,
I've implemented, inspired a bit by svn_authz, finer-grained access
restrictions to hgwebdir.cgi. The syntax for hgweb.conf files, is
like:
"""
[paths]
repo1 = repo1/
repo2 = repo2/
repo3 = repo3/
[repo:repo1]
* = r
bob = rw
[repo:repo2]
alice = rw
bob = r
[repo:repo3]
* = rw
eve =
"""
Which adds permission for anyone to read repo1 but just bob can write
(push). Grants permission for reading/writing to alice on repo2 and
just reading to bob. And, on repo3 allows anyone permission to read
and write, except to eve, which has no permissions.
User authentication is done as usual, by apache using mod_auth, or
similar in other web servers.
If there is no section defined for some repository, then exactly the
same old behavior is kept. Also, note that using this kind of access
control has priority over allow_push in the repository .hg/hgrc file.
Also, when listing all repositories, hgwebdir will not show the ones
that the authenticated user has no read permission.
I think this is very useful when hosting multiple repositories on the
same machine for a group of users. Can this be merged into the main hg
repository?
Thanks,
-- Nilton
-------------- next part --------------
A non-text attachment was scrubbed...
Name: hgwebdir-auth.patch
Type: application/octet-stream
Size: 7958 bytes
Desc: not available
URL: <http://lists.mercurial-scm.org/pipermail/mercurial-devel/attachments/20071020/50642f54/attachment-0002.obj>
More information about the Mercurial-devel
mailing list