3

I've set up Mercurial via Apache (hgwebdir.cgi). I would like to have the same functionality as when using Subversion and AuthzSVNAccessFile, in which I can restrict which user has read or write permissions for every single repository. The acl extension only controls how changes are brought to the repository, as does the allow_push directive. Any thoughts?

Martin Geisler
  • 1,271
  • 9
  • 23
mgv
  • 133
  • 5

2 Answers2

5

There is an allow_read directive that can be added to a repository hgrc that works the same way as allow_push. If specified, and the user accessing the hgwebdir CGI script is not in the list, the project doesn't even show up at the index page.

Paul Nathan
  • 285
  • 5
  • 12
Zed
  • 693
  • 4
  • 11
  • Thanks a lot! The allow_read directive does not appear in the hgbook, nor in the wiki at selenic.com when it describes hgrc. – mgv Jun 30 '09 at 15:08
1

They're served up via apache or lighttpd, right? So you could maybe hide them behind normal webby ACL things? (basic auth, etc)

Note that, as with git, as a consequence of they way they work, you're never going to be able to have control at any finer granularity than the repository level. You can grant whole-repo access or not, but never just 'you can read this one file in the repo' access.

pjz
  • 10,595
  • 1
  • 32
  • 40