tags:

views:

831

answers:

2
Q: 

How to configure multiple user access control setting by acl extension in Mercurial repository

I have main mercurial repository (A) with 2 folders "depot1" and "depot2" in Windows Machine

Following configuration is done in .hg/hgrc file of A repo.

[ui]
username = praveen

[extensions]
hgext.acl=

[hooks]
changegroup.update = hg update
pretxnchangegroup.acl = python:hgext.acl.hook

[acl]
sources = serve push pull commit

Then I created 2 clones of mercurial A repository. X and Y on windows machines

X .hg/hgrc file is:

[ui]
username = clone1

Y .hg/hgrc file is:

[ui]
username = clone2

My Question: 
1- Restrict all push operations from user="clone2".
2- user="clone1" will be able to perform push on only "depot1".

Please suggest me how this configuration is possible.

Thanks,

Praveen

+3  A: 

Unfortunately, you're misunderstanding what the username in the [ui] section does. It's strictly a client-side setting that says "If a server asks me for a username for authentication here's what I want to send", so what you have in the ui.username in repos A, X, and Y will have no affect on what remote users can to to/with those repositories.

Instead, you need to use the [acl.allow] and [acl.deny] sections in the Y and X repositories' .hg/hgrc files to specify access controls for them.

The usernames that you use in those section, ('clone1' and 'clone2') in your examples need to be backed by a real authentication system too. The built-in hg-serve doesn't provide one, so you need to be using either ssh or Apache/ISS with a hgweb or hgwebdir. See the publishing repositories wiki page for a great overview.

Ry4an  2009-11-11 17:44:04
Can you please refer any good documentation on how to configure [acl.allow]/[acl.deny] and [allow_push] in mercurial repositories.
praveen  2009-11-12 07:25:38
The AclExtension wiki page http://mercurial.selenic.com/wiki/AclExtension explains [acl.allow] and [acl.deny].However, what you need to understand is that mercurial does not have a user database of its own. It uses the user system of either your (1) operating system, (2) ssh authorized_keys, or (3) HTTP web server authentication realm. The one it uses depends on how you're accessing mercurial (ssh or http).are you using ssh: URLs or http: URLs? Where are you creating your user accounts?
Ry4an  2009-11-12 17:39:08
I have mercurial setup on windows machine and currently using hg serve for publishing my single mercurial repository.clone repositories (each user have one clone in their local windows machine)
praveen  2009-11-13 10:32:35
You're not going to be able to do the permissions stuff you want using 'hg serve'. 'hg serve' is a built-in tool for letting people quickly grab you changes or see what you're doing. It doesn't have user-authentication or credentials. You need to look at the publishing repositories link in my initial answer and set up something more formal to restrict certain users to certain repos. You'll probably want to elect one machine to serve up all 3 repos through ssh, apache, or IIS and let the users keep their local clones X and Y in sync with clones on that server which only they can access.
Ry4an  2009-11-13 17:29:41
A: 

Is there any option to restrict user to use "hg push -f"? Because it will removed intermediete commits by other users. send reply to my mail id [email protected]

Muralidharan  2010-05-13 14:11:35

related questions

Downgrading from ClearCase to SVN/Mercurial
Using Mercurial, is there an easy way to diff my working copy with the tip file in the default remote repository
Can I commit only parts of my code using SVN or Mercurial?
Using mercurial, what's the easiest way to commit and push a single file while leaving other modifications alone?
Using mercurial's mq for managing local changes
How can I integrate a bitbucket repository with the hosted on-demand version of FogBugz?
Can Mercurial be integrated into VS2008?
What are some GUI clients available for Mercurial?
BitBucket or freeHg?
Setting Environment Variables for Mercurial Hook
What are the relative strengths and weaknesses of Git, Mercurial, and Bazaar?
Which is the most useful Mercurial hook for programming in a loosely connected team?
Kenai invites: where to get them?
How to repeatedly merge branches in Mercurial
Why is branching and merging easier in Mercurial than in Subversion?
How to use p4merge as the merge/diff tool for Mercurial?
HgTortoise in Vista 64-bit not showing the context menu
What is the Difference Between Mercurial and Git?
Mercurial .hgignore for Visual Studio 2008 projects
Good Mercurial repository viewer for Mac
Is there a bug/issue tracking system which integrates with Mercurial?
how to allow files starting with period and no extension in windows 2003 server?
Mercurial stuck "waiting for lock"
How to combine two projects in Mercurial?
What is a good Mercurial usage pattern for this setup?