tags:

views:

34

answers:

1
Q: 

Mercurial Acl Extension deny pull of some files

I'm new mercurial user. I setup the acl extension adding this into my hgrc file:

[hooks]
pretxnchangegroup.acl = python:hgext.acl.hook

[acl]
sources = serve pull push

[acl.deny]
** = mercurial

So with this code above I deny access to all files to user "mercurial". I successfully tested the acl extension and it works perfectly when I try to push to my central repository on which I put the code above. As expected I receive message that the access for the user "mercurial" is denied.

Now the problem is when I'm start pulling from central repository I don't have any restriction so I can pull anything without any restriction. What I want is to deny pull access for some files like I can do when I tried push comand. Is there any way I can do this?

A: 

Mercurial, unlike Subversion, doesn't allow controls on individual files, and for good reason. The DVCS model puts the entire repo on every developer's machine, so even if you restrict files on push and pull, the user could still just hg cat the file to get its contents.

Instead of trying to do this on the client side, I would instead break your repos based on who needs what and set permissions to individual repos. See my answer on the Kiln stack exchange Should I use more than one repository?. You can set permissions via http(s) or SSH, or if you happen to be using Kiln, through our permissions interface.

tghw  2010-07-13 13:17:52
Thanks for the replay but now I don't know what to do. I have one project and I want to restrict access to specific users for some files on that project. Is there any different way to do this and keep that project in one peace?
Danilo  2010-07-13 13:38:23
What sorts of files are you restricting access to? And how are you going to enforce their use of your hook?
tghw  2010-07-13 14:27:07
Thanks again for the answer. I want to restrict access to some php scripts. But there is one question that is the same as your second. How to enforce use of my hook and how to design that hook in order to be able recognize those files that I want to restrict?
Danilo  2010-07-13 14:38:09
Is there mercurial variable that I can use in my custom hook that can recognize pull command?
Danilo  2010-07-13 14:58:11
To the best of my knowledge, there is no way to prevent only certain files from being pulled, while allowing others. That would represent a different history, which would mean a different changeset ID, etc. It does look like a `preoutgoing` hook might get the hook in there, but I'd be surprised if you could block certain files. Do you mind posting the source for your hook?
tghw  2010-07-13 15:27:38

related questions

Is there a means to produce a changelog in SVN
CVS Checkout to a directory
Does anyone know the CVS command line options to get the details of the last check in?
What is the most effective tool you've used to track changes in a CVS repository?
What are the best practices for moving between version control systems?
Comparing two CVS revisions in Eclipse
cvs error on checkin
Get CVS history for a particular user
Switching form VSS to CVS: what features are lost in Visual Studio?
What do you call the tags in Subversion and CVS that add automatic content?
How to find out which CVS tags cover which files and paths?
vimdiff and CVS integration
Alternative SSH Application to Plink
cvs checkin: Identifying the names of the files checked in
What is the best way to replicate a version control repository?
Use SVN instead of CVS on SourceForge
Is it possible to automatically make check-outs from any VCS?
Do you use version control other than for source code?
CVS to SVN conversion and reorganizing branches
How do you deal with configuration files in source control?
How to add CVS directories recursively
Version control PHP Web Project
Version Control. Getting started...
Could you recommend a good free project hosting website?
What are the advantages of using SVN over CVS?