ACLTransport and Other ACL Thoughts

[Jeff Abbott]

Folks,

In doing more thinking about ACLs in Bazaar, I was looking over the 
ACLTransport spec (http://bazaar-vcs.org/Specs/ACLTransport) and digging 
through source seeing what I could learn, and a thought occurred to me:

   Could this be done with a TransportDecorator?

My inspiration came largely from ReadonlyTransportDecorator, except 
instead of universally saying "no" to some operations it would check a 
config file before doing so.  I was figuring that 
.bzr/branch/branch.conf could be used for this purpose with sections like:

   [read]
   ** = *

   [write]
   ** = alice
   docs/* = bob, charlie
   src/** = david

   [deny]
   ** = edward

In that example, everyone except edward would have "pull" and "branch" 
access, and the other people listed in the [write] section would have 
"push" access to the respective portions of the branch (i.e. alice can 
push to anywhere, bob and charlie can only push to the docs directory 
but none of its subdirectories, and david can push to src and anywhere 
below).

I'm not sure if we'd need, or even want, that level of granularity, but 
it seems like it'd be better to implement that now rather than do it 
more coarsely and have to re-think things again in the future when 
someone finds a good case for it being more precise.  I'm also not 
convinced that .bzr/branch/branch.conf is the right place for this 
information; perhaps .bzr/branch/access.conf would work better?

I've started fiddling with some code but I was wondering what other 
people thought of the idea of, say, ACLTransportDecorator, before I go 
too far along.  If it turns out that doing it as a full-fledged 
ACLTransport would be the better choice then, John, if you're around, 
I'd be keen on working on that with you.  Otherwise... where do we go 
from here?

Thanks,
Jeff