ACLTransport and Other ACL Thoughts

Jeff Abbott fdiv_bug at
Thu Feb 28 17:12:40 GMT 2008

Alexander Belchenko wrote:

> I comment some of your thoughts. But I could be wrong in some aspects.

Thanks for the feedback, Alexander!

> I'm not expert in bzr+http, but may be (just may be as an idea) it's
> better to implement as subclass (or maybe mixin) of RemoteTransport?
> So it will be deeper pluggable into all bzr+*:// combinations?

I suppose that's a possibility.  Ideally this support would be 
integrated in such a way that ACLs would be available to any access 
method.  I'd want it to be restrictive of bzr+http:// and bzr+https://, 
as well as have an API for other tools (like Loggerhead) to use.  So 
maybe a decorator isn't the best way to go.  Perhaps in 
RemoteHTTPTransport itself we could override get, get_bytes, and the 
various put and append methods to check ACLs first?

I'm also on the fence about whether or not I'd want this to be available 
to bzr+ssh:// or if the file system would be the right place to secure 
that transport.  I'm leaning towards leveraging the file system at the 
moment, for what it's worth.

> One problem here is on the server you don't touch actually working tree
> for push/pull/branch/commit operations. So it seems like provide fine
> grained access within working tree of one branch will be very hard.
> Because now bzr works with branch as a single whole.

That's a good point, and is something I hadn't really realized.  I guess 
providing repository-level access would be the only way at the moment.

>> I'm not sure if we'd need, or even want, that level of granularity, 
>> but it seems like it'd be better to implement that now rather than do 
>> it more coarsely and have to re-think things again in the future when 
>> someone finds a good case for it being more precise.  I'm also not 
>> convinced that .bzr/branch/branch.conf is the right place for this 
>> information; perhaps .bzr/branch/access.conf would work better?
> As I said above it's better to place on repository level and control
> access to particular branches.

That's also a very good point, since every branch has a repository 
somewhere (even if it's all in one).  So, .bzr/repository/access.conf 
would probably be the right way to go.  It would require people learn 
about the distinction between repositories and branches in Bazaar, but 
it's not that complicated and, frankly, if you're running a Bazaar 
server used by multiple people then you should probably understand such 
things anyway.


More information about the bazaar mailing list