ACLTransport and Other ACL Thoughts
fdiv_bug at sniping.org
Thu Feb 28 17:12:40 GMT 2008
Alexander Belchenko wrote:
> I comment some of your thoughts. But I could be wrong in some aspects.
Thanks for the feedback, Alexander!
> I'm not expert in bzr+http, but may be (just may be as an idea) it's
> better to implement as subclass (or maybe mixin) of RemoteTransport?
> So it will be deeper pluggable into all bzr+*:// combinations?
I suppose that's a possibility. Ideally this support would be
integrated in such a way that ACLs would be available to any access
method. I'd want it to be restrictive of bzr+http:// and bzr+https://,
as well as have an API for other tools (like Loggerhead) to use. So
maybe a decorator isn't the best way to go. Perhaps in
RemoteHTTPTransport itself we could override get, get_bytes, and the
various put and append methods to check ACLs first?
I'm also on the fence about whether or not I'd want this to be available
to bzr+ssh:// or if the file system would be the right place to secure
that transport. I'm leaning towards leveraging the file system at the
moment, for what it's worth.
> One problem here is on the server you don't touch actually working tree
> for push/pull/branch/commit operations. So it seems like provide fine
> grained access within working tree of one branch will be very hard.
> Because now bzr works with branch as a single whole.
That's a good point, and is something I hadn't really realized. I guess
providing repository-level access would be the only way at the moment.
>> I'm not sure if we'd need, or even want, that level of granularity,
>> but it seems like it'd be better to implement that now rather than do
>> it more coarsely and have to re-think things again in the future when
>> someone finds a good case for it being more precise. I'm also not
>> convinced that .bzr/branch/branch.conf is the right place for this
>> information; perhaps .bzr/branch/access.conf would work better?
> As I said above it's better to place on repository level and control
> access to particular branches.
That's also a very good point, since every branch has a repository
somewhere (even if it's all in one). So, .bzr/repository/access.conf
would probably be the right way to go. It would require people learn
about the distinction between repositories and branches in Bazaar, but
it's not that complicated and, frankly, if you're running a Bazaar
server used by multiple people then you should probably understand such
More information about the bazaar