[MERGE] Updates to bzr_access
John Arbash Meinel
john at arbash-meinel.com
Thu Jun 5 17:40:10 BST 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Russ Brown wrote:
| John Arbash Meinel wrote:
|> The attached patch was written by "j^" on IRC.
|
|> It basically fixes up the contrib/bzr_access script to properly work with
|> bzr.dev, and improve the documentation to match reality. (You can only
|> manage
|> whole-repo access, not per branch, etc access.)
|
|
| That's annoying. I was planning to use this to control access to certain
| branches.
|
| I suppose the obvious answer to that is to make it work myself and
| contribute back. :)
|
|> I've reviewed it, and it looks good to me. Anyone else want to second it?
|
|> John
|> =:->
There is a blueprint open for what needs to be done.
https://blueprints.edge.launchpad.net/bzr/+spec/acl-transport
Specifically, it would work similarly to our current Chroot transport. If I was
going to implement it, I would create a choke-point function based on the
relative path.
You would need a bit of configuration to define what user has access to what
path. However, for the actual ACLTransport, I would already have "unrolled" this
based on the current user. No need to do a username.group lookup on every access
when there is only one user with a limited set of groups. That might effect how
you want to define the configuration.
It certainly wouldn't be required, but you don't really want to have a huge
amount of overhead on every request.
I don't think it would be terribly hard to write, we already have
ChrootTransport, and IMO it is an extension of that.
I'd be happy to mentor on it, I just don't have the personal resources to focus
on it at this point.
John
=:->
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Cygwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkhIFuoACgkQJdeBCYSNAANs8QCgtZ+hM1gOseVJ3OGEYxrVmsSY
kxIAoJKPDlF8MGH04dH4lx1YDGyElDmn
=DRZU
-----END PGP SIGNATURE-----
More information about the bazaar
mailing list