bzr serve and access control?

[Josef Wolf]

On Tue, Feb 02, 2010 at 05:03:20PM +0100, Josef Wolf wrote:
> On Tue, Feb 02, 2010 at 11:05:49PM +1100, Ben Finney wrote:
[ ... ]
> > All true. It's a trade-off: you lose all the flexibility of proper user
> > accounts, while gaining the simplicity of avoiding user accounts.
> 
> This does not have to be a tradeoff. You don't have such a tradeoff with git
> and you don't have such a tradeoff with subversion (I don'T know about other
> VCS's, though). With git, you can use gitolite and for svn, you can use
> mod_dav_svn over ssl. So you have the simplicity without loosing the
> flexibility.
> 
> Bazaar could also have both, if only it would pass the required information
> (which repository, and which type of access) on the command line, as I
> described at the beginning of the thread.

In fact, if I think about it, "bzr serve" is already prepared for the changes
that are needed to pass the required information. It's just that the _client_
passes the _wrong_ information.

To illustrate: when I invoke

  bzr clone bzr+ssh://bzr-user@host.do.main/foo/bar

then

  bzr serve --inet --directory=/ --allow-writes

is invoked on the remote side. IMHO, there are two things wrong here:

First problem is that the --allow-writes option is passed. But isn't "clone"
a read-only operation? So why is the --allow-writes option passed here?

Second problem is that the /foo/bar part is dropped. Why not invoke 

  bzr serve --inet --directory=/foo/bar

on the remote side in this situation? Then a wrapper script would be able
to check whether the user should be allowed to access the repository. After
all, the client does not even _try_ to access / (the root).

So simply passing the correct values would be all that is needed to be able
to do what I am trying to do. The /foo/bar would tell which repository is
to be accessed and the --allow-writes would signal that write operations are
to be done.

What are those options good for if always the same values are passed?