Mercurial Acl 扩展拒绝拉取某些文件

发布于 2024-09-10 07:22:47 字数 475 浏览 7 评论 0原文

我是新的 Mercurial 用户。我设置了 acl 扩展,将其添加到我的 hgrc 文件中:

[hooks]
pretxnchangegroup.acl = python:hgext.acl.hook

[acl]
sources = serve pull push

[acl.deny]
** = mercurial

因此,使用上面的代码,我拒绝用户“mercurial”访问所有文件。我成功地测试了 acl 扩展,当我尝试推送到我上面放置代码的中央存储库时,它运行得很好。正如预期的那样,我收到用户“mercurial”的访问被拒绝的消息。

现在的问题是,当我开始从中央存储库时,我没有任何限制,因此我可以不受任何限制地拉取任何内容。我想要的是拒绝对某些文件的拉取访问,就像我尝试 push 命令时所做的那样。我有什么办法可以做到这一点吗?

I'm new mercurial user. I setup the acl extension adding this into my hgrc file:

[hooks]
pretxnchangegroup.acl = python:hgext.acl.hook

[acl]
sources = serve pull push

[acl.deny]
** = mercurial

So with this code above I deny access to all files to user "mercurial". I successfully tested the acl extension and it works perfectly when I try to push to my central repository on which I put the code above. As expected I receive message that the access for the user "mercurial" is denied.

Now the problem is when I'm start pulling from central repository I don't have any restriction so I can pull anything without any restriction. What I want is to deny pull access for some files like I can do when I tried push comand. Is there any way I can do this?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

紫轩蝶泪 2024-09-17 07:22:47

Mercurial 与 Subversion 不同,它不允许对单个文件进行控制,这是有充分理由的。 DVCS 模型将整个存储库放在每个开发人员的计算机上,因此即使您限制文件的推送和拉取,用户仍然可以通过 hg cat 文件来获取其内容。

我不会尝试在客户端执行此操作,而是会根据谁需要什么来破坏您的存储库,并为各个存储库设置权限。请参阅我在Kiln堆栈交换我应该使用多个存储库吗?。您可以通过 http(s) 或 SSH 设置权限,或者如果您碰巧使用 Kiln,则可以通过我们的权限界面设置权限。

Mercurial, unlike Subversion, doesn't allow controls on individual files, and for good reason. The DVCS model puts the entire repo on every developer's machine, so even if you restrict files on push and pull, the user could still just hg cat the file to get its contents.

Instead of trying to do this on the client side, I would instead break your repos based on who needs what and set permissions to individual repos. See my answer on the Kiln stack exchange Should I use more than one repository?. You can set permissions via http(s) or SSH, or if you happen to be using Kiln, through our permissions interface.

阪姬 2024-09-17 07:22:47

正如 tghw 的评论中所指出的那样,听起来您真正想要的是通过文件路径进行部分克隆,以便人们可以仅克隆或下拉某些文件或目录,但这在 Mercurial (或 git)中是不可能的。之所以如此,是因为每个修订版都由唯一的哈希值标识,其中包括所有文件更改的哈希值等。如果您没有所有文件,就没有所有更改,并且无法验证哈希值。

如果您确实需要隐藏某些人对某些文件的读取访问权限,您需要将它们拆分到单独的存储库中。

As came out in the comments with tghw, it sounds like what you really want is partial cloning by filepath, so that a person can clone or pull down only certain files or directories, but that's not possible in Mercurial (or git). That's the case because every revision is identified by a unique hash that includes, among other things, the hash of all the file changes. If you don't have all the files, you don't have all the changes, and you can't verify the hash.

If you really need to hide read access for some files from some people you'll need to split them up into separate repositories.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文