Mercurial 目录访问规则
我有一个具有以下目录结构的 Mercurial 存储库:
/
/system
/applications
/applications/client1
/applications/client2
/applications/client3
我通过 http(还没有 ssl)通过 apache 子域提供存储库,当然希望限制推送、拉取和提交的访问。一般来说,我根本不希望某些用户看到目录,也不希望看到目录的历史记录!
- 是否有机会限制对 Mercurial 存储库中目录的访问。
- 在基于 Linux 的系统上,如何才能仅向 client1 授予对 client 1 文件夹的访问权限,仅向 client2 授予对 client2 文件夹的访问权限? 注意:如果没有必要,我不想将存储库拆分为子存储库!
- 如果没有子存储库这不起作用,有人可以告诉我如何使用子存储库在这种情况下使用我的目录结构来执行此操作。
我迷路了:(
I have a mercurial repository with the following directory structure:
/
/system
/applications
/applications/client1
/applications/client2
/applications/client3
I am serving the repo over an apache subdomain over http (no ssl yet) and want to restrict access for push, pull and commit of course. Generally i dont want some users to see the directories at all and also not the history of the directories!
- Is there a chance to restrict access to a directory in a mercurial repository.
- How can i give access to the client 1 folder only for client1, client2 only for client2 on a linux based system? Note: I dont want to split the repository into sub repositories if not necessary!
- If this is not working without sub repositories, can someone please tell me how to do this with sub repositories in this case with my directory structure.
I am lost :(
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
既然您在 1 个存储库中拥有所有内容,那么就不会。
tl;dr: 存储库总是完整的,如果您可以克隆它,您就可以看到所有内容,无法限制对本地克隆中内容的访问,只能限制对中央服务器托管的内容的访问克隆。
Mercurial 服务器可以通过两种方式处理授权:
第一种类型将使整个存储库只读或不可用。但是,如果用户具有读取访问权限,他将能够克隆并查看整个存储库、历史记录和文件等。
但是,您可以通过禁止推送来阻止同一用户修改中央副本。这意味着该用户可以使用自己的私有克隆做任何他想做的事情,但他无法将这些更改推回到中央克隆。
另一种类型允许您更细粒度地控制允许发生更改的位置。但是,请再次注意,用户将能够克隆并查看整个存储库。
此外,用户还可以使用自己的个人克隆做任何他想做的事情。然而,虽然这种类型的授权并不完全禁止推送到中央存储库,但挂钩会查看正在推送的变更集,并且如果您决定不允许该用户将更改推送到“client2”内容,他尝试推送的任何此类变更集都将被中止。
换句话说,用户能够修改他的私有克隆,包括更改“client2”中的内容,但如果他提交包含“client2”更改的变更集,他将无法推送回中央存储库。然后,在他的推送完成之前,他必须剥离或以其他方式删除这些变更集。
总结一下:
Since you have everything in 1 repository, then no.
tl;dr: A repository is always complete, and if you can clone it, you can see everything, there is no way to restrict access to content in a local clone, only to a central server-hosted clone.
A Mercurial server can deal with authorization in two ways:
The first type would make the whole repository read-only, or unavailable. However, if a user has read-access, he will be able to clone, and see, the whole repository, history and files alike.
But, you could prevent that same user from modifying the central copy by prohibiting pushes to it. This would mean that that user could do whatever he wanted to with his own private clone, but he would not be able to push those changes back to the central clone.
The other type would allow you to control where changes was allowed to happen a bit more fine-grained. However, note that again, a user will be able to clone, and see, the whole repository.
Additionally, the user will also be able to do whatever he wants to with his own personal clone. However, whereas pushes to the central repository is not totally prohibited with this type of authorization, a hook would look at the changesets being pushed, and if, say, you decide that that user is not allowed to push changes to "client2" content, any such changesets that he tries to push will be aborted.
In other words, the user is able to modify his private clone, including change things in "client2", but if he commits a changeset with "client2" changes, he will not be able to push back to the central repository. He would then have to strip away, or otherwise get rid of those changesets, before his pushes would go through.
So to summarize:
您可以使用 ACL 扩展,该扩展现在默认随 Mercurial 一起分发。该扩展可以限制每个目录的所有 Hg 操作,无需诉诸使用子存储库。
此外,您可以限制每个分支或每个文件夹的访问。
You can use the ACL Extension, which is now distributed with Mercurial by default. The extension can restrict all Hg actions per directory, without resorting to using sub-repositories.
Furthermore, you can restrict access per-branch or per-folder.