# HG changeset patch # User Martin Geisler # Date 1248565037 -7200 # Node ID 00986b9ed649a5eead78ba18da5139b426dd1961 # Parent 16f4cfc69e4f52d4b0ef4438999cf4a0ca59c0ec acl: wrap docstrings at 70 characters diff -r 16f4cfc69e4f -r 00986b9ed649 hgext/acl.py --- a/hgext/acl.py Sun Jul 26 01:33:00 2009 +0200 +++ b/hgext/acl.py Sun Jul 26 01:37:17 2009 +0200 @@ -8,18 +8,19 @@ '''hooks for controlling repository access -This hook makes it possible to allow or deny write access to portions of a -repository when receiving incoming changesets. +This hook makes it possible to allow or deny write access to portions +of a repository when receiving incoming changesets. + +The authorization is matched based on the local user name on the +system where the hook runs, and not the committer of the original +changeset (since the latter is merely informative). -The authorization is matched based on the local user name on the system where -the hook runs, and not the committer of the original changeset (since the -latter is merely informative). - -The acl hook is best used along with a restricted shell like hgsh, preventing -authenticating users from doing anything other than pushing or pulling. The -hook is not safe to use if users have interactive shell access, as they can -then disable the hook. Nor is it safe if remote users share an account, -because then there is no way to distinguish them. +The acl hook is best used along with a restricted shell like hgsh, +preventing authenticating users from doing anything other than +pushing or pulling. The hook is not safe to use if users have +interactive shell access, as they can then disable the hook. +Nor is it safe if remote users share an account, because then there +is no way to distinguish them. To use this hook, configure the acl extension in your hgrc like this:: @@ -34,9 +35,10 @@ # ("serve" == ssh or http, "push", "pull", "bundle") sources = serve -The allow and deny sections take a subtree pattern as key (with a glob syntax -by default), and a comma separated list of users as the corresponding value. -The deny list is checked before the allow list is. :: +The allow and deny sections take a subtree pattern as key (with a glob +syntax by default), and a comma separated list of users as the +corresponding value. The deny list is checked before the allow list +is. :: [acl.allow] # If acl.allow is not present, all users are allowed by default.