Mercurial > hg
changeset 9052:1344e607180b
acl: wrapped docstrings at 78 characters
| author | Martin Geisler <mg@lazybytes.net> |
|---|---|
| date | Tue, 07 Jul 2009 23:54:42 +0200 |
| parents | f8e25885d975 |
| children | 6d0b5d76e76d |
| files | hgext/acl.py |
| diffstat | 1 files changed, 14 insertions(+), 16 deletions(-) [+] |
line wrap: on
line diff
--- a/hgext/acl.py Tue Jul 07 23:54:30 2009 +0200 +++ b/hgext/acl.py Tue Jul 07 23:54:42 2009 +0200 @@ -8,19 +8,18 @@ '''hooks for controlling repository access -This hook makes it possible to allow or deny write access to portions -of a repository when receiving incoming changesets. - -The authorization is matched based on the local user name on the -system where the hook runs, and not the committer of the original -changeset (since the latter is merely informative). +This hook makes it possible to allow or deny write access to portions of a +repository when receiving incoming changesets. -The acl hook is best used along with a restricted shell like hgsh, -preventing authenticating users from doing anything other than -pushing or pulling. The hook is not safe to use if users have -interactive shell access, as they can then disable the hook. -Nor is it safe if remote users share an account, because then there -is no way to distinguish them. +The authorization is matched based on the local user name on the system where +the hook runs, and not the committer of the original changeset (since the +latter is merely informative). + +The acl hook is best used along with a restricted shell like hgsh, preventing +authenticating users from doing anything other than pushing or pulling. The +hook is not safe to use if users have interactive shell access, as they can +then disable the hook. Nor is it safe if remote users share an account, +because then there is no way to distinguish them. To use this hook, configure the acl extension in your hgrc like this: @@ -35,10 +34,9 @@ # ("serve" == ssh or http, "push", "pull", "bundle") sources = serve -The allow and deny sections take a subtree pattern as key (with a -glob syntax by default), and a comma separated list of users as -the corresponding value. The deny list is checked before the allow -list is. +The allow and deny sections take a subtree pattern as key (with a glob syntax +by default), and a comma separated list of users as the corresponding value. +The deny list is checked before the allow list is. [acl.allow] # If acl.allow is not present, all users are allowed by default.