diff -r 16056a9015f3 -r 62185dc7d0c9 doc/manual.docbook
--- a/doc/manual.docbook Wed Oct 14 14:29:39 2009 +0100
+++ b/doc/manual.docbook Wed Oct 14 14:48:33 2009 +0100
@@ -290,10 +290,97 @@
while "**" matches zero or more characters including "/".
-File conditions
+File and branch conditions
+
+mercurial-server supports file and branch conditions, which restrict an
+operation depending on what files it modifies and what branch the work is
+on.
+
+The way these conditions work is subtle and can be counterintuitive - if
+you want to keep things simple, stick to user and repo conditions, and then
+things are likely to work the way you would expect.
+
+
+File and branch conditions are added to the conditions against which a rule
+matches, just like user and repo conditions; they have this form:
+
+
+
+file=globpattern
: file within the repo
+
+
+branch=globpattern
: Mercurial branch name
+
+
+
+However, in order to understand what effect adding these conditions will
+have, it helps to understand how and when these rules are applied.
+
+
+The rules file is used to make three decisions:
+
+
+
+Whether to allow a repository to be created
+
+
+Whether to allow any access to a repository
+
+
+Whether to allow a changeset, which is on a some branch
+
+
+Whether to allow a changeset which changes a particular file
+
+
-Here be dragons...
+When the first two of these decisions are being made, nothing is known
+about what files might be changed, and so all file and branch conditions
+automatically succeed for the purpose of such decisions. This means that
+doing tricky things with file conditions can have counterintuitive
+consequences:
+
+
+
+You cannot limit read access to a subset of a repository with a "read"
+rule and a file condition: any user who has access to a repository can read
+all of it and its full history. Such a rule can only have the effect of
+masking a later "write" rule, as in this example:
+
+ read repo=specialrepo file=dontwritethis
+ write repo=specialrepo
+
+
+allows all users to read specialrepo, and to write to all files
+except that any changeset which writes to
+dontwritethis will be rejected.
+
+
+For similar reasons, don't give init rules file conditions.
+
+
+Don't try to deny write access to a particular file on a particular
+branch - a developer can write to the file on another branch and then merge
+it in. Either deny all writes to the branch from that user, or allow them
+to write to all the files they can write to on any branch. In other words,
+something like this will have the intended effect:
+
+
+ write user=docs/* branch=docs file=docs/*
+
+
+But something like this will not have the intended effect; it will
+effectively allow these users to write to any file on any branch, by
+writing it to "docs" first:
+
+
+ write user=docs/* branch=docs
+ write user=docs/* file=docs/*
+ read user=docs/*
+
+
+