Mercurial Mercurial > hg > mercurial-server / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | zip | gz | bz2 | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Explain limitations of branch/file rule combination
authorPaul Crowley <paul@lshift.net>
Tue, 22 Apr 2008 13:51:19 +0100
changeset 26 2c4f499ea12f
parent 25 9d78dca32325
child 27 ec31ba248edd
Explain limitations of branch/file rule combination
README file | annotate | diff | comparison | revisions 
--- a/README	Tue Apr 22 13:23:07 2008 +0100
+++ b/README	Tue Apr 22 13:51:19 2008 +0100
@@ -174,6 +174,22 @@
 
 - For similar reasons, don't give "init" rules file conditions.
 
+- Don't try to deny write access to a particular file on a particular
+branch - a developer can write to the file on another branch and then
+merge it in.  Either deny all writes to the branch from that user, or
+allow them to write to all the files they can write to on any branch.
+In other words, something like this will have the intended effect
+
+  write user=docs/* branch=docs file=docs/*
+
+But something like this will not have the intended effect; it will
+effectively allow these users to write to any file on any branch, by
+writing it to "docs" first:
+
+  write user=docs/* branch=docs
+  write user=docs/* file=docs/*
+  read user=docs/*
+
 LOCKING YOURSELF OUT
 
 If you find yourself "locked out" - that is, that you no longer have
mercurial-server