[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Monotone-devel] Proposition: hooks to set permissions on branch nam
Richard Levitte - VMS Whacker
Re: [Monotone-devel] Proposition: hooks to set permissions on branch names
Sun, 08 Aug 2004 10:11:39 +0200 (CEST)
In message <address@hidden> on Sat, 07 Aug 2004 21:46:44 -0600, Derek Scherger
derek> Richard Levitte - VMS Whacker wrote:
derek> > Hi guys,
derek> > there are times when one might want to assign extra permissions to
derek> > some people for some branches rather than others. Right now, it seems
derek> > like such possibilities are missing (I was looking at the hook
derek> > get_manifest_cert_trust, but found it had a very different purpose),
derek> I believe the purpose of the trust hooks is more about
derek> controlling your view of what's in your database rather than
derek> controlling what gets into your database. i.e. if there's some
derek> stuff in your database you don't like and you don't trust it
derek> you don't see it and it essentially appears as if it isn't in
derek> your database for things like update, merge, etc.
Oh. Hmm, OK, that gives it a different light...
derek> > so I'm proposing the following hooks:
derek> > get_read_permitted (branchname, identity)
derek> > get_write_permitted (branchname, identity)
derek> > get_anonymous_read_permitted (branchname)
derek> Here's the thing, you have your database, I have mine, you have
derek> your hook settings, I have mine. You can set your hooks to
derek> control what you can commit to your database, but I can set
derek> mine however I like, and since it's *my* database, presumably
derek> I'll want to be able to commit to it. ;)
I'm beginning to see that I might need to rethink this. More below...
derek> I think the *_netsync_permitted hooks let you control who can
derek> put stuff into your database. Although now that I think about
derek> it, I'm not sure they will prevent *you* from pulling in
derek> something by someone you don't want to allow to write to a
derek> particular branch.
A very good point.
derek> Hmm... is this where you were going with your proposal?
derek> i.e. controlling which versions arrive in your database when
derek> doing a netsync based on their authors rather than on who is
derek> doing the netsync? This seems like it might be an interesting
derek> idea but I'm not really sure, this is all pretty new to me too.
Yes, actually, that's exactly what I'm after, and I see now that I'm a
bit confused between who does a netsync operation and who does a
commit. I guess the concept of one central repository to which all
commits go directly hasn't left it's grasp on my mind, yet...
At this point, it therefore looks like an implementation of
get_manifest_cert_trust that checks a combination of author and branch
certs would do the trick, no? If that is so, this proposal of mine
can be removed immediately... I'll do some tests in the coming week,
if I remember.
Thanks for the heads up!
Please consider sponsoring my work on free software.
See http://www.free.lp.se/sponsoring.html for details.
Richard Levitte address@hidden