[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Monotone-devel] Proposition: hooks to set permissions on branch nam
From: |
Derek Scherger |
Subject: |
Re: [Monotone-devel] Proposition: hooks to set permissions on branch names |
Date: |
Sat, 07 Aug 2004 21:46:44 -0600 |
User-agent: |
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040602 |
Richard Levitte - VMS Whacker wrote:
Hi guys,
there are times when one might want to assign extra permissions to
some people for some branches rather than others. Right now, it seems
like such possibilities are missing (I was looking at the hook
get_manifest_cert_trust, but found it had a very different purpose),
I believe the purpose of the trust hooks is more about controlling your view of what's in
your database rather than controlling what gets into your database. i.e. if there's some
stuff in your database you don't like and you don't trust it you don't see it and it
essentially appears as if it isn't in your database for things like update, merge, etc.
so I'm proposing the following hooks:
get_read_permitted (branchname, identity)
get_write_permitted (branchname, identity)
get_anonymous_read_permitted (branchname)
They would work just like the get_netsync_*_permitted hooks, but be
called anytime a read or write operation is to be performed, based on
the branch cert found with the object that was just fetched or the
object that is about to be written.
Here's the thing, you have your database, I have mine, you have your hook settings, I have
mine. You can set your hooks to control what you can commit to your database, but I can
set mine however I like, and since it's *my* database, presumably I'll want to be able to
commit to it. ;)
To tell the truth, I see no reason why the get_netsync_*_permitted
hooks would stick around if the above is added, as they would become
some kind of lesser duplicates... And considering Graydon's thoughts
about removing the concept of collections altogether, this might be a
good idea either way.
I haven't looked at that part of the code yet, so I've no clue how
hard this would be to implement. I also have no clue how this would
affect performance.
If there is a way to do what I'm looking for with currently available
hooks, I'd very much like to be informed (clued in, really :-)).
I think the *_netsync_permitted hooks let you control who can put stuff into your
database. Although now that I think about it, I'm not sure they will prevent *you* from
pulling in something by someone you don't want to allow to write to a particular branch.
Hmm... is this where you were going with your proposal? i.e. controlling which versions
arrive in your database when doing a netsync based on their authors rather than on who is
doing the netsync? This seems like it might be an interesting idea but I'm not really
sure, this is all pretty new to me too.
--
Cheers,
Derek