Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.
Glen Starrett wrote:
> Tony Hoyle wrote:
> >cvsnt 2.0.26 (stable)
> >
> >* Use global 'default' on ACLs (default with no branch specified).
> >
> >
> >
> Works great, thanks!
Yes, it works good, but... wouldn't it be more straightforward if the "no
branch specified = match any branch" rule worked for all users and not
just "default"?
For example:
default:r - means that any user can read any branch
user1:r - means then user1 can read HEAD only
This behavior is quite confusing and it seems like a half-way step to me.
There are two concepts mixed together now and I think it should be brought
to the end.
I propose this ACLs behavior:
- When no specific user is specified in the rule (default rule), the rule
matches any user.
- When no specific branch is specified in the rule, the rule matches any
branch.
Of course the resolution of conflicts works like this: the more specific
the rule is, the higher priority the rule has.
For example:
default:n
user1:rwc
{HEAD}user1:r
user2:r
User1 can write to any branch except to HEAD. User2 can read any branch.
All other users have no access at all.
What do you think about this? I find this behavior fine and clear. I think
other commonly used permission mechanisms work just like this.
Jan Rychtar