[cvsnt] Latest updates

Jan Rychtar rychtation at email.cz
Tue Feb 10 10:22:43 GMT 2004


Glen Starrett wrote:

> Tony Hoyle wrote:

> >cvsnt 2.0.26 (stable)
> >
> >* Use global 'default' on ACLs (default with no branch specified).
> >
> >  
> >
> Works great, thanks!

Yes, it works good, but... wouldn't it be more straightforward if the "no
branch specified = match any branch" rule worked for all users and not
just "default"?

For example:
default:r - means that any user can read any branch
user1:r   - means then user1 can read HEAD only

This behavior is quite confusing and it seems like a half-way step to me.
There are two concepts mixed together now and I think it should be brought
to the end.

I propose this ACLs behavior:

- When no specific user is specified in the rule (default rule), the rule
matches any user.
- When no specific branch is specified in the rule, the rule matches any
branch.

Of course the resolution of conflicts works like this: the more specific
the rule is, the higher priority the rule has.

For example:

default:n
user1:rwc
{HEAD}user1:r
user2:r

User1 can write to any branch except to HEAD. User2 can read any branch.
All other users have no access at all.


What do you think about this? I find this behavior fine and clear. I think
other commonly used permission mechanisms work just like this.

Jan Rychtar




More information about the cvsnt mailing list