On 16.05.2015 22:32, Ivan Zhakov wrote: >> In most CM workflows I've ever seen, a tag is assumed to be a read-only >> snapshot since its creation. FWIW, even with the required authz support >> in place, we still wouldn't have real tags, just as we don't have real >> branches; there's more to the semantics of these concepts than just >> access patterns. >> > I meant it would be nice to have option in authz file to say "I allow > creating tags in this folder, but I don't allow to modify or delete > them". The create permissions looks like solution for this use. But it > doesn't cover case when tag created from working, i.e. 'copy then > modify some files'
That's an interesting point: WC-to-repos copy is tricky. I wonder how hard it would be to somehow incorporate the fact that the copy and modification are happening in the same transaction/edit drive into the authz decisions, without exposing the concept of transactions outside the repository layer. -- Brane
