On Mon, 22 Jul 2013 13:36:37 +0200 Stephan Beal <sgb...@googlemail.com> wrote:
> On Mon, Jul 22, 2013 at 1:30 PM, Eduardo Morras <emorr...@yahoo.es> wrote: > > > Xcb uses an async mechanism, it creates a cookie, sends it and data to the > > external code, keep working. External code calls xcb, sends the cookie with > > the answer. Data and cookie can be exchanged through sql table. > > > > Then it starts looking like a message queue, and i personally have no > intention of seeing fossil grow into such a creature. And fossil is single thread single process app and can't do any other thing while waiting. I applaud the single thread, I dislike threads too, don't understand why it must be single process. > > That's why I said I confused user with role. The role owns the files, not > > the user. Currently, a user without wiki role capabilities can't modify the > > wiki files. > > > > Yes he can - he simply needs to clone it. At that point any access rights > fly out the window. > > > Similar, a C developer role can modify /src dir but not /documentation or > > /sql, the DBA role can change /sql but not /src and similar. Role info is > > already exchanged in pull/push/sync, user info not. So in your scenary, a > > user can get the role capabilities and access them. > > > > So what happens when i (as a wiki editor) make a change to src/foo.c, > commit it to my local copy (because locally i have admin access) and then > try to push? i can't, and my repo then gets (permanently) out of sync. i > don't think this model is possible in a DVCS. Yes it is. There's a big difference between Project and Repository. There's the fossil project, only one, but there are lots of repositories and fossil project forks that aren't the main 'Fossil Project'. I don't want to restrict what you do with your repository or your project fork, I want to restrict what you can do to main Project. > > The problem is that a user is admin of his own repository file and can set > > whatever s/he wants and access everything. A global dvcs role and user data > > can solve this, not allowing this user make changes in public branches or > > trunk directories of central repo (or other users repos) if s/he has no > > privileges to do so. > > > > Once i clone it, the central repository has NO say-so in what i can and > cannot check out. It can only control what i check IN, or (more correctly), > what i try to push to the central server. If it will not let me push the > changes i have already committed to my local repo then i have a serious > problem. No, I sync with fossil main repository each week, but I don't have permission to push my changes. That's because my user (anonymous) don't have the role to do so. If I want to push my changes I must convince someone who has the correct role to do so. I want to restrict that a developer user, with a defined role, can push changes only to certains files/directories of main repository and not others. For example, in Fossil, sqlite3.c, sqlite3.h, copyright file, makefile, etc... should be changed only by user drh, at least in trunk, because he is the project architect. It's true that 'it shouldn't happen if everyone follow the manual and touch the files he owns', but there are sometimes, specially with newbies, that the repository becomes unusable because they touch a file they shouldn't. --- --- Eduardo Morras <emorr...@yahoo.es> _______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
