On Sun, 2006-06-04 at 17:14 +0200, Benoît Dejean wrote: > Hey, i'm running a 0.26 server like this : > > $MTN --db=$DB serve 'fr.placenet*' > > with read-permissions : > comment "Placenet Fr" > pattern "fr.placenet*" > allow "[EMAIL PROTECTED]" > allow "[EMAIL PROTECTED]" > allow "[EMAIL PROTECTED]" > > and write-permissions : > > [EMAIL PROTECTED] > [EMAIL PROTECTED] > [EMAIL PROTECTED] > > > I'm totally lost because this afternoon user [EMAIL PROTECTED] was > able to push 'cyp.stage' on the server ... how can that be ? how can i > restrict a server to deal only with 'fr.placenet*' ? What the point in > allowing people to push whatever branches they want but without being > able to pull them later ? > > log says : > mtn: allowed '[EMAIL PROTECTED]' read permission for 'cyp.stage' > excluding '' > mtn: allowed '[EMAIL PROTECTED]' write permission for 'cyp.stage' > excluding ''
Write permissions really are anything-or-nothing. It denies permission if what they want to sync includes a branch that you already have, that either doesn't match what's being served or that they aren't allowed to read. In this case, their include pattern ("cyp.stage") didn't match anything on your server, so it had no reason to say "no, you can't look at that" (since there wasn't anything to look at). In particular, netsync does not see cyp.stage as a branch name, it sees it as a pattern to match branches against. Since the server doesn't have any branches that match this pattern, it doesn't have anything to prohibit the client from reading. They won't be able to sync that branch again, since sync is r/w and they're not allowed to read that branch. They also won't be able to push it again, but this is more because read permissions are always checked (even if they're doing write-only), which IMHO is a bug. Tim _______________________________________________ Monotone-devel mailing list Monotone-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/monotone-devel