SoundSoftware Code Site

Authentication for Mercurial activity¶

Requirements¶

1. Clone/pull from repo for public project: Any user, no authentication required
2. Clone/pull from repo for private project: Permitted users only
3. Push to repo for public project: Permitted users only
4. Push to repo for private project: Permitted users only
5. Create repo for public project: User with manager role on project
6. Delete repo or carry out command-line admin tasks: System admin only

What constitutes a permitted user for limited push or pull activity?

• A user who is a member of the project?
• A user who is identified in the [web] section of the repository?
• A user who is both a member and identified in the [web] section?
• A user who is either a member or identified in the [web] section?
• A user who is identified in the [web] section, if any, or is a member if there is no such section?

Techniques¶

• Hg repository creation using reposman.rb
• Apache authentication against Redmine user database using mod_auth_mysql (no support for LDAP-authenticated users?)
• Apache authentication against Redmine users using the mod_perl module Redmine.pm (local copy) or a variant thereof (Redmine.pm was designed for SVN access via WebDAV)?
• Hg repository [web]-section authorisation using hgwebdir.cgi

Other links on this subject:

• Separation between authentication and authorisation activities
• hgrc [web] section
• Using mod_auth_mysql to authenticate against the Redmine database directly