Possible Duplicate:
Read access control with Mercurial and Apache
I'm trying to host multiple Mercurial repositories for my clients. I need to control access to each repository individually — not just push access, but clone as well.
I've got an .htaccess set which requires authentication globally:
AuthUserFile /path/to/hgweb.passwd
AuthGroupFile /dev/null
AuthName "Chris Lawlor Client Mercurial Repositories"
AuthType Basic
<Limit GET POST PUT>
Require valid-user
</Limit>
<FilesMatch "\.(htaccess|passwd|config|bak)$">
Order Allow,Deny
Deny from all
</FilesMatch>
Then in each repository, I've got a .hg/hgrc file requiring a valid user
[web]
allow_push = <comma seperated user list>
This almost does what I need. The problem is that I need to add all my clients to hgweb.passwd, which gives them clone access to all of the repositories.
The only solution I can think of is to have another .htaccess and .passwd file in each repository. I don't really want to do that though, seems a little convoluted. I can already specify a list of authorized users for each repository in that repos' hgrc file with the allow_push setting. If only there were an allow_clone setting as well...
All the documentation I've found for hgwebdir.cgi is incomplete. I've read:
- http://mercurial.selenic.com/wiki/HgWebDirStepByStep
- http://hgbook.red-bean.com/read/collaborating-with-other-people.html#sec:collab:cgi
- http://hgbook.red-bean.com/read/collaborating-with-other-people.html
And others. I've yet to find a comprehensive list of hgrc settings.
I guess this is as much an Apache question than a Mercurial question.
Unless I can find a better approach, I'll be going with a seperate .htaccess and .passwd file for each repo.
This is a virtual host on Webfaction if it matters — set up roughly like described in their documentation.
Edit: Looks like any .htaccess files in the client repos will be ignored. I think this is because all requests are being served by hgwebdir.cgi in the webroot, so only the .htaccess in the webroot takes affect.
