I've set up Mercurial via Apache (debian) (hgweb.wsgi) with LDAP user authentification. I would like to have the same per repository authorization functionality as when using Subversion and AuthzSVNAccessFile, in which I can define which user has read or write permissions for every single repository. I have a global file hgweb.config, in which I deny read/push by default (allow_read=False, allow_push=False). I would like to specify per repository access in this (or similar) global file.
I've seen Read access control with Mercurial and Apache and Hosting multiple repositories, each with differing access control , but I would like to avoid using .hg/hgrc file in each repository.
I've also seen LDAP Auth with checking the group user belongs to? , but I would like to avoid using ldap groups and I would like to avoid modifying htaccess or httpd.conf every time new repository is added.
Is ACL extension the solution? If so, please add minimal example, how to define per repository configuration in the (single) global file. I would like to avoid using payed 3rd party software.
