Restricting users from pushing change sets to default (Mercurial)

Question

I want to restrict certain users from pushing changesets to the default branch of a repository. If it is possible, how would you do it?

Answer 1

The ACL extension should work for you. However, you need to take into account the following considerations:

• The extension must be enabled in the server repositories. That is, the hgrc file of each served repository should have ACL settings defined:

  [extensions]
  acl =
  
  [hooks]
  pretxnchangegroup.acl = python:hgext.acl.hook
  
  [acl]
  sources = serve
  
  [acl.deny.branches]
  default = user1, user2, user3
  

• These users that have push denied are system users. That is, the username is taken from the credentials provided by the web server in your case. It has nothing to do with the Author: field in the commit metadata.

• You can only allow or deny complete chagegroups. If one of your denied users pushes a group of commits containing a single commit to the default branch, the whole push will be denied (even if the other commits are allowed). This is not so strange if your users tend to merge with the default branch very often.

You could also write your own pretxnchangegroup hook but you will not be much more capable than the ACL extension.