gitolite howto allow full access to all branches, but restrict for a specific set

Question

I want to configure gitolite so that

1. Developers cannot push to master and stage1
2. Developers can do RW operations to all other branches (any name they want)

The best thing I came up with is this:

repo foo bar

    RW        = @developers
    R  master = @developers
    R  stage1 = @developers

But the first rule gives developers full access to all branches. So how can this be done?

Answer 1

Following this example, the order of those access rules should work (normal then VREF):

-  master = @developers
-  stage1 = @developers
RW        = @developers

See "access control rule matching" for the exact access control rule application recipe.

And since gitolite 3.6.1, you can trace this logic quickly and easily:

gitolite access -s foo adeveloper W any

More generally, your initial setting should work:

As commented by Mort, there is no VREF rules here, only "refex" rules as they apply to real refs in the repo

Since no refex is supplied, it defaults to refs/.*.