On 8/27/17 6:51 PM, Augie Fackler wrote:
On Fri, Aug 25, 2017 at 11:26:05AM -0700, Durham Goode wrote:
[...]
Preventing Mistakes
===
One of the reasons for preventing users from accessing hidden commits is to
prevent them from doing bad things with them (like pushing them, or amending
them and causing divergence). To address this, directaccess treats read
commands, recoverable-write commands, and unrecoverable-write commands
separately.
For read commands (a whitelist of commands in the code), it allows the user
to access the commit like normal.
For recoverable-write commands, like commit/amend/rebase, it prints
"Warning: accessing hidden changesets %s for write operation".
For unrecoverable-write commands (a whitelist), like push and serve, it
blocks the command like normal, with the 'abort: hidden revision' error.
It sounds like you whitelist read and unrecoverable-write
commands. Does that mean "ercoverable-write" commands are inferred
from not being in those two whitelists? How has that interacted with
users finding random extensions or defining custom aliases?
Yea, the default behavior is warn-the-user. Very, very few of our users
have ever enabled random extensions so that has not been an issue.
As for custom aliases, I believe directaccess hooks in at the command
function level, so it doesn't matter what you type at the command line,
as long as it invokes the command function.
_______________________________________________
Mercurial-devel mailing list
Mercurial-devel@mercurial-scm.org
https://www.mercurial-scm.org/mailman/listinfo/mercurial-devel
