# # patch "ChangeLog" # from [e58bdade15259de4f7dd5b5b7889172f3ec1a193] # to [228e8b5c33d810b22eefa4b4c63bbca9d0077d8c] # # patch "monotone.texi" # from [9c80ea657ae03c85cdaf1ac96c71959484f5697f] # to [ac8b688aff5fb83f33f487f11af6b8f08164910a] # --- ChangeLog +++ ChangeLog @@ -1,5 +1,10 @@ 2005-05-31 Timothy Brownawell + * monotone.texi: Update documentation for get_netsync_*_permitted + hooks to reflect that they now get individual branch names. + +2005-05-31 Timothy Brownawell + * netsync.cc: session::rebuild_merkle_trees now takes a set of branches to include as an argument. On the server, calculate this set at the same time the get_netsync_*_permitted hooks are --- monotone.texi +++ monotone.texi @@ -3627,10 +3627,10 @@ The @command{serve} command can take multiple regexes, and it will make available all branches matching any of the listed regexes. Different -permissions can be applied to each regex; see the hooks +permissions can be applied to each branch; see the hooks @code{get_netsync_read_permitted}, @code{get_netsync_write_permitted}, and @code{get_netsync_anonymous_read_permitted}, all of which take a address@hidden argument (see @ref{Hook Reference}). address@hidden argument (see @ref{Hook Reference}). For example, supposing Bob and Alice wish to synchronize their @code{net.venge.monotone.win32} and @code{net.venge.monotone.i18n} @@ -5356,14 +5356,13 @@ @end smallexample address@hidden get_netsync_read_permitted (@var{regex}, @var{identity}) address@hidden get_netsync_read_permitted (@var{branch}, @var{identity}) Returns @code{true} if a peer authenticated as key @var{identity} should be allowed to read from your database certs, revisions, -manifests, and files associated with the branches matching address@hidden; otherwise @code{false}. @var{regex} will be one of the -regexes specified on the server command line. This hook has no default -definition, therefore the default behavior is to deny all reads. +manifests, and files associated with @var{branch}; otherwise @code{false}. +This hook has no default definition, therefore the default behavior is +to deny all reads. Note that the @var{identity} value is a key ID (such as address@hidden@@pobox.com}'') but will correspond to a @emph{unique} @@ -5372,7 +5371,7 @@ key fingerprints of each key in your database, as key ID strings are ``convenience names'', not security tokens. address@hidden get_netsync_anonymous_read_permitted (@var{regex}) address@hidden get_netsync_anonymous_read_permitted (@var{branch}) This hook has identical semantics to @code{get_netsync_read_permitted} except that it is called when a connecting client requests anonymous @@ -5380,16 +5379,16 @@ access hook. This hook has no default definition, therefore the default behavior is to deny all anonymous reads. address@hidden get_netsync_write_permitted (@var{regex}, @var{identity}) address@hidden get_netsync_write_permitted (@var{branch}, @var{identity}) Returns @code{true} if a peer authenticated as key @var{identity} should be allowed to write into your database certs, revisions, -manifests, and files associated with the branches matching address@hidden; otherwise @code{false}. This hook has no default -definition, therefore the default behavior is to deny all writes. +manifests, and files associated with @var{branch}; otherwise @code{false}. +This hook has no default definition, therefore the default behavior is to deny all writes. -Note that if write access is granted for one set of branches, there -is currently no way to restrict that access to only that set of branches. +Note that if write access is granted for one branch it is effectively +granted for the entire database, as there is currently no way to +restrict that access to only that branch. Note that the @var{identity} value is a key ID (such as address@hidden@@pobox.com}'') but will correspond to a @emph{unique}