We’re setting up a big monorepo with path-based permission support. Meaning every user can only see a subset of files.
We’re using mercurial, and permission control is based on the
narrowhg extension. The setup seems to work well enough on its own.
Now I’m trying to setup
rhodecode, so we can manage pull requests and code reviews, but I need to make sure it will support the permissions properly.
I’ve spent a few days looking at the code, and it seems to me I should be able to wrap the
MercurialRepository instance and filter the contents of commits, diffs etc based on current user.
I’m planning to do this:
- In ‘RepoRoutePredicate’ wrap
- Intercept calls to
scm_instance()and wrap the return value.
I’m not sure it’s as simple as that, however. For one, I see a number of places that seem to cache data from the repo, and the cache keys don’t include the
userid. There may be other pitfalls as well.
I’d appreciate any input about where to start and to watch out for.