|
|
|
|
|
|
by Pawka
380 days ago
|
|
|
It depends on the VCS you use. I don't know any ways to manage read permissions, such as allowing a person to checkout one directory but not another, though you can do that per branch on git. But there are many ways to manage write permissions - limit the directories to which engineers are allowed to push code. E.g. if you use Git, this can be done with Gitolite, which is a popular hosting server. Gitolite has very flexible hooks support, especially with so-called "Virtual Refs" (or VREFs)[1]. It is out of the box and has support to manage write permissions per write path [2]. You can go even further and use your own custom binary for VREF to "decide" if a user is allowed to push certain changes. One possible option - read incoming changed files, read metainformation from the repository itself (e.g., CODEOWNERS file at the root of the repo), and decide if push should be accepted. GitHub has CODEOWNERS [3], which behaves similarly. [1]: https://gitolite.com/gitolite/cookbook.html#vrefs
[2]: https://gitolite.com/gitolite/vref.html#quick-introexample
[3]: https://docs.github.com/en/repositories/managing-your-reposi... |
|
|