kallithea Files · docs/usage/locking.rst

Files @ 6257de126ec7

Branch filter:

Location: kallithea/docs/usage/locking.rst

6257de126ec7 1.1 KiB text/prs.fallenstein.rst Show Annotation Show as Raw Download as Raw

Mads Kiilerich

docs: improve documentation of beaker session configuration

beaker.session.auto is dropped; it defaults to false and there is no reason to
ever set it true for Kallithea.

beaker.session.cookie_path and secure are dropped; like cookie_domain, they
should automatically be set to the right value.
* * *
beaker.session.cookie_expires MUST have the default value of True to provide the default value of 'browser session lifetime' when not enabling 'remember' in the login box. The cookie life is hardcoded to 365 days when remember is selected.

.. _locking:

==================
Repository locking
==================

Kallithea has a ``repository locking`` feature, disabled by default. When
enabled, every initial clone and every pull gives users (with write permission)
the exclusive right to do a push.

When repository locking is enabled, repositories get a ``locked`` state that
can be true or false.  The hg/git commands ``hg/git clone``, ``hg/git pull``,
and ``hg/git push`` influence this state:

- A ``clone`` or ``pull`` action on the repository locks it (``locked=true``)
  if the user has write/admin permissions on this repository.

- Kallithea will remember the user who locked the repository so only this
  specific user can unlock the repo (``locked=false``) by performing a ``push``
  command.

- Every other command on a locked repository from this user and every command
  from any other user will result in an HTTP return code 423 (Locked).
  Additionally, the HTTP error includes the <user> that locked the repository
  (e.g., “repository <repo> locked by user <user>”).

Each repository can be manually unlocked by an administrator from the
repository settings menu.