- only certain users are allowed to commit to each branch.
- only certain paths can be committed to on each branch.
- only certain users are allowed to create tags in the central repository. (I'd like to get rid of this limitation, but it's there now. Perhaps only limit tag names that match a particular set of regular expressions.)
Junio Hamano and Carl Baldwin have an update-hook-example that describes how to implement an access control hook script, so we will base things on that. Their example assumes that the user has logged in using ssh so they can use username=$(id -u -n) but since we are coming in via the web we'd have to use the REMOTE_USER environment variable instead.
I think it makes sense to use a configuration file that is similar to the Gitosis config file, which people are familiar with. This is just an ini file that can be parsed using Config::IniFiles or something similar to Gitosis::Config, so this shouldn't be difficult.
Something else worth looking at is gerrit, which describes itself as follows: