At this point we need to change the NAME
VREF. Instead of making a decision, it should merely print all the files that have been changed, each prefixed with VREF/NAME/
.
Once that is done, it might then seem that the following rule is all we need:
RW+ VREF/NAME/.*\.odt$ = @tech-writers
However, that's not quite the end of it.
There's a slight difference in how virtual refs are treated compared to real refs. With real refs, if no access rule matches the ref (and the user, and the actual type of write), the default is to reject the push.
However, virtual refs are designed as additional rules, adding checks that the normal Gitolite access rules cannot. Thus it makes more sense that if no VREFs match, it should be as if no additional checks apply to this push, and so the default is to allow the push.
As a result, we need one more rule, which brings our final ruleset to this:
RW+ VREF/NAME/.*\.odt$ = @tech-writers - VREF/NAME/ = @tech-writers
Loosely speaking...