In Diffusion, a repository may have several display variations of clone URIs, e.g. /source/xyz/, /diffusion/XYZ/, and /diffusion/123/.

Each URI has a separately configurable "I/O" behavior, so you can set one or more of these URIs to be "read-only" and one or more of these URIs to be "read-write".

However, the repository-level check is called canServeProtocol() and just looks for any writable URI with the correct protocol, so the actual behavior is that all the URIs are writable if any of them are set to "Read/Write". This means that the UI may say that a particular URI is "Read Only", but the URI is actually be "Read/Write" if any other variation of the same URI is "Read/Write".

We should either:

1. actually implement these checks on a URI-by-URI basis; or
2. prevent the UI from being configured so that the setting varies across display variations.

Of these, (2) is probably the better behavior, since it's not clear that there's any real use case for making /source/xyz/ and /diffusion/XYZ/ work differently, and there's no reason to leave the extra levers exposed to the user if there's no reason for them to ever fiddle with them.