You have an repository as a user <user1>. The user <user2> can wrote into the repository because wrong permissions.
You can set the group permission and use SetGID. But an easier way is to use fusefs.
aptitude install bindfs bindfs -o nonempty --map=user1/user2:@group1/@group2 /dir1 /dir2
For example, the content of a web server should be edited in the home directory of user htmaster
and then also be available as user www-data
via the web server:
bindfs -o nonempty --map=htmaster/www-data:@htmaster/@www-data /home/htmaster/content /var/www/html
If www-data saves files, they are visible under /home/htmaster/content for htmaster.