What about a refinement of that solution with "work/<user>" and only users to commit on their branch? In would help, if desired in the future, to enforce a review of submited code by third party reviews even for maintainers.

Cheers