[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Feature request:authz for repository groups

From: G.Neiß <g.neiss_at_plarad.de>
Date: Fri, 8 Aug 2008 17:39:36 +0200

I had send this msg to 'user' a while ago, but no answer till now.
I realize that this might be the wrong forum, so I resend it to 'devel' now.
Here it is:

Hi,

I am using the build in authz of svnservice.
Inside the authz I am able to define the access rights:
- global for all repositories (using [/])
- for a specific path inside any repository (using [/<path inside repos>}
- for a specific repository (and optional specific path inside) (using
[<path of repos>:...])

Because we have a lot of repositories the entry inside svnserve.conf for
authz look like:
authz-db = ../../_Common/authz
(similar it is done for passwd).

So I am able to use a common authz and passwd for all of my repositories.

This works great, but I now run into the problem, that is is impossible to
add a rule for a 'group of repositories'.
All repositories a grouped into seperate sub dirs, like:
Prj for projects currently under development
Programme for tools used for development

Here is (part of) my authz file:

# Default access rule for ALL repositories
[/]
$anonymous =
$authenticated = r
@Admins = rw

# Prj/Project1
[Prj/Project1:/]
@MainUsers = rw
@Developers = rw

# only @Admins are allowed to write to /trunk/Montage
[Prj/Project1:/trunk/Montage]
@MainUsers = r
@Developers = r

This works, but to allow @Developers write access to all repositories inside
Prj, I must manually add each repository path like this
[Prj/Project2:/]
@Developers = rw
[Prj/Project3:/]
@Developers = rw

I like to use something like
[Prj/*:/]
@Developers = rw
[Programme /*:/]
@Developers = r

This will(should) allow @Developers rw access to all projects, but only
@Admins write access to the project tools

So all what is needed to realize that is: having the reposioty path be a
regular expression (or something like that)

Does this sound good ?

I take a look into the code that does the authz, see that it should not be
too complicated, but because I am not so familar with the environment used I
don't think I am able to supply a patch that implements this.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: dev-help_at_subversion.tigris.org
Received on 2008-08-08 17:40:06 CEST

This is an archived mail posted to the Subversion Dev mailing list.