Index: subversion/mod_authz_svn/mod_authz_svn.c
===================================================================
--- subversion/mod_authz_svn/mod_authz_svn.c	(revision 8868)
+++ subversion/mod_authz_svn/mod_authz_svn.c	(working copy)
@@ -145,12 +145,47 @@
     return TRUE;
 }
 
+static svn_boolean_t parse_authz_lines(svn_config_t *cfg,
+                                       const char *repos_name,
+                                       const char *repos_path,
+                                       int required_access, int *access,
+                                       apr_pool_t *pool)
+{
+    const char *qualified_repos_path;
+    struct parse_authz_line_baton baton = { 0 };
+  
+    baton.pool = pool;
+    baton.config = cfg;
+    baton.user = user;
+    
+    /* First try repos specific */
+    qualified_repos_path = apr_pstrcat(pool, repos_name, ":", repos_path,
+                                       NULL);
+    svn_config_enumerate(cfg, qualified_repos_path,
+                         parse_authz_line, &baton);
+    *access = !(baton.deny & required_access)
+              || (baton.allow & required_access) != 0;
+
+    if ((baton.deny & required_access)
+        || (baton.allow & required_access))
+	return TRUE;
+
+    svn_config_enumerate(cfg, repos_path,
+                         parse_authz_line, &baton);
+    *access = !(baton.deny & required_access)
+              || (baton.allow & required_access) != 0;
+    
+    return (baton.deny & required_access)
+           || (baton.allow & required_access);
+}
+
 static int check_access(svn_config_t *cfg,
-                        const char *repos_path, const char *user,
-                        int required_access, apr_pool_t *pool)
+                        const char *repos_name, const char *repos_path,
+                        const char *user, int required_access,
+                        apr_pool_t *pool)
 {
     const char *base_name;
-    struct parse_authz_line_baton baton = { 0 };
+    int access;
 
     if (!repos_path) {
         /* XXX: Check if the user has 'required_access' _anywhere_ in the
@@ -160,31 +195,25 @@
         return 1;
     }
 
-    baton.pool = pool;
-    baton.config = cfg;
-    baton.user = user;
+    if (parse_authz_lines(cfg, repos_name, repos_path,
+                          required_access, &access,
+			  pool))
+        return access;
 
-    svn_config_enumerate(cfg, repos_path,
-                         parse_authz_line, &baton);
-
     base_name = repos_path;
-    while (!(baton.deny & required_access)
-           && !(baton.allow & required_access)) {
+    do {
         if (base_name[0] == '/' && base_name[1] == '\0') {
             /* By default, deny access */
             return 0;
         }
 
         svn_path_split(repos_path, &repos_path, &base_name, pool);
-        svn_config_enumerate(cfg, repos_path,
-                             parse_authz_line, &baton);
     }
+    while (!parse_authz_lines(cfg, repos_name, repos_path,
+                              required_access, &access,
+			      pool));
 
-    /* XXX: We could use an 'order = deny,allow' option to make this more
-     * XXX: configurable.
-     */
-    return !(baton.deny & required_access)
-           || (baton.allow & required_access) != 0;
+    return access;
 }
 
 
@@ -279,7 +308,8 @@
     }
 
     if (!check_access(access_conf,
-                      repos_path, r->user, authz_svn_type,
+                      repos_name, repos_path,
+                      r->user, authz_svn_type,
                       r->pool)) {
         if (conf->authoritative) {
             ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
@@ -292,11 +322,22 @@
         status = DECLINED;
     }
     
-    /* XXX: DELETE, MOVE, MKCOL and PUT, if the path doesn't exist yet, also
+    /* XXX: MKCOL, MOVE
      * XXX: require write access to the parent dir of repos_path.
      */
 
+    /* XXX: DELETE
+     * XXX: require write access to the parent dir of repos_path,
+     * XXX: and to each item contained in repos_path, recursively.
+     */
+
+    /* XXX: PUT
+     * XXX: if the path doesn't exist, require write access to the
+     * XXX: parent dir of repos_path.
+
     /* Only MOVE and COPY have a second uri we have to check access to. */
+    /* XXX: Should this require write access to the parent of the
+     * XXX: destination? */
     if (r->method_number != M_MOVE
         && r->method_number != M_COPY) {
         if (status == DECLINED)
@@ -348,7 +389,8 @@
 
     /* Check access on the first repos_path */
     if (!check_access(access_conf,
-                      dest_repos_path, r->user, AUTHZ_SVN_WRITE,
+                      repos_name, dest_repos_path,
+                      r->user, AUTHZ_SVN_WRITE,
                       r->pool)) {
         if (!conf->authoritative)
             return DECLINED;
Index: subversion/mod_authz_svn/INSTALL
===================================================================
--- subversion/mod_authz_svn/INSTALL	(revision 8868)
+++ subversion/mod_authz_svn/INSTALL	(working copy)
@@ -51,6 +51,10 @@
         <user> = [rw|r]
         * = [rw|r]
 
+        [<repository>:<path in repository>]
+        @<group> = [rw|r]
+        <user> = [rw|r]
+        * = [rw|r]
 
       An example (line continued lines are supposed to be on one line):
 
@@ -94,3 +98,17 @@
         # Just for demonstration
         * =
         @subversion = rw
+
+        # In case of SVNParentPath we can specify which repository we are
+        # referring to.  If no matching repository qualified section is found,
+        # the general unqualified section is tried.
+        #
+        # NOTE: This is work in the case of using SVNPath aswell, only the
+        # repository name will always be the same.
+        [dark:/]
+        * =
+        @dark = rw
+
+        [light:/]
+        @light = rw
+