> Branko Wrote:
> > there are at least 4 mechanisms that I know of (mod_authz_svn,
> svnserve access config file, commit-access-control.pl, and
> > svnperms.py) that already let you do that.
>
> How to allow only creation and not update of tags with mod_authz_svn
> and/or commit-access-control.pl ?
I've had a patch to do that sitting around for quite some time now; it just
seemed that nobody was using commit-access-control.pl anyway.
Does the patch below do what you want?
Setting users to 'read-add' should allow them to add tags, but not commit to
them.
(also available at
http://www.hix.nu/svn-public/patches/subversion/extended-commit-access-control.pl.in)
Index: tools/hook-scripts/commit-access-control.pl.in
===================================================================
--- tools/hook-scripts/commit-access-control.pl.in (revision 7770)
+++ tools/hook-scripts/commit-access-control.pl.in (working copy)
@@ -90,8 +90,10 @@
# Define two constant subroutines to stand for read-only or read-write
# access to the repository.
-sub ACCESS_READ_ONLY () { 'read-only' }
-sub ACCESS_READ_WRITE () { 'read-write' }
+sub ACCESS_READ_ONLY () { 'read-only' }
+sub ACCESS_READ_WRITE () { 'read-write' }
+sub ACCESS_READ_MODIFY () { 'read-modify' }
+sub ACCESS_READ_ADD () { 'read-add' }
######################################################################
# Load the configuration file and validate it.
@@ -125,7 +127,10 @@
my $access = $cfg->val($section, 'access');
if (defined $access)
{
- unless ($access eq ACCESS_READ_ONLY or $access eq
ACCESS_READ_WRITE)
+ unless ($access eq ACCESS_READ_ONLY or
+ $access eq ACCESS_READ_WRITE or
+ $access eq ACCESS_READ_MODIFY or
+ $access eq ACCESS_READ_ADD)
{
warn "$0: config file `$cfg_filename' section `$section' sets
",
"`access' to illegal value `$access'.\n";
@@ -192,6 +197,10 @@
my @dirs_changed = &read_from_process($svnlook, 'dirs-changed', $repos,
'-t', $txn);
+# Keep administration of requested access type per file
+my %req_perms;
+
+
# Lose the trailing slash in the directory names if one exists, except
# in the case of '/'.
my $rootchanged = 0;
@@ -205,17 +214,33 @@
{
$dirs_changed[$i] =~ s#^(.+)[/\\]$#$1#;
}
+
+ $req_perms{$dirs_changed[$i]} = ACCESS_READ_MODIFY;
}
# Figure out what files have changed using svnlook.
my @files_changed;
+
foreach my $line (&read_from_process($svnlook, 'changed', $repos, '-t',
$txn))
{
# Split the line up into the modification code and path, ignoring
# property modifications.
- if ($line =~ /^.. (.*)$/)
+ if ($line =~ /^(.)(.) (.*)$/)
{
- push(@files_changed, $1);
+ push(@files_changed, $3);
+
+ if ($1 eq 'A')
+ {
+ $req_perms{$3} = ACCESS_READ_ADD;
+ }
+ elsif ($1 eq 'M' or $2 ne " ")
+ {
+ $req_perms{$3} = ACCESS_READ_MODIFY;
+ }
+ else
+ {
+ $req_perms{$3} = ACCESS_READ_WRITE;
+ }
}
}
@@ -236,10 +261,10 @@
# Set a hash keeping track of the access rights to each path. Because
# this is an access control script, set the default permissions to
# read-only.
-my %permissions;
+my %acc_perms;
foreach my $path (@changed)
{
- $permissions{$path} = ACCESS_READ_ONLY;
+ $acc_perms{$path} = ACCESS_READ_ONLY;
}
foreach my $section (@sections)
@@ -296,7 +321,14 @@
my $match_re = $cfg->val($section, 'match_re');
foreach my $path (@changed)
{
- $permissions{$path} = $access if $path =~ $match_re;
+ if ($path =~ $match_re)
+ {
+ $acc_perms{$path} = ACCESS_READ_WRITE
+ if $access eq ACCESS_READ_WRITE;
+
+ $acc_perms{$path} = $access
+ if $access eq $req_perms{$path};
+ }
}
}
@@ -305,7 +337,7 @@
my @failed_paths;
foreach my $path (@changed)
{
- if ($permissions{$path} ne ACCESS_READ_WRITE)
+ if ($acc_perms{$path} eq ACCESS_READ_ONLY)
{
push(@failed_paths, $path);
}
--
NEU : GMX Internet.FreeDSL
Ab sofort DSL-Tarif ohne Grundgebühr: http://www.gmx.net/dsl
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Thu May 6 12:03:13 2004