[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Hook scripts -- no support for permissions?

From: Ben Collins-Sussman <sussman_at_collab.net>
Date: 2004-07-24 04:09:50 CEST

On Fri, 2004-07-23 at 19:36, Pete Gonzalez wrote:
> I would like to prevent certain users from accessing certain
> directories in my repository. (Note: we are using "svnserve"
> instead of the WebDAV quagmire.) I realize that full ACL
> permissions are way off the radar, as Subversion is still
> in its infancy. (*) However, I noticed a hook script called
> "start-commit" that can be used to implement poor man's
> ACL permissions for commits.
>

We already have mod_authz_svn for controlling read/write access on
individual directories. As long you're using apache as your server,
you're set to go. (And someday svnserve will probably grow the same
feature.)

If you're using svnserve, as you say, there's no way to get fine-grained
read access right now.

> I am wondering, how difficult would it be to implement something
> similar for *viewing* files in the repository?

Read-hooks are hard to do, which is why we haven't implemented them
yet. There are *many* read functions in the repository filesystem API
(svn_fs.h). To implement read hooks, we'd have to "wrap" every one of
these functions with libsvn_repos functions, and then have every program
in the world use svn_repos.h instead of svn_fs.h for reading data.
Messy.

It was much easier to implement write hooks: libsvn_repos only had to
wrap two functions: svn_fs_create_txn() and svn_fs_commit_txn(). And
it's an easy burden on programs accessing the repository to use the 2
libsvn_repos wrappers.

We've even had talks about writing persistent daemons to speed up the
fictional 'read' checks, lest things get too slow. The conversation
gets messy. If you really want to talk about the design, come over to
the dev@ list. ;-)

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Sat Jul 24 04:12:10 2004

This is an archived mail posted to the Subversion Users mailing list.