[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Hook scripts -- no support for permissions?

From: Evan Easton <evan_at_eeaston.com>
Date: 2004-07-26 20:25:28 CEST

I'm with Pete that we need some sort of a minimal as (simple-as-possible)
hook that allows site owners to get more control without having to force
all users to use HTTP access. In my particular case, I've been
experimenting with trac. Trac uses the Python bindings and according to
this Ticket's comments (http://projects.edgewall.com/trac/ticket/493)
doesn't have use the RA layer in order to access the repository through
http URLs.

I certainly don't know enough about svn's innards to determine if their
argument holds water. But I do know that if I could control access to the
repository at the hook level I wouldn't have to worry about whether 3rd
party tools are using the RA layer or acting as simple svn client wrappers
or not.

Maybe you (Ben) can start a thread pointing to some of the issues or
pointing to past discussions so that I could learn enough to contribute to
the discussions???

Evan

> On Fri, 2004-07-23 at 19:36, Pete Gonzalez wrote:
>> I would like to prevent certain users from accessing certain
>> directories in my repository. (Note: we are using "svnserve"
>> instead of the WebDAV quagmire.) I realize that full ACL
>> permissions are way off the radar, as Subversion is still
>> in its infancy. (*) However, I noticed a hook script called
>> "start-commit" that can be used to implement poor man's
>> ACL permissions for commits.
>
> We already have mod_authz_svn for controlling read/write access on
individual directories. As long you're using apache as your server,
you're set to go. (And someday svnserve will probably grow the same
feature.)
>
> If you're using svnserve, as you say, there's no way to get fine-grained
read access right now.
>
>> I am wondering, how difficult would it be to implement something
similar for *viewing* files in the repository?
>
> Read-hooks are hard to do, which is why we haven't implemented them yet.
 There are *many* read functions in the repository filesystem API
(svn_fs.h). To implement read hooks, we'd have to "wrap" every one of
these functions with libsvn_repos functions, and then have every program
in the world use svn_repos.h instead of svn_fs.h for reading data.
Messy.
>
> It was much easier to implement write hooks: libsvn_repos only had to
wrap two functions: svn_fs_create_txn() and svn_fs_commit_txn(). And
it's an easy burden on programs accessing the repository to use the 2
libsvn_repos wrappers.
>
> We've even had talks about writing persistent daemons to speed up the
fictional 'read' checks, lest things get too slow. The conversation
gets messy. If you really want to talk about the design, come over to
the dev@ list. ;-)
>
>
>
> --------------------------------------------------------------------- To
unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Mon Jul 26 20:25:43 2004

This is an archived mail posted to the Subversion Users mailing list.