Well, I apologize, I guess... This appears to be partially a caching
problem within the browser on the client side and partially what I think
is a minor bug. If I change svn-access-policies (and save it) from this
(see in context below):
...
[repos2:/proj three]
@apps-swdev = r
...
to this:
...
[repos2:/proj three]
@apps-swdev =
...
And then hit the refresh button (there are no proxies at work here) on a
browser window that was already open to that path, I still get to see
it's contents, but if I close and re-start the browser, I get access
denied with the same exact URL.
Does this surprise or concern anyone? It works fine for me now that I
understand it, but others may have concerns that some policy changes
don't "take effect" immediately.
Thanks,
Wes
________________________________
From: Crucius, Wesley [mailto:WCrucius@sandc.com]
Sent: Tuesday, June 14, 2005 11:54 AM
To: users@subversion.tigris.org
Subject: Authorization problem
I am running version 1.1.1 (using Apache on W2k3 server) and having a
problem with my authorization file. What I want is to allow r/w access
to the whole repository except for one directory, where I want r/w
access for one group and then read-only access to a sub-directory of
that directory. Here's an approximation of the structure
http://my-server.com/svn/repos2 <http://my-server.com/svn/repos2>
/proj one/...
/proj two/...
/proj three
/released/...
/trunk/...
So essentially I want to allow read/write access to everything for all
the groups with the following exceptions for "proj three" and it's
"sub-directories":
1. No access to "proj three" for apps-hwdev (they only know hardware
anyway...)
2. read-only access to only the "proj three/released" sub-dir for
apps-swdev (the lowly application developers)
3. read/write access to all of "proj three" for rtos-swdev (the
Real-Time Operating System "gods")
Here's the relavant section of httpd.conf:
<Location /svn/>
DAV svn
# Repository location
SVNParentPath E:/Apache2/svn/
# Repository Authentication Mechanism
AuthType Basic
AuthName "Subversion Repository"
AuthUserFile etc/svn-auth-file
AuthzSVNAccessFile etc/svn-access-policies
Require valid-user
</Location>
And here's svn-access-policies:
[groups]
apps-swdev = user1, user2
apps-hwdev = user3, user4
rtos-swdev = superuser1, superuser2
[repos2:/]
@apps-swdev = rw
@apps-hwdev = r
@rtos-swdev = rw
[repos2:/proj three/]
@apps-swdev =
@apps-hwdev =
@rtos-swdev = rw
[repos2:/proj three/released]
@apps-swdev = r
@apps-hwdev =
@rtos-swdev = rw
But this doesn't seem to work... For example, users in the group
"apps-swdev" can read "/proj three/trunk".
One suspicion that I had was that the spaces needed to be specified as
in URLs (so, "/proj%20three/" instead of "/proj three/"), but that
didn't seem to have any effect. Is there something about the order of
the sections in svn-access-policies?
My interpretation of page 102 of "THE BOOK" tells me that this should
work...
Can anyone help me see the error of my ways?
Thanks,
Wes
Received on Tue Jun 14 23:06:17 2005