It is possible to control write access to a repository on a per-path
base (by using something like svnperms.py from the pre-commit hook).
But it is not possible to restrict read access on a per-path base.
I would like to do so for security reasons, so that some users could
only check out a part of the repository, but others could check out all
of it.
Could we get a pre-access hook to check paths which returns non-zero if
the access should be denied? This hook should be used for "svn co",
"svn up", "svn cp", "svn cat", etc.
For "svn up", it could be invoked as "pre-access REPOS TXN" since there
is a temporary transaction built by the client anyway. Maybe, because
of the other commands ("svn cat" etc.) "pre-access REPOS PATH-LIST" is
better. However, if it were possible to build a temporary transaction
also for "svn cat" etc., this would make it very easy to write
a pre-access hook: just by calling svnperms.py using a special config
file for read access.
I noticed there is already an issue (#2316) to add path-based
authorization support to svnserve. Would it be simpler to add
a pre-access hook, instead?
- Servatius
------------------------------------------------------------------------
Servatius Brandt Phone: +49 89 636-41504
Fujitsu Siemens Computers Fax: +49 89 636-48716
EP SW AD C++ Email: Servatius.Brandt@fujitsu-siemens.com
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Fri Jul 8 12:01:55 2005