Hook for pre-checkout?

We have a repository where it is imperative that individual users not be able to read others' files.
We are using Subversion 1.2.1 with Apache 2, WebDAV and LDAP authentication.
The httpd.conf has this stuff in it to allow read at the top level but cut off read to the lower levels except to the one folder allowed to each user:

<Location /subversion/xml_dev>
  <Limit PROPFIND
    require user testuser1 testuser2 testuser3
  </Limit>
</Location>

<Location /subversion/xml_dev/100>
  <Limit GET PROPFIND PUT POST DELETE PROPPATCH MKCOL COPY MOVE LOCK UNLOCK>
    require user testuser1
  </Limit>
</Location>

<Location /subversion/xml_dev/200>
  <Limit GET PROPFIND PUT POST DELETE PROPPATCH MKCOL COPY MOVE LOCK UNLOCK>
    require user testuser2
  </Limit>
</Location>

<Location /subversion/xml_dev/300>
  <Limit GET PROPFIND PUT POST DELETE PROPPATCH MKCOL COPY MOVE LOCK UNLOCK>
    require user testuser3
  </Limit>
</Location>

Now this works fine in Firefox browser. testuser3 can browse to xml_dev and can see the folders 100, 200, 300, but cannot browse into 100, 200, only into 300. Great.

The problem is that when testuser3 checks out xml_dev repository using Tortoise, he gets the whole lot, including 100, 200, 300 and all the files therein. IMHO that is a bug.

I thought of using a hook script to prevent checking out at the xml_dev level, but there appears to be no hook for checkout. Is there a known workaround for this problem?

Donald Rogers

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Wed Jul 27 05:17:10 2005