[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Hook for pre-checkout?

From: Ben Collins-Sussman <sussman_at_collab.net>
Date: 2005-07-27 06:19:27 CEST

Rogers, Donald wrote:

> The problem is that when testuser3 checks out xml_dev repository using Tortoise, he gets the whole lot, including 100, 200, 300 and all the files therein. IMHO that is a bug.
>

There's no bug here. Apache's built-in access control simply cannot do
what you want, end of story. It doesn't know the internals of
mod_dav_svn's URLs.

<detailedexplanation>

To do a checkout, the client sends a single http REPORT request on the
'xml_dev' URL. Apache's built-in access control approves the request,
because 'xml_dev' is legal. Beyond that point, mod_dav_svn streams all
data below the root directory, doing internal GET requests on each
sub-path. If any internal GET request fails (due to some authorziation
module failing), then the file is 'skipped' in the checkout.

The reason Apache's built-in authorization stuff isn't working is
because the internal GET requests are happening on opaque, bizarre URLs
that represent specific versions of files -- URLs that only mod_dav_svn
can generate or understand, not Apache. Your <Location> blocks never
match these URLs.

</detailedexplanation>

As David Anderson said: the problem you're trying to solve is exactly
why we wrote mod_authz_svn. Why aren't you using it? Are you trying to
make things difficult for yourself? :-)

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Wed Jul 27 06:21:08 2005

This is an archived mail posted to the Subversion Users mailing list.