Re: Hook for pre-checkout?

From: Ben Collins-Sussman <sussman_at_collab.net>
Date: 2005-07-27 06:19:27 CEST

Rogers, Donald wrote:

> The problem is that when testuser3 checks out xml_dev repository using Tortoise, he gets the whole lot, including 100, 200, 300 and all the files therein. IMHO that is a bug.
>

There's no bug here. Apache's built-in access control simply cannot do
what you want, end of story. It doesn't know the internals of
mod_dav_svn's URLs.

To do a checkout, the client sends a single http REPORT request on the
'xml_dev' URL. Apache's built-in access control approves the request,
because 'xml_dev' is legal. Beyond that point, mod_dav_svn streams all
data below the root directory, doing internal GET requests on each
sub-path. If any internal GET request fails (due to some authorziation
module failing), then the file is 'skipped' in the checkout.

The reason Apache's built-in authorization stuff isn't working is
because the internal GET requests are happening on opaque, bizarre URLs
that represent specific versions of files -- URLs that only mod_dav_svn
can generate or understand, not Apache. Your <Location> blocks never
match these URLs.

</detailedexplanation>

As David Anderson said: the problem you're trying to solve is exactly
why we wrote mod_authz_svn. Why aren't you using it? Are you trying to
make things difficult for yourself? :-)

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Wed Jul 27 06:21:08 2005

This message: [ Message body ]
Next message: jason marshall: "Re: svn up known issue?"
Previous message: David Anderson: "Re: Hook for pre-checkout?"
In reply to: Rogers, Donald: "Hook for pre-checkout?"
Next in thread: Rogers, Donald: "RE: Hook for pre-checkout?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]