Nico Kadel-Garcia wrote:
> I'd previously asked if there was a good way to make tags
> "write-once", to prevent people editing tags after their creation.
> Various people sent pointers to tools and guidelines that all boiled
> down to "only let authorized users write to tags". This is not what I
> was looking for.
>
> However, the svnperms.py and svnperms.conf tools in the current
> distributions do *precisely* what I wanted. They allow me to use a
> pre-commit to set tags with "add" permissions for everyone, "delete"
> permissions for a manager, and no "update" permissions for anyone to
> prevent people accidentally stepping on locked down tags. I really
> approve of this!
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
>
>
I may be out of line, but I've always wondered why you need hooks to do
this. Specifically, why does mod_authz abstract the operations on a
directory only to read/write? For example, I cannot use my authorization
policy to allow a user to "add" but not "delete". It seems that there
should at least be granularity of the usual CRUD operations
(Create/Read/Update/Delete) instead of rolling the CUD into one "write".
I assume that these then map to WebDAV operations, which some might
argue, is the appropriate level of granularity. I'd at least settle for
CRUD instead of just rw.
--
Tony Morris
http://tmorris.net/
s/Commonwealth Games/Commonwealth Swimming
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Sun Apr 9 00:38:29 2006