----- Original Message -----
From: "Tony Morris" <tmorris@tmorris.net>
To: "Nico Kadel-Garcia" <nkadel@comcast.net>
Cc: <users@subversion.tigris.org>
Sent: Saturday, April 08, 2006 6:37 PM
Subject: Re: Making tags write-once in Subversion 1.3.x, solved
> Nico Kadel-Garcia wrote:
>> I'd previously asked if there was a good way to make tags "write-once",
>> to prevent people editing tags after their creation. Various people sent
>> pointers to tools and guidelines that all boiled down to "only let
>> authorized users write to tags". This is not what I was looking for.
>>
>> However, the svnperms.py and svnperms.conf tools in the current
>> distributions do *precisely* what I wanted. They allow me to use a
>> pre-commit to set tags with "add" permissions for everyone, "delete"
>> permissions for a manager, and no "update" permissions for anyone to
>> prevent people accidentally stepping on locked down tags. I really
>> approve of this!
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
>> For additional commands, e-mail: users-help@subversion.tigris.org
>>
>>
> I may be out of line, but I've always wondered why you need hooks to do
> this. Specifically, why does mod_authz abstract the operations on a
> directory only to read/write? For example, I cannot use my authorization
> policy to allow a user to "add" but not "delete". It seems that there
> should at least be granularity of the usual CRUD operations
> (Create/Read/Update/Delete) instead of rolling the CUD into one "write". I
> assume that these then map to WebDAV operations, which some might argue,
> is the appropriate level of granularity. I'd at least settle for CRUD
> instead of just rw.
I'd have really liked that: it would have saved me from being sent
half-a-dozen really badly written hook scripts. It would also be similarly
useful if the svnserve.conf permissions could be integrated into file-based
access, rather than relying purely on local file permissions. The
discrepancies between HTTPS, svnserve, and local file permissions can cause
some confusion for careless administrators and force them to limit their
clients to one access mode only.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Sun Apr 9 01:33:13 2006