[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: User File Access from Mysql DB...

From: Nico Kadel-Garcia <nkadel_at_comcast.net>
Date: 2006-06-20 04:40:11 CEST

----- Original Message -----
From: "Joerg Hessdoerfer" <Joerg.Hessdoerfer@sea-gmbh.com>
To: <users@subversion.tigris.org>; <bedouglas@earthlink.net>
Sent: Monday, June 19, 2006 1:13 PM
Subject: Re: User File Access from Mysql DB...

> Hi,
>
> On Monday 19 June 2006 15:25, bruce wrote:
>> hi...
>>
>> i'm considering Subversion as a reopistory, but i need the ability to
>> implement the SVN system in a workflow kind of application. this requires
>> that as a file goes from one part of the process to another, the user
>> assigned to that part of the process will have access to only the files
>> in
>> that part of the process...
>>
>> i also need to accommodate the fact that users can/might be switched to
>> different parts of the process.
>>
>> i've considered keeping all this information in a mysql db, and then
>> somehow writing out the subversion user access file whenever a change is
>> made to the overall access system... this seems to be a good chunk of
>> development, and i'm not sure if it's the right thing to do..
>>
>> i've also considered the possibility of having to rewrite subversion to
>> have it get the user file access rights information from a database.. but
>> i'm not sure if this is the best approach...
>>
>> any thoughts/ideas/comments from people who are really familiar with
>> subversion? has anyone else run into this kind of need...
>>
>> the issue basically boils down to how you can use subversion in a system
>> where the users and files are dynamically changing...
>>
> [...]
>
> well, the first thought that came to mind is a small database holding the
> user/file access rights, and a small (web-based?) app to manage those. If
> SVN
> is served by apache (or newer svnserve, 1.3.X if memory serves?), you can
> then create per-URL access files to be directly used by SVN (see
> http://svnbook.red-bean.com/nightly/en/svn.serverconfig.httpd.html#svn.serverconfig.httpd.authz.perdir).
> I use a scenario like this with apache, and it works fine. I also use
> PostgreSQL as database, and write the ACL file with python using a
> post-update/insert/delete database trigger.
>
> Then there is no need to interface the auth mechanism to anything else.

Too complex. Take a good close look at svnaccess.pl and the matching
svnconfig file in the contribs directory of the Subversion source tree. By
simply setting appropriate privileges for specific users for directories
with specific names, you can restrict their read, create, delete, and modify
permissions separately. This allows you to create "tags" that are stable
until the site administrator moves or deletes them, or to restrict write
access in other clever ways. And correctly implemented, the permissions will
apply both to local users, svnserve users, and HTTP users.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Tue Jun 20 04:58:52 2006

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.