We are using Apache authentication/authorization to limit access, not
subversion.
Up until we got into this lock issue, this kind of authorization scheme
is working well. The problem surfaced when users set the needs-lock
property on files.
As I understand, the mod_authz_svn mechanism does not do any pattern
matching, and out tests indicate that if we have a rule for
[repo/project/branches/dev]
that is does not match
repo/project/branches/dev/module/source.ext
We have branches like dev_gh, dev_phase2, dev_pl and based on the
parent project control access to group members for that group.
When I request a lock, the apache logs show several authenticated
propfinds, and then a LOCK request without the authentication token.
(Log snippet attached to previous message)
Jeb
Erik Huelsmann wrote:
> On 6/26/06, Jeb <jeb.beasley@penske.com> wrote:
>
>>
>>
>> Erik Huelsmann wrote:
>>
>> >> httpd directives
>> >
>> # match urls for the 'ecomm' reposoitory, skip svn specific stuff,
>> webprojects group ( company conventions
>> # to separate functional development groups), dev.* developers use dev
>> branches
>
>
> Uhh. No, Subversion authentication/authorization doesn't work that
> way: you need to authorise at a repository level. DAV uses an internal
> URL scheme which doesn't match the URLs you match on here.
>
> You *need* to use mod_authz_svn if you want path-based access in your
> repository.
>
>
> bye,
>
>
> Erik.
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Mon Jun 26 17:06:53 2006