Re: Problem implementing path-based authorization with authz
From: Brian Topping <topping_at_codehaus.org>
Date: Sat, 9 Jan 2010 16:31:07 -0500
On Jan 9, 2010, at 12:58 PM, Rob van Oostrum wrote:
> I see now. The path "/project/!svn" makes no sense. It doesn't exist in the repository, so that rule doesn't do anything. The !svn is a SVN-internal concept. To assign permissions to /project, you need to have to specify:
Thanks Rob. The last note does help and that seems to be correct based on my experimentation, but it seems to go a little further, that a user must have the same access to the root directory as they do for the particular directory that they are working on. So that would mean if a user in @public has rw access to and wants to commit to /project/public_files, they have to have write access to /project so the metadata can be updated.
For the benefit of others that may come across this in the archives, it turns out about the only way I was able to figure out to set this up was the following:
In other words, to do an exhaustive matrix of every combination of paths and access for every group for each path.
Granted, some or much of this information may be irrelevant outside the Crowd environment, but the situation is worse with the stock LDAP adapters for Apache. The can't even read groups in.
Anyway, thanks for thinking this through with me.
This is an archived mail posted to the Subversion Users mailing list.