Do you need to restrict READ access to the branch or tag, or do you
simply want to restrict COMMIT access.
If you just want to restrict commit access, you can use a pre-commit
hook to kill a commit transaction if the user who doesn't have
permission attempts to change a tag or branch.
There is a Python script that comes with the Subversion source code,
and is at http://bit.ly/9zQnwg. The example config file can be found
at http://bit.ly/cln78B. One of the nice things about this script is
it has a "add-only" option. That is, you can copy a URL to the
repository, but cannot modify it. This is good to allow someone to
create a tag, but also prevents it from being modified.
I have a Perl version a pre-commit hook that does the same thing. Mine
will also verify that properties are set correctly on files before
they can be committed. You can find this script at
http://db.tt/H3o1i7S.
By the way, there's also a way to configure Apache httpd to use LDAP
instead of a regular text file. This means that users will have access
to your Subversion repository based upon their Windows or Unix account
and that users will automatically get logins and have their access
removed when they get hired or move on.
On Tue, Oct 12, 2010 at 11:37 PM, Shaun Pinney
<shaun.pinney_at_bil.konicaminolta.us> wrote:
> Hello all,
>
> We've configured Apache to restrict access to certain directories on our trunk
> (n.b. via AuthUserFile in httpd.conf). The problem is now I've created a tag
> from our trunk and found that the permissions don't 'automatically' transfer
> during creation of the tag. Obviously, this is because the AuthUserFile is a
> text file and needs to be edited manually :). But, is there an admin tool to
> help with this basic task to avoid accidentally providing full access to a tag
> (or branch)? Hopefully, Subversion provides some type of 'smart branch/tag
> creation' which can inherit permissions from the source directory. Please let
> me know of the best way to do this.
>
> Thanks,
> Shaun
>
>
>
--
David Weintraub
qazwart_at_gmail.com
Received on 2010-10-13 15:28:17 CEST