[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: subversion authz wildcard

From: Michael Mac (Palm GBU) <Michael.Mac_at_palm.com>
Date: Fri, 22 Apr 2011 18:11:00 -0700

Just to close the loop on this issue, I was able to resolve my issue with the following steps to allow recursive pattern matching for "branches" folder.

1. My colleague helped with modifying the svnperms.py script to accept "firstname lastname" user credentials. Diff is below.

--- svnperms.py.Org 2011-04-14 23:07:03.000000000 -0700
+++ svnperms.py 2011-04-15 18:13:37.000000000 -0700
@@ -103,7 +103,8 @@
 
     def parse_groups(self, groupsiter):
         for option, value in groupsiter:
- self._group[option] = value.split()
+ #self._group[option] = value.split()
+ self._group[option] = [word.strip() for word in value.split(',')]
 
     def parse_perms(self, permsiter):
         for option, value in permsiter:

2. Enable the pre-commit hook to use svnperms.py and modified svnperms.conf to allow a specific group of users to have write access to all branches folder under a particular repository.

$ cat pre-commit

svnperms.py -r "$REPOS" -t "$TXN" || exit 1

$ cat svnperms.conf

[groups]

special-group = firstname lastname, firstname2 lastname2, firstname3 lastname3

[repoA]

/[^/].+ = *(add,remove,update) @specail-group() # Retains current authz permission and restricts special-group permission
/[^/].+/branches/[^/].+ = @special-group(add,remove,update) # Allow special-group to write to all branches folder recursively in repoA

Michael

-----Original Message-----
From: Stefan Sperling [mailto:stsp_at_elego.de]
Sent: Thursday, March 31, 2011 5:25 AM
To: Michael Mac (Palm GBU)
Cc: 'users_at_subversion.apache.org'
Subject: Re: subversion authz wildcard

On Wed, Mar 30, 2011 at 09:43:27PM -0700, Michael Mac (Palm GBU) wrote:
> Hi,
>
> I'd to query the user community to know if there's been any progress
> in using wildcards with authz? Is there a work around for this? There
> was previous mentioned that version 1.7 may have this feature
> enhancement, but not a guarantee.

See http://subversion.tigris.org/issues/show_bug.cgi?id=2662
You can add yourself to the Cc list there to get progress information
via email.

I took a look at one of the patch submissions we've received for this.
Unfortunately, it didn't qualify, see
http://subversion.tigris.org/issues/show_bug.cgi?id=2662#desc20
If we decide to disallow leading wildcard characters, though,
that patch would work.

There is another patch submission, against an old version of Subversion.
The approach it is taking seems to be workable.
However, applying this patch on top of trunk is a huge chunk of work.
We'll also need to find out whether it's actually usable in practice,
since it needs to crawl a lot of paths in a repository in case of
wildcards such as */tags (as explained in the issue).
So while it might work, performance might turn out to be dismal
for large repositories.

> On related topic others have
> mentioned that svnperms.py can support wildcard. I have confirmed
> svnperms.py can support wildcard,
>

It only seems to support trailing wildcards (i.e. /trunk/* but not */tags).

> but my problem is svnperms.py is it
> only accept single word username. My company is using both first name
> and last name for the user login name with a white space between them.
> i.e "firstname lastname". Svnperms.py doesn't seem to be able to
> support this structure. Does anyone know how I can modify svnperms.py
> to accept white space in user login name?

Does this patch help (untested)?
It should group usernames containing whitespace properly, provided
you use quoting in svnperms.conf:

  [groups]
  group1 = "Arthur Dent" Marvin 'Ford Prefect'

Index: tools/hook-scripts/svnperms.py
===================================================================
--- tools/hook-scripts/svnperms.py (revision 1086745)
+++ tools/hook-scripts/svnperms.py (working copy)
@@ -28,6 +28,8 @@
 
 import sys, os
 import getopt
+import shlex
+
 try:
   # Python >=3.0
   from subprocess import getstatusoutput as subprocess_getstatusoutput
@@ -129,7 +131,7 @@ class Permission:
     def parse_groups(self, groupsiter):
         for option, value in groupsiter:
             groupusers = []
- for token in value.split():
+ for token in shlex.split(value):
                 # expand nested groups in place; no forward decls
                 if token[0] == "@":
                     try:
Received on 2011-04-23 03:11:33 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.