[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Access to the SVNParentPath

From: Andy Canfield <andy.canfield_at_pimco.mobi>
Date: Fri, 29 Jul 2011 13:12:51 +0700

That's a wonderful thing about computers. Every time I come up with
something that is impossible, I figure out a way to do it.

My current test repository server is named "athol". But I can not look
at "http://athol/svn"; nobody is allowed to see that.

But, as of now, if I point my browser to "http://athol/Subversion", I
see this:

      Subversion on Athol

        Repositories

    sample3 <http://athol/svn/sample3>
    subdoc <http://athol/svn/subdoc>

How? Well, the file /Subversion/GSite/index.php is how:
<?php
         $TITLE = "Subversion on Athol";
         echo "<html>\n";
         echo "<head>\n";
         echo "<title>$TITLE</title>\n";
         echo "</head>\n";
         echo "<body>\n";
         echo "<h1>$TITLE</h1>\n";
         echo "<h2>Repositories</h2>\n";
         $SVNParentPath = "/Subversion";
         $RepoList = scandir( $SVNParentPath );
         foreach ( $RepoList as $RepoName )
         {
             $TestRepo = $SVNParentPath . "/" . $RepoName . "/hooks" ;
             if ( file_exists( $TestRepo ) )
             {
                 echo "<a href='http://athol/svn/"
                     . $RepoName
                     . "'>"
                     . $RepoName
                     , "</a><br />\n";
             }
         }
         closedir( $DIR );
         echo "</body>\n";
         echo "</html>\n";
     ?>

It is, of course, trivlal to use .htpassed to restrict access to this
web page to people who are supposed to be there, and even if someone can
bypass that restriction they only get a list of repositories; The
standard Subversion authz mechanism takes care of access to the
individual repositories.

It is also possible to extend this page with a form you can use to
create a new repository. The form would call up a php page that uses the
system() command to call svnadmin. Ahah! If we move /usr/sbin/svnadmin
into a directory which is only readable by Apache, that makes it
difficult for anyone to use svnadmin at all except through this page.
It's nasty; I love it.

It's compatable; all the standard commands of the form "svn ...
http://athol/svn/RepoName" still work as before. That's because access
to the individual repositories is still handled by Subversion.

Maybe one of those wonderful packages like WebSVN could have done that
for me, but I haven't got any of them to work yet. This took me an hour
to get up and running and I can make it do whatever I like.

I am happy! I think I've got it!

Of course, this depends on HTTP or HTTPS access to the production
server, which we're still working on. But it feels good. In the meantime
we can live with svn+ssh.

Thank you all very much.
Received on 2011-07-29 08:13:43 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.