On 08.07.2015 17:42, Ignace Danneels wrote:
>
> Hello,
>
>
>
> I posted a question on the community page
>
Lets start by making it clear that this is not "the [Subversion]
community page"; it's some forum maintained by CollabNet that is about
Subversion but not in any way endorsed or maintained by the Apache
Subversion project.
> (see link below) and markphip replied.
>
> https://subversion.open.collab.net/ds/viewMessage.do?dsForumId=3&dsMessageId=550254
>
>
>
> The post is shown below
>
>
>
> *_Issue 1_*
>
>
>
> The access rule contain:
> [aliases]
> idan = ignace.danneels
>
> [groups]
> sol_dev = &bwal,&idan
>
> the I would prevent that user to access a specific folder by putting
> [CBD_Test_Environment:/]
> &idan = rw
>
> [CBD_Test_Environment:/trunk/20_Software /Sources/CBD]
> &idan=
>
> to prevent idan for accessing that subfolder
>
> The main issue is that rules tend to change (software development is a
> living thing).
> Currently we are using Tortoise client for subversion (I'm using
> subversion Edge version 4.0.1)
>
> Assume the 2nd rule did not exist at first.
> Then when idan checks out the repository, he obtains the subfolder on
> his workstation.
>
> Now I implement the 2nd rule, because we notice that only a limited
> set of persons should have access to it, and idan is not one of them.
>
> If I perform an update on the project (even with the changed rules),
> the CBD folder remains on the workstation.
> If I delete the folder (locally), and perform an update, the subfolder
> is restored.
>
> What I would like to obtain:
> because the new rule indicates access to the subfolder is no longer
> granted, it should be removed locally.
> Now I can only way I can obtain this by deleting the entire
> project/repository locally and checking out the repository again.
>
The client doesn't know that the authz file changed. So if there were no
changes in the repository itself, the client will restore the contents
of the locally deleted directory from its own local cache.
To make sure we're talking about the same thing, please show the exact
commands you used with the Subversion client, before and after the
change of the authz file; ideally, write a shell script that exactly
reproduces your problem.
> *_Issue 2_*
>
>
> Use of wildcards:
> I'm working in a group of software developers, in which one team
> should have access to a subfolder, while another part of the team
> should not.
> I noticed that only rules with correct case sensitive names are accepted.
> The issue here is that while developing software, we often create
> branches (for releases, for tests, ...), and the same rules should apply.
>
> I just learned from the answer that SVN does not support wildcards
>
That's right, it does not.
>
> I tried to create a rule that would exclude the CBD folder from *all
> *branches/trunk/tags in the repository as follows:
> [CBD_Test_Environment:/*/CBD]
> &idan=
>
> Because the CBD folder also contains xml files, which are useless for
> one specific group, I also wanted to change the rule as follows:
> [CBD_Test_Environment:/*/CBD/*.c]
> &idan=rw
> [CBD_Test_Environment:/*/CBD/*.h]
> &idan=rw
>
> Hoping the * would mean any path in the repository.
> Unfortunately, this does not appear to work.
>
> Although the access rule appears to be accepted by subversion edge
> (there is no error when entering the rules above), I have found no
> documentation on the web indicating the use of wildcards in access rules.
>
First of all, "Subversion Edge" is a CollabNet product; if you want
support for that, you should talk to CollabNet.
There's nothing special about the '*' character; it's valid for file and
directory names both in the Subversion repository and on many
filesystems, so obviously Subversion's authz file parser does not reject
it. For example:
$ svnadmin create repo
$ svn co file://`pwd`/repo wc
Checked out revision 0.
$ touch 'wc/*'
$ svn add 'wc/*'
A wc/*
$ svn ci -mm wc
Adding wc/*
Transmitting file data .done
Committing transaction...
Committed revision 1.
It would be a bit silly if we did not allow authz rules to apply to this
file.
If you're interested in support for wildcards in authz files, there's
work in progress; I suggest you take a look at the authzperf branch
http://svn.apache.org/repos/asf/subversion/branches/authzperf
and the related documentation in our wiki:
http://wiki.apache.org/subversion/AuthzImprovements
-- Brane
Received on 2015-07-09 08:43:19 CEST