Re: On commit attempt, Server sent unexpected return value (403 Forbidden) in response to CHECKOUT

[Daniel Shahaf <d....@daniel.shahaf.name>]

Mark Phippard wrote on Mon, Jan 03, 2011 at 09:32:49 -0500:
> On Fri, Dec 31, 2010 at 11:04 AM,  <Be...@wellsfargo.com> wrote:
> > I'm trying to integrate a SVN Authz authorization file with apache
> > configuration files to provide a solution for not just directory level
> > restrictions, but also file level restrictions. It's my understanding that
> > the SVN Authorization file is not capable of handling file-specific
> > restrictions, only directory level.
> 
> This is not true.  SVN authz manages "paths" and a path can be a
> directory or a file.  Of course it has to be the full path to the file
> as there is no wild-card support.
> 
> > <Location "/subversion/repo/*/*/*/folder/structure/RestrictedFile">
> > <Limit PUT>
> > Require user my_username
> > </Limit>
> > </Location>
> 

Did you mean <LocationMatch>?

(which takes a regex, not a glob, IIRC)

> I am not aware of being able to define rules for paths within a
> repository this way.  When the SVN client does the commit it does so
> against a temporary path, so you cannot use paths in your repository.
> I do believe there are people that have written rules against the
> temporary paths and if you did so properly then it might work.
> 
> That said, I am also not confident that you can successfully mix the
> Subversion authz file with the other Apache require directives.  I
> have tried in the past to mix authz with the require-ldap-group
> directive and the two just do not mix as these directives become
> additive.  Meaning if either directive would allow the user access
> then they get access and you do not get the restrictive behavior of
> authz that is desired.
> 
> -- 
> Thanks
> 
> Mark Phippard
> http://markphip.blogspot.com/