'file:' access according to AuthzSVNAccessFile

[Steven Simpson <ss...@domain.invalid>]

Hello,

I have some Subversion repositories on Linux accessed through https,
controlled by an AuthzSVNAccessFile svn-access.conf, with Apache doing
the authentication.  The web interface is XML+XSLT->HTML, so on a
particular directory, I can add extra utility links based on whichever
SVN directory is being accessed.

I'd like to add a link that produces a .tgz of the displayed directory —
it has been suggested that this might be useful for people who are a
bit, um, scared of Subversion, but nevertheless have read access to the
repository.

The script would just do an 'svn export' and a 'tar'.  But I can't see
an easy way of getting the export call to check that the user (already
authenticated as $REMOTE_USER) has permissions for the directory, or
correspondingly to avoid checking out unreadable subdirectories.  A
command like this would be ideal:

svn export --username $REMOTE_USER --authz svn-access.conf file:///...

Is there some straight-forward equivalent of this?  If not, is it a
feature worth requesting?

Thanks,

Steven

-- 
ss at comp dot lancs dot ac dot uk                                     |



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

Re: 'file:' access according to AuthzSVNAccessFile

[Steven Simpson <ss...@domain.invalid>]

Andy Levy wrote:
> On 3/15/06, Steven Simpson <ss...@domain.invalid> wrote:
>   
>> A command like this would be ideal:
>>
>> svn export --username $REMOTE_USER --authz svn-access.conf file:///...
>>
>> Is there some straight-forward equivalent of this?  If not, is it a
>> feature worth requesting?
>>     
> Access controls are done by
> the svn servers (whether the Apache2 module or svnserve), and when you
> use file:// you use no server.
I realise this.  But would it be a good idea to add it to the client to
emulate the restrictions applied to a user?  I've already stated my own
(somewhat dubious) purpose (i.e. in a script where the authentication is
already done), but perhaps it would also be useful for diagnosis of a
local authz file...?

Cheers!

-- 
ss at comp dot lancs dot ac dot uk                                     |


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

Re: 'file:' access according to AuthzSVNAccessFile

[Andy Levy <an...@gmail.com>]

On 3/15/06, Steven Simpson <ss...@domain.invalid> wrote:
> I have some Subversion repositories on Linux accessed through https,
> controlled by an AuthzSVNAccessFile svn-access.conf, with Apache doing
> the authentication.  The web interface is XML+XSLT->HTML, so on a
> particular directory, I can add extra utility links based on whichever
> SVN directory is being accessed.
>
> I'd like to add a link that produces a .tgz of the displayed directory —
> it has been suggested that this might be useful for people who are a
> bit, um, scared of Subversion, but nevertheless have read access to the
> repository.
>
> The script would just do an 'svn export' and a 'tar'.  But I can't see
> an easy way of getting the export call to check that the user (already
> authenticated as $REMOTE_USER) has permissions for the directory, or
> correspondingly to avoid checking out unreadable subdirectories.  A
> command like this would be ideal:
>
> svn export --username $REMOTE_USER --authz svn-access.conf file:///...
>
> Is there some straight-forward equivalent of this?  If not, is it a
> feature worth requesting?

There is, to my knowledge, no access control when using file:// - it's
all or nothing, if the user executing the command has filesystem
permissions to access the Subversion repository files, they can get
anything/everything in the repository.  Access controls are done by
the svn servers (whether the Apache2 module or svnserve), and when you
use file:// you use no server.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org