You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@subversion.apache.org by Timothee Besset <tt...@idsoftware.com> on 2003/06/03 09:28:28 UTC
hook scripts for ra_dav GET PROPFIND OPTIONS REPORT
I badly need per-directory read access control. I know this is planned as
a post 1.0 feature, but I'd like to know how feasible it is to modify svn
to spawn a hook script or similar for all the read operations (GET
PROPFIND OPTIONS REPORT) with the appropriate information, the only thing
I need I think is the file path.
Can anyone give me a few hints as to where to look at?
TTimo
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: hook scripts for ra_dav GET PROPFIND OPTIONS REPORT
Posted by Timothee Besset <tt...@idsoftware.com>.
And then, Sander pointed to a very recent mail thread:
http://subversion.tigris.org/servlets/BrowseList?list=dev&by=thread&from=104090
<TTimo> how would I proceed to write a mod_authz_svn thing
<TTimo> need a few more pointers to apache and svn source I suppose
<sander> Ok, it's not that hard really
<sander> Check out the httpd-2.0 HEAD code
<sander> Then go to modules/aaa/
<sander> Take a look at mod_authz_default.c
<sander> You want to replace the content of the check_user_access function
<sander> Get the uri from the request_rec and pass that to dav_svn_split_url
<sander> Now, depending on the method, see request_rec method_number, and the path you get back from dav_svn_split_url, grant or deny access.
..
<sander> Ultimately we want to implement the access control features for webdav and use that. And we need acls in the repository first.
<sander> You trigger the module with a directive, something like AuthzSvnAccessFile.
<sander> You can put that in a limit block, but I suggest you make the file look like:
<sander> <path>:<method>[,method...]:<user>[,<user>...]
<TTimo> you mean something I'd have to parse myself
<sander> Uhuh
<sander> That is something you need to do anyway
<sander> Remember that the Location directives won't match the special urls
<TTimo> yeah I know that
<TTimo> ok I'm writing this down
<TTimo> I don't promise anything, but I'll try to look at it
<sander> If you won't I prolly will. My stack is just too high at the moment.
TTimo
On Tue, 3 Jun 2003 11:28:28 +0200
Timothee Besset <tt...@idsoftware.com> wrote:
> I badly need per-directory read access control. I know this is planned as
> a post 1.0 feature, but I'd like to know how feasible it is to modify svn
> to spawn a hook script or similar for all the read operations (GET
> PROPFIND OPTIONS REPORT) with the appropriate information, the only thing
> I need I think is the file path.
>
> Can anyone give me a few hints as to where to look at?
>
> TTimo
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: dev-help@subversion.tigris.org
>
>
--
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org