You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@subversion.apache.org by Gustavo Niemeyer <ni...@conectiva.com> on 2002/10/20 23:51:35 UTC

Script to check permissions

Hi there!

While I was working on the stuff at our repository system [1], I
developed a permission checking script as part of the software structre
surrounding the repository (in python). It turned out to be so
confortable to specify permissions with that syntax that I missed this
script for the other projects maintained under Subversion, so I decided
to 'crop' that part from the system and write a standalone executable.

[1] http://moin.conectiva.com.br/RepositorySystem

The question is, would you like to include it as part of the subversion
distribution?

(of course, I can provide it to anyone interested, even without being
 part of the distribution)

Below I'm including a sample configuration file, and here's the output
of "svnperms.py --help".

[niemeyer@ibook ~/src/svnperms]% ./svnperms.py --help
Usage: svnperms.py OPTIONS

Options:
    -f PATH   Use PATH as configuration file (required)
    -s NAME   Use section NAME as permission section (required)   
    -r PATH   Use repository at PATH to check transactions (required)
    -t TXN    Query transaction TXN for commit information (required)
    -h        Show this message

svnperms.conf:
----------
#
# Multiple global [groups] sections are accepted, but be aware
# that it's the same as concatenating them all in a single entry.
# You can also create section specific groups, using a syntax
# like [groups sectionname].
#
[groups]
group1 = user1 user2 user3

#
# Example repository control, showing allowed syntax.
#
# - the latest match is what counts
# - groups are prefixed by "@"
# - you can use groups and users in the same definition
# - all permissions may be revoked with ()
# - line breaks are accepted
#
[groups example1]
group2 = user9 user10

[example1]
trunk/.* = *(add,remove,update) @group1,user4,user5(update)
           user6,user7()
trunk/.* = user8(add,update)
tags/[^/]+/ = @group2(add)
branches/[^/]+/.* = *(add,remove,update)

#
# One of the most used repository structures, for a single project.
#
[example2]
trunk/.* = *(add,remove,update)
tags/[^/]+/ = *(add)
branches/[^/]+/.* = *(add,remove,update)

#
# Another common structure, expecting a project name inside the repository
# (like trunk/myproject/ and tags/myproject/). In this example, only admins
# are allowed to create projects, and there are project specific access
# lists.
#
[groups example3]
admins = john
project1 = user1 user2
project2 = user3 user4

[example3]
trunk/[^/]+/ = @admins(add,remove)
trunk/project1/.+ = @project1(add,remove,update)
trunk/project2/.+ = @project2(add,remove,update)
tags/[^/]+/ = @admins(add,remove)
tags/project1/[^/]+/ = @project1(add,remove)
tags/project2/[^/]+/ = @project2(add,remove)
branches/[^/]+/ = @admins(add,remove)
branches/project1/[^/]+/.* = @project1(add,remove,update)
branches/project2/[^/]+/.* = @project2(add,remove,update)

#
# A more complex structure, as defined in the following URL:
# http://moin.conectiva.com.br/RepositorySystem
#
[groups example4]
admins = user1 user2
updaters = user3

[example4]
snapshot/[^/]+/(current/(SPECS/|SOURCES/)?)? = *(add)
snapshot/[^/]+/ = @admins(add,remove)
snapshot/[^/]+/current/SPECS/[^/]+\.spec = *(add,remove,update)
snapshot/[^/]+/current/SOURCES/[^/]+ = *(add,remove,update)
snapshot/[^/]+/releases/[^/]+/([^/+]/)? = mapi2(add)
snapshot/[^/]+/pristine/ = mapi2(add,remove)
branches/[^/]+/.* = *(add,remove,update)
releases/[^/]+/ = @admins(add)
tags/[^/]+/ = *(add,remove)
updates/[^/]+/[^/]+/(current/(SPECS/|SOURCES/)?)? = @updaters,mapi2(add)
updates/[^/]+/[^/]+/current/SPECS/[^/]+\.spec = @updaters,mapi2(add,update)
updates/[^/]+/[^/]+/current/SOURCES/[^/]+ = @updaters,mapi2(add,remove,update)
updates/[^/]+/[^/]+/releases/.* = mapi2(add)
updates/[^/]+/[^/]+/pristine/ = mapi2(add,remove)

-- 
Gustavo Niemeyer

[ 2AAC 7928 0FBF 0299 5EB5  60E2 2253 B29A 6664 3A0C ]

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Re: Script to check permissions

Posted by Gustavo Niemeyer <ni...@conectiva.com>.

> How delightful! A Python implementation of the Perl script we already have at
> http://svn.collab.net/repos/svn/trunk/tools/hook-scripts/commit-access-control.pl

I've checked this implementation, but I was looking for something more
flexible, to implement the latest example provided in the sample
configuration file.

> > The question is, would you like to include it as part of the
> > subversion distribution?
> 
> Oh yes. Absolutely. The more useful (and maintained) hook scripts we

I'll certainly maintain it, since we're going to use it here for
some projects.

> have, the happier I'll be. And it looks like your config file is very
> flexible.

Here it is! Thank you!

Btw, I've changed it a little bit:

Usage: svnperms.py OPTIONS

Options:
    -r PATH    Use repository at PATH to check transactions
    -t TXN     Query transaction TXN for commit information
    -f PATH    Use PATH as configuration file (default is repository
               path + /conf/svnperms.conf)
    -s NAME    Use section NAME as permission section (default is
               repository name, extracted from repository path)
    -R REV     Query revision REV for commit information (for tests)
    -A AUTHOR  Check commit as if AUTHOR had commited it (for tests)
    -h         Show this message

-- 
Gustavo Niemeyer

[ 2AAC 7928 0FBF 0299 5EB5  60E2 2253 B29A 6664 3A0C ]

Re: Script to check permissions

Posted by br...@xbc.nu.

Quoting Gustavo Niemeyer <ni...@conectiva.com>:

> Hi there!
> 
> While I was working on the stuff at our repository system [1], I
> developed a permission checking script as part of the software
> structre
> surrounding the repository (in python). It turned out to be so
> confortable to specify permissions with that syntax that I missed this
> script for the other projects maintained under Subversion, so I
> decided
> to 'crop' that part from the system and write a standalone executable.
> 
> [1] http://moin.conectiva.com.br/RepositorySystem

How delightful! A Python implementation of the Perl script we already have at
 http://svn.collab.net/repos/svn/trunk/tools/hook-scripts/commit-access-control.pl

:-)

> The question is, would you like to include it as part of the
> subversion distribution?

Oh yes. Absolutely. The more useful (and maintained) hook scripts we have, the
happier I'll be. And it looks like your config file is very flexible.

+1


    Brane

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org