You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@subversion.apache.org by "G.Nei�" <g....@plarad.de> on 2008/08/08 15:39:36 UTC
Feature request:authz for repository groups
I had send this msg to 'user' a while ago, but no answer till now.
I realize that this might be the wrong forum, so I resend it to 'devel' now.
Here it is:
Hi,
I am using the build in authz of svnservice.
Inside the authz I am able to define the access rights:
- global for all repositories (using [/])
- for a specific path inside any repository (using [/<path inside repos>}
- for a specific repository (and optional specific path inside) (using
[<path of repos>:...])
Because we have a lot of repositories the entry inside svnserve.conf for
authz look like:
authz-db = ../../_Common/authz
(similar it is done for passwd).
So I am able to use a common authz and passwd for all of my repositories.
This works great, but I now run into the problem, that is is impossible to
add a rule for a 'group of repositories'.
All repositories a grouped into seperate sub dirs, like:
Prj for projects currently under development
Programme for tools used for development
Here is (part of) my authz file:
# Default access rule for ALL repositories
[/]
$anonymous =
$authenticated = r
@Admins = rw
# Prj/Project1
[Prj/Project1:/]
@MainUsers = rw
@Developers = rw
# only @Admins are allowed to write to /trunk/Montage
[Prj/Project1:/trunk/Montage]
@MainUsers = r
@Developers = r
This works, but to allow @Developers write access to all repositories inside
Prj, I must manually add each repository path like this
[Prj/Project2:/]
@Developers = rw
[Prj/Project3:/]
@Developers = rw
I like to use something like
[Prj/*:/]
@Developers = rw
[Programme /*:/]
@Developers = r
This will(should) allow @Developers rw access to all projects, but only
@Admins write access to the project tools
So all what is needed to realize that is: having the reposioty path be a
regular expression (or something like that)
Does this sound good ?
I take a look into the code that does the authz, see that it should not be
too complicated, but because I am not so familar with the environment used I
don't think I am able to supply a patch that implements this.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org