When a user commits to an SVN repository, it has to be checked, whether he's allowed to do so.
- Authentication (asking for username + password) is already through done (using the
- Authorization then has to check, if the user belongs to the group having write permission for this path.
This is not fixed, yet. We see two options:
- pull (through a cron job or triggered by MQ) a list of all projects from forge and loop over them to ask for the project memberships.
Then put these data together to an "authz path-based authorization" file that looks like this:
[groups] admins = john, inge, dieter extension-gimmefive-developers = jocrau, ohader extension-contentparser-developers = jocrau extension-rootline-developers = jocrau extension-perfectlightbox-developers = niediek extension-nc_staticfilecache-developers = sonne, ohader, danp, franzripfel, stefan_sprenger, axeljung01, soda_2005, ncfrans, michael.klapper, spyker, fab1en [/gimmefive] @extension-gimmefive-developers = rw [/contentparser] @extension-contentparser-developers = rw [/] @admins = rw @extensions-developers = rw * = r
- bring back the old code to redmine that writes the
authzfile (this and probably few others) and expose this file to the SVN server, which fetches it regulary. I suggest to be careful when doing so and first downloading it and then moving the downloaded file (after a size verification?) over the active one (atomic operation).
#2 Updated by Steffen Gebert over 6 years ago
Attached is a possible solution.
Caveat: it relies on the typo3_api plugin I wrote some time ago, which seems not to work in Redmine 2.2 (see redmine forum entry). The problem exposes the user's login name to the API. If we don't get a hint, how this works now (I think I will ask Stefan about that), we would have to patch the view in redmine).