Bug #49877

Feature #36172: Forge cleanup and update umbrella issue

Feature #45844: Separate SVN from the Redmine server

SVN authorization

Added by Steffen Gebert about 8 years ago. Updated over 4 years ago.

Must have
Target version:
Start date:
Due date:
% Done:


Estimated time:


When a user commits to an SVN repository, it has to be checked, whether he's allowed to do so.

  • Authentication (asking for username + password) is already through done (using the /services/authenticate.php)
  • Authorization then has to check, if the user belongs to the group having write permission for this path.

This is not fixed, yet. We see two options:

  1. pull (through a cron job or triggered by MQ) a list of all projects from forge and loop over them to ask for the project memberships.
    Then put these data together to an "authz path-based authorization" file that looks like this:
    admins = john, inge, dieter
    extension-gimmefive-developers = jocrau, ohader
    extension-contentparser-developers = jocrau
    extension-rootline-developers = jocrau
    extension-perfectlightbox-developers = niediek
    extension-nc_staticfilecache-developers = sonne, ohader, danp, franzripfel, stefan_sprenger, axeljung01, soda_2005, ncfrans, michael.klapper, spyker, fab1en
    @extension-gimmefive-developers = rw
    @extension-contentparser-developers = rw
    @admins = rw
    @extensions-developers = rw
    * = r
  2. bring back the old code to redmine that writes the authz file (this and probably few others) and expose this file to the SVN server, which fetches it regulary. I suggest to be careful when doing so and first downloading it and then moving the downloaded file (after a size verification?) over the active one (atomic operation).


svn-groups.php (5.83 KB) svn-groups.php Sync script Steffen Gebert, 2013-07-12 22:51

Updated by Steffen Gebert about 8 years ago

It sounded like we will try 1. first and Bastian offered his help there


Updated by Steffen Gebert about 8 years ago

Attached is a possible solution.

Caveat: it relies on the typo3_api plugin I wrote some time ago, which seems not to work in Redmine 2.2 (see redmine forum entry). The problem exposes the user's login name to the API. If we don't get a hint, how this works now (I think I will ask Stefan about that), we would have to patch the view in redmine).


Updated by Steffen Gebert about 8 years ago

  • Status changed from New to Needs Feedback
  • % Done changed from 0 to 70

Updated by Steffen Gebert about 8 years ago

  • Assignee set to Steffen Gebert

Updated by Steffen Gebert over 4 years ago

  • Status changed from Needs Feedback to Rejected

Updated by Steffen Gebert over 4 years ago

  • Status changed from Rejected to Closed

Also available in: Atom PDF