Bug #49877

Feature #36172: Forge cleanup and update umbrella issue

Feature #45844: Separate SVN from the Redmine server

SVN authorization

Added by Steffen Gebert about 8 years ago. Updated over 4 years ago.

Status:
Closed
Priority:
Must have
Category:
-
Target version:
-
Start date:
2013-07-11
Due date:
% Done:

70%

Estimated time:

Description

When a user commits to an SVN repository, it has to be checked, whether he's allowed to do so.

  • Authentication (asking for username + password) is already through done (using the /services/authenticate.php)
  • Authorization then has to check, if the user belongs to the group having write permission for this path.

This is not fixed, yet. We see two options:

  1. pull (through a cron job or triggered by MQ) a list of all projects from forge and loop over them to ask for the project memberships.
    Then put these data together to an "authz path-based authorization" file that looks like this:
    [groups]
    admins = john, inge, dieter
    extension-gimmefive-developers = jocrau, ohader
    extension-contentparser-developers = jocrau
    extension-rootline-developers = jocrau
    extension-perfectlightbox-developers = niediek
    extension-nc_staticfilecache-developers = sonne, ohader, danp, franzripfel, stefan_sprenger, axeljung01, soda_2005, ncfrans, michael.klapper, spyker, fab1en
    
    [/gimmefive]
    @extension-gimmefive-developers = rw
    
    [/contentparser]
    @extension-contentparser-developers = rw
    
    [/]
    @admins = rw
    @extensions-developers = rw
    * = r
    
  2. bring back the old code to redmine that writes the authz file (this and probably few others) and expose this file to the SVN server, which fetches it regulary. I suggest to be careful when doing so and first downloading it and then moving the downloaded file (after a size verification?) over the active one (atomic operation).

Files

svn-groups.php (5.83 KB) svn-groups.php Sync script Steffen Gebert, 2013-07-12 22:51

Also available in: Atom PDF