No announcement yet.

Rolling my own path-based authorization via hooks?

  • Filter
  • Time
  • Show
Clear All
new posts

  • Rolling my own path-based authorization via hooks?

    I anticipate that my repository will need to control RW authorization based on paths. The approach described in "Path-Based Authorization" of the red bean book does not look very promising.

    My workplace divides development into components - where component access is associated with particular groups. Development is further organized into branches (possibly many dozens - anyone is allowed to create a new branch) - with instances of different components being committed to various branches.

    So, an example instantaneous state might be:

    [FONT=courier new] branches/branchA/compA

    The group that has access to "compA" - really needs to have access to "branches/*/compA". As near as I can tell - wild cards are not yet supported in path based authorization. I could automatically rewrite the authorization file every time anyone creates a branch - but I'm not thrilled about creating an authorization operation that is O(branch count * component count).

    So I was looking at whether I could implement hooks to provide the needed control.

    It appears that there is a pre-commit hook that would allow me to control write access. But I didn't immediately see a corresponding hook for read access as needed by check out or update operations. Perhaps I'm not looking in the correct place(s)?[/FONT]


  • #2
    You need to upgrade your server to SVN 1.10 - which just shipped a couple of weeks ago.

    In there you will find support for wildcards. They are going to take a little bit of getting used to but should fill in the huge gap that would have existed before 1.10!

    The release notes: [url][/url]
    Improved path-based AuthZ: [url][/url]

    Check out a slide-deck describing them. It's a bit out of date: you can now have more than one asterisk ('*') within a single Atom (you'll see what I mean).


    • #3
      Excellent! I see the release note now...