Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Trac>
  3. Users
Trac Repository Browser bypasses SVN permissions
felix at keyghost
Jul 22, 2004, 10:36 PM
Post #1 of 3 (1051 views)
Permalink
Hi,

If you have Subversion set up using an Apache server with the
authz_svn_module providing directory level access control and you set up
Trac, the Trac browser neatly bypasses the access control.

This is quite a likely scenario as you will no doubt be running Trac on
the same Apache server as you Subversion install.

It is only a problem if you don't want all your users to be able to read
the whole repository, but in this case it renders the Trac repository
browser unusable. My example is a private company project with nothing
is visible to unauthenticated users some with r/w and some only read
privileges. We also have a contractor who should only be allowed to
read and write under certain directories on one project.

Is there anyway that Trac could check with the authz_svn_module to see
if it is OK to browse a particular part of the repository? Is there a
library in Subversion for this?

Which level of access does Trac use to read from the subversion
repository: repository layer, repository access layer or client layer?

Cheers,
Felix
Trac Repository Browser bypasses SVN permissions [ In reply to ]
cmlenz at gmx
Jul 22, 2004, 10:36 PM
Post #2 of 3 (1022 views)
Permalink
Hi Felix,

Am 03.06.2004 um 05:29 schrieb Felix Collins:
> Hi,
>
> If you have Subversion set up using an Apache server with the
> authz_svn_module providing directory level access control and you set
> up Trac, the Trac browser neatly bypasses the access control.
>
> This is quite a likely scenario as you will no doubt be running Trac
> on the same Apache server as you Subversion install.
>
> It is only a problem if you don't want all your users to be able to
> read the whole repository, but in this case it renders the Trac
> repository browser unusable. My example is a private company project
> with nothing is visible to unauthenticated users some with r/w and
> some only read privileges. We also have a contractor who should only
> be allowed to read and write under certain directories on one project.
>
> Is there anyway that Trac could check with the authz_svn_module to see
> if it is OK to browse a particular part of the repository? Is there a
> library in Subversion for this?

see http://projects.edgewall.com/trac/wiki/FineGrainedPermissions

> Which level of access does Trac use to read from the subversion
> repository: repository layer, repository access layer or client layer?

The repository layer (RA isn't available because the Python bindings
are not usable yet, IIUC).

Cheers,
Chris
--
Christopher Lenz
/=/ cmlenz at gmx.de
Trac Repository Browser bypasses SVN permissions [ In reply to ]
felix at keyghost
Jul 22, 2004, 10:36 PM
Post #3 of 3 (1047 views)
Permalink
Thanks for that Christopher. It is great to see someone was on to the
problem before I really realised it! I guess I should have searched for
active issues on this before posting. ;-)

Eagerly awaiting an announcement on completion....

Cheers,
Felix


Christopher Lenz wrote:

>
> see http://projects.edgewall.com/trac/wiki/FineGrainedPermissions
>

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal