Hi,
If you have Subversion set up using an Apache server with the
authz_svn_module providing directory level access control and you set up
Trac, the Trac browser neatly bypasses the access control.
This is quite a likely scenario as you will no doubt be running Trac on
the same Apache server as you Subversion install.
It is only a problem if you don't want all your users to be able to read
the whole repository, but in this case it renders the Trac repository
browser unusable. My example is a private company project with nothing
is visible to unauthenticated users some with r/w and some only read
privileges. We also have a contractor who should only be allowed to
read and write under certain directories on one project.
Is there anyway that Trac could check with the authz_svn_module to see
if it is OK to browse a particular part of the repository? Is there a
library in Subversion for this?
Which level of access does Trac use to read from the subversion
repository: repository layer, repository access layer or client layer?
Cheers,
Felix
If you have Subversion set up using an Apache server with the
authz_svn_module providing directory level access control and you set up
Trac, the Trac browser neatly bypasses the access control.
This is quite a likely scenario as you will no doubt be running Trac on
the same Apache server as you Subversion install.
It is only a problem if you don't want all your users to be able to read
the whole repository, but in this case it renders the Trac repository
browser unusable. My example is a private company project with nothing
is visible to unauthenticated users some with r/w and some only read
privileges. We also have a contractor who should only be allowed to
read and write under certain directories on one project.
Is there anyway that Trac could check with the authz_svn_module to see
if it is OK to browse a particular part of the repository? Is there a
library in Subversion for this?
Which level of access does Trac use to read from the subversion
repository: repository layer, repository access layer or client layer?
Cheers,
Felix