2

I need to give read-write access for a non-engineering group to certain directories inside our repository. Ideally, I would like for them to only have to check out this collection of directories as well, as opposed to the whole tree (but that part is not essential).

The problem that I can't figure out is how to handle this for (a) a large number (almost 100) of directories scattered throughout the repository and (b) the fact that these directories are below 'branches/branch-name' in the URL path. I have a standard repo, with trunk, branches tags underneath.

I tried authz for the r-w issue, but it seems I must use the full path. The full path means including the branch information. We use a large number of branches, so this seems impractical. I would have to update my authz file every time we changed branches.

I thought about collecting the group of directories into a single space, using either svn:externals or symlinks. However, I still cannot see how that avoids the problem of including the branch info in the path.

It seems that none of these solutions allows for wildcards, which would solve my problem. Maybe I'm missing something.

I know there is the svnperms.py script, but I was hoping to solve this without using a hook script. I will if I must, but is there a solution that does not require a hook script?

Update OK, no interest so far, so I'll add some detail about what I'm trying.

The big problem is the vast number of directories (each called error_messages), so if I could somehow consolidate them. I am attempting to solve this by using svn:externals.

project
  \ 
   + branches
     \
      + branchA
       \
        + error_messages <<-- new directory

Now, I add an svn:externals prop to the new error_messages directory, and use relative paths, which looks something like this:

../path/to/first/error_messages first
../path/to/second/error_messages second
etc.

This works great as a way of facilitating the checkout of all the various error_messages directories to one spot. However, it does not help with the authorization.

I was hoping that I could add the branchA/error_messages path to the authz file, thus giving read-write access to my Info team. But SVN is too smart and it checks the authorization for the relative paths. So, unless I have path/to/first, path/to/second, etc., in my authz, the Info users will not have access.

Am I really stuck? Seems like, to use this method, I will have to give read-write access to the entire repository to the Info team (at least in the authz file), then restrict that access using a pre-commit hook.

By the way, I should have given some environment details:

  • Server: Linux, svn 1.7
  • Clients: Linux svn 1.7, Windows for Info team, probably smartSvn 1.7
  • "svn:" protocol, no http
  • SASL for authentication

So, after seeing that svn:externals will not work (not be practical), I was thinking maybe I could create symlinks instead. However, the Info team will be using Windows clients, so I think that solution is also not possible.

tanager
  • 189
  • 2
  • 10
  • OK, I've given up and just accepted the maintenance headache. My solution is to use svn:externals as described above, which consolidates the checkout for the Info team. Then, I'm going to list all 100 +/- directories in the authz file, giving read-write access to the Info group. Because these directories are below the branches/tags/trunk level, I will have to update the authz file every time we change branches. But for the Info team, that will only be once per release. Best I can do, I guess. – tanager Oct 10 '13 at 21:14

0 Answers0