0

I need to restrict a SVN user to be able to obtain only the revision log with revision number and message, and the list of changed files as well.

The user must not have access to the source files content.

We need this to integrate the project management system with Redmine so it will automatically update the issue status and be able to list the changelog by getting the SVN revision log messages. We don`t want this user to have access to the sources by security reasons.

Do you have any ideas? Thanks in advance.

Montag451
  • 1,168
  • 3
  • 14
  • 30
Vasil Popov
  • 1,210
  • 14
  • 22
  • Is it the same as http://stackoverflow.com/questions/6651997/svn-show-log-not-working? – pmod Aug 12 '11 at 21:42
  • this doesnt works for me bcause tortoise caches the log, it works for them because it reads the cache, so if you delete the cache or use the command line, you`re screwed again. – Vasil Popov Aug 23 '11 at 10:22

2 Answers2

0

This solution from another question. Add these lines to the svnserve.conf file:

anon-access = none
auth-access = write

This works from command line without authorization:

enter image description here

Community
  • 1
  • 1
terales
  • 3,116
  • 23
  • 33
0

Wow: This is a very unusual request, and I'm not sure if it is possible.

I can only think of a single (very remote) possibility: Give access to the root of the repository to this group of people, but deny them access to the branches, tags, and trunk subdirectory themselves. It is possible that the user might be able to do a svn log on the root of the repository, but won't be able to checkout the files themselves.

I really don't have time to setup a complete test, but that's the only possibility I can think of. Something like this in authorization. I'm not even sure if this syntax would be 100% correct:

[groups]
dev = tom, dick, harry
other = bob, carol, ted, alice

[myrepos: /]
@dev = rw
@other = rw

[myrepos: /trunk]
@dev = rw
@other =

Another possibility: Use a web based program or a client server type program to view the log information. For example, imagine a limited program that can do either "svn ls" or "svn log", but that's all. The server could have full access to the Subversion repository, but only allow for limited querying.

The final possibility (and my preference) is to use a continuous build system like Jenkins to do a build on every check in. Jenkins will make it easy to see what changed in each build, and will even list the files that were change, but deny access to the source. It is very likely that this is good enough for this particular group of users.

Even better, Jenkins can integrate with Redmine, so Redmine can pull in the changes.

David W.
  • 105,218
  • 39
  • 216
  • 337
  • This doesn't work comlpetely. The user that have access to the root folder only, sees the revision log but the comments and the changed files list is available only for the root folder. The info for changes in the trunk, branches and tags folders are blank, so there are blank rows with revision numbers in the revision log list only. – Vasil Popov Aug 23 '11 at 07:41
  • Yeah, is was a very remote possibility it would work. You now have two choices: Choice #1 is to write a webapp that will simply list the svn log. A simple webapp written in PHP probably wouldn't take more than a few days (There's really only a single function point). The other choice is to use something like Jenkins. Jenkins will show the commit comments with each build which includes the names of the files. By default, Jenkins doesn't show you the code (you're suppose to use something like Sventon which integrates w/ Jenkins). Jenkins integrates w/ Redmine which might exactly what you need. – David W. Aug 23 '11 at 14:54