Do you need to restrict READ access to the branch or tag, or do you simply want to restrict COMMIT access.
If you just want to restrict commit access, you can use a pre-commit hook to kill a commit transaction if the user who doesn't have permission attempts to change a tag or branch. There is a Python script that comes with the Subversion source code, and is at http://bit.ly/9zQnwg. The example config file can be found at http://bit.ly/cln78B. One of the nice things about this script is it has a "add-only" option. That is, you can copy a URL to the repository, but cannot modify it. This is good to allow someone to create a tag, but also prevents it from being modified. I have a Perl version a pre-commit hook that does the same thing. Mine will also verify that properties are set correctly on files before they can be committed. You can find this script at http://db.tt/H3o1i7S. By the way, there's also a way to configure Apache httpd to use LDAP instead of a regular text file. This means that users will have access to your Subversion repository based upon their Windows or Unix account and that users will automatically get logins and have their access removed when they get hired or move on. On Tue, Oct 12, 2010 at 11:37 PM, Shaun Pinney <[email protected]> wrote: > Hello all, > > We've configured Apache to restrict access to certain directories on our trunk > (n.b. via AuthUserFile in httpd.conf). The problem is now I've created a tag > from our trunk and found that the permissions don't 'automatically' transfer > during creation of the tag. Obviously, this is because the AuthUserFile is a > text file and needs to be edited manually :). But, is there an admin tool to > help with this basic task to avoid accidentally providing full access to a tag > (or branch)? Hopefully, Subversion provides some type of 'smart branch/tag > creation' which can inherit permissions from the source directory. Please let > me know of the best way to do this. > > Thanks, > Shaun > > > -- David Weintraub [email protected]
