On 11.12.2018 10:24, Stuempfig, Thomas wrote:
> Hi all,
> We have a large organization many projects and quite a bit of history
> (10years) with one of the repos… and after a while path based authorization
> becomes quite difficult.
> I would like to ask if it is possible as an admin to check path based
> authorization for a user x (ldap).
>
> It would be great if one could give (“none”,”rw”,”r”) or alike for path.
> Kind executing a call like the call below as admin.
>
> getactiveprivs usertocheck
> http(s)://server.domain.com//svn/myproject/branches/branch_dev/
>
> I mean this is the core, there could be several variations of this call. Get
> privs of ldap group members … as different members belong to different other
> groups each of them have possibly different access rights. It would be really
> great to have some table of active priviledges.
Is the 'svnauthz' tool not good enough? It's usually installed
separately from the core binaries, in some 'subversion-tools' package,
but it's intended for exactly this kind of test.
-- Brane
$ svnauthz accessof --help
accessof: Print or test the permissions set by an authz file.
usage: 1. svnauthz accessof TARGET
2. svnauthz accessof -t TXN REPOS_PATH FILE_PATH
1. Prints the access of USER to PATH based on authorization file at TARGET.
TARGET can be a path to a file or an absolute file:// URL to an authz
file in a repository, but cannot be a repository relative URL (^/).
2. Prints the access of USER to PATH based on authz file at FILE_PATH in the
transaction TXN in the repository at REPOS_PATH.
USER is the argument to the --username option; if that option is not
provided, then access of an anonymous user will be printed or tested.
PATH is the argument to the --path option; if that option is not provided,
the maximal access to any path in the repository will be considered.
Outputs one of the following:
rw write access (which also implies read)
r read access
no no access
Returns:
0 when syntax is OK and '--is' argument (if any) matches.
1 when syntax is invalid.
2 operational error
3 when '--is' argument doesn't match
Valid options:
-t [--transaction] ARG : transaction id
--username ARG : username to check access of
--path ARG : path within repository to check access of
--repository ARG : repository authz name
--is ARG : instead of outputting, test if the access is
exactly ARG
ARG can be one of the following values:
rw write access (which also implies read)
r read-only access
no no access
--groups-file ARG : use the groups from file ARG
-R [--recursive] : determine recursive access to PATH
