On 17/12/2024 11:18 am, Richard Tresidder wrote:
On 16/12/2024 10:00 pm, Mark Phippard wrote:
On Mon, Dec 16, 2024 at 8:10 AM Daniel Sahlberg
<daniel.l.sahlb...@gmail.com> wrote:
Den mån 16 dec. 2024 kl 12:47 skrev Richard Tresidder
<rtres...@electromag.com.au>:
Hi
I'm wondering if there has been any discussion about adding the
ability to allow traversal of a single tree path.
Currently one has to provide read access to to each level of the
tree and prune off every other directory in the path.
I'd like to give a user access to root/path1/path11/path111/*
But I don't want them to have any access to or visibility of other
directories / files along the way.
eg root/path1/path2 would not be visible or accessible.
Probably needs another access type? 'x' to allow traversal to a
deeper level, but hide everything else?
The prune method is not reliable as new folders may be added,
sometimes theres a lot of folders etc there are files in the
folders along the desired path.
Cheers
Richard Tresidder
Hi,
That is a very useful feature, unfortunately I'm not sure if there
is anyone with enough time to implement it. A patch would be highly
welcome.
I know this exact functionality exists in at least one of the
commercial servers, see the support page for VisualSVN Server [1].
At first I thought this had been implemented a long time ago, but then
remembered it was a feature we (CollabNet) added in our authz module.
I seem to recall we proposed it on dev@ list and may have even sent a
patch but not sure.
One thing I remember is that implementing this feature does leak the
existence of the nodes you are not allowed to see in the WC metadata
because an entry is added in the WC that indicates the item exists but
you do not have access to it. That may have been why it was decided
not to include this in SVN.
Mark
Hi All
Yep I'd love it.
We often like to give new people access to certain stuff but not
everything.
Understand the Logs and some Meta data would show existence of stuff but
that doesn't really matter in the context of just restricting access to
the actual files themselves.
I did have a brief look at what might be required to get something like
this in there, but well there's a lot to read through and understand :)
I'd be happy to assist but I'm not at a level with this code that I
could take
it on myself I think.
I'll keep trying to come to grasp how it all works in the mean time.
Cheers
Richard
Ah ok I think I found a discussion back in 2014 possibly referring to the patch
you mentioned.
https://lists.apache.org/thread/nlymx9dq3f09z6ofz5y2jcz85rk8b0hr
The patch in that thread appears to be trying to add this ability.
It looks like a reasonably simple starting place at least, even if it's
probably a bit old to apply directly.
Cheers
Richard
