Folks: On Mon, Dec 16, 2024 at 6:47 AM Richard Tresidder < rtres...@electromag.com.au> wrote:
> I'm wondering if there has been any discussion about adding the ability > to allow traversal of a single tree path. > Currently one has to provide read access to to each level of the tree and > prune off every other directory in the path. > I'd like to give a user access to root/path1/path11/path111/* > But I don't want them to have any access to or visibility of other > directories / files along the way. > eg root/path1/path2 would not be visible or accessible. > Probably needs another access type? 'x' to allow traversal to a deeper > level, but hide everything else? > > The prune method is not reliable as new folders may be added, sometimes > theres a lot of folders etc there are files in the folders along the > desired path. > The prune method can use wildcards. It works reliably and the pattern is pretty straightforward. That said, the repository root is, for some reason that appears to be a bug, not implemented the same as any other subdirectory so you cannot use the pattern all the way from the top. Here's what the pattern should be if everything worked properly: [/] user = r [:glob:/*] user = [/path1] user = r [:glob:/path1/*] user = [/path1/path11] user = r [:glob:/path1/path11/*] user = [/path1/path11/path111] user = rw If you do the above, the user will be able to checkout "repo:/path1" but not "repo:/" (which they should be able to do - bug). Normal "buried access". Oh, and the repo won't show up as browse-able in Apache if you've allowed "SVNListParentPath" (although it is browse-able if they input the /path1 URL). If you comment out that 2nd rule then they'll be able to checkout the repo and get most everything BUT those things excluded in the /path1 tree by the wildcards. Would be nice to get that bug fixed at some point as that's a bit of an ugly discontinuity. More info on wildcards here: https://svn.haxx.se/dev/archive-2017-02/att-0188/SubversionWildcards.pptx Cheers. Doug -- *Doug Robinson* Senior Product Manager P +1 925 396 1125 *E* doug.robin...@cirata.com -- THIS MESSAGE AND ANY ATTACHMENTS ARE CONFIDENTIAL, PROPRIETARY AND MAY BE PRIVILEGED If this message was misdirected, Cirata Ltd. and its subsidiaries, ("Cirata") does not waive any confidentiality or privilege. If you are not the intended recipient, please notify us immediately and destroy the message without disclosing its contents to anyone. Any distribution, use or copying of this email or the information it contains by other than an intended recipient is unauthorized. The views and opinions expressed in this email message are the author's own and may not reflect the views and opinions of Cirata, unless the author is authorized by Cirata to express such views or opinions on its behalf. All email sent to or from this address is subject to electronic storage and review by Cirata. Although Cirata operates anti-virus programs, it does not accept responsibility for any damage whatsoever caused by viruses being passed.
