Patch #17748

Subrepositories Fail to Authenticate Internal Users upon Subversion Checkout

Added by David Pettifor almost 8 years ago. Updated almost 8 years ago.

Status:NewStart date:
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:SCM extra
Target version:-

Description

  • DBMS: PostgreSQL 8.4.20
  • Ruby 1.9.3p547
  • Rails 3.2.13
  • Redmine 2.2.4.stable.11981

We have setup Apache 2.2.5 to host subversion repositories created in our local directory "/var/svn/". We can browse these repositories through Redmine just fine. However, when an internal Redmine user tries to checkout a secondary repository using a local "svn checkout" command, they would fail to authenticate against any of these secondary repositories of a given project of which they are a member.

We tracked down the issue and found it to be located in the "Redmine.pm" file, located at

/extra/svn/Redmine.pm

If we look at Line 246 (http://www.redmine.org/projects/redmine/repository/entry/trunk/extra/svn/Redmine.pm#L246), we are only gathering repository permission for a project whose identifier matches the repository identifier. This is bad in at least two cases:

  1. If the repository is named something different than the project identifier (such as project identifier is "myproject" but the repository is at "/var/svn/myproj")
  2. If we have secondary repositories which of course would have a different identifier than the project's identifier

To fix this, we need to modifiy line 246 to include any repository identifer or where the repository's URL matches:

AND (projects.identifier=?
OR projects.id IN (SELECT project_id FROM repositories WHERE identifier = ?)
OR projects.id IN (SELECT project_id FROM repositories WHERE url LIKE '%/'||?)
)

Of course, we'll also need to pass in the project identifier another two times when the Perl string is compiled upon execution, which happens on line 461 (or 464 with the added code above):

$sth->execute($redmine_user, $project_id, $project_id, $project_id);

I hope this is a good solution for anyone having the same issues out there, and hope that this (or an adaptation of this) is included in some future release!

History

#1 Updated by Toshi MARUYAMA almost 8 years ago

  • Category changed from Accounts / authentication to SCM extra

Also available in: Atom PDF