Feature #2800
closedHonor SVN directory permissions (authz)
0%
Description
I'm tempted to file this as a defect but will settle on feature-request for now.
Redmine currently uses an all-or-nothing security model for the SCM integration. This falls down when you have multiple independent contributors on a single project that should not see each other's changes - but still share tickets and the wiki.
It would be great if redmine could honor the per-directory permissions of SVN as defined in the authz file, here's an example randomly pulled from google:
[groups] admin = mavjones bubblebath_group = @admin, udo.juergens, peter.wolf [/] * = @admin = rw [bubblebath:/] @bubblebath_group = rw [bubblebath:/poolA] @bubblebath_group = r peter.wolf = rw
The file itself is fairly easy to parse but there is the obvious problem of mapping svn users to redmine users.
For an easy workaround I'd suggest to support a redmine-specific comment directly in the authz file:
# redmine-map: Peter Wolf peter.wolf # redmine-map: Udo Juergens udo.juergens
These comments would be ignored by svn itself (they're comments after all) but allow redmine to do proper mapping. Account names that cannot be mapped should default to "no access".
So, to wrap up:
- Redmine should optionally honor the authz file, there should be a checkbox to choose between free-for-all SCM access vs access controlled SCM access in the project settings.
- The access controls should apply to all areas where repository contents are shown, most importantly to the repository browser.