Patch #3827

Allow (SVN) repository browsing in Redmine.pm

Added by Stefan Rubner about 12 years ago. Updated almost 7 years ago.

Status:NewStart date:2009-09-06
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:SCM extra
Target version:-

Description

Currently, you cannot enable repository browsing (SVNListParentPath ...) when using Redmine.pm to grant/deny access to the various SVN repositories. The reason for that is that there obviously is no project_id for the svn root directory and thus, access is denied.
I fixed that by changing the function is_public_project in Redmine.pm like this:

sub is_public_project {
    my $project_id = shift;
    my $r = shift;
    my $ret = 0;

    if ($project_id) {
      my $dbh = connect_database($r);
      my $sth = $dbh->prepare(
        "SELECT * FROM projects WHERE projects.identifier=? and projects.is_public=true;" 
      );

      $sth->execute($project_id);
      $ret = $sth->fetchrow_array ? 1 : 0;
      $sth->finish();
      $dbh->disconnect();
    } else {
      $ret = 1;
    }
    $ret;
}
<pre>

This will allow access if the project_id is empty, and use the normal access checks otherwise. I don't know whether this will have side effects on other types of repositories like git, bzr, etc.
This patch should work for the curent stable version as well as for the current trunk.

SVNListParentPath_to_LDAP_users.diff Magnifier (2.17 KB) Bruno Medeiros, 2013-05-21 00:39

History

#1 Updated by Felix Schäfer almost 12 years ago

Please keep in mind here that this exposes the names of all svn repositories, so users will see the names of all projects, even the ones that are not public and they don't have rights on.

#2 Updated by Toshi MARUYAMA almost 11 years ago

  • Category set to SCM

#3 Updated by Toshi MARUYAMA over 10 years ago

  • Category changed from SCM to SCM extra

#4 Updated by Bruno Medeiros over 8 years ago

I would like to use SVNListParentPath on, any thoughts on how to implement it properly? Is there any way to filter repositories before show?

My personal case is that all users from my company (users authenticated by our LDAP server) can see all projects, and all other users (users authenticated by redmine's internal database) cannot see any project. Maybe doing that via apache would be more feasible...

#5 Updated by Bruno Medeiros over 8 years ago

I just created a patch to allow LDAP users to be authenticated to SVNListParentPath. It's poor because I copied the LDAP auth code, but for someone that haven't written a single line in Perl so far, it works!

#6 Updated by Sebastian Neusser almost 7 years ago

Hi all,

I got a similar issue and i came up with this fix (sorry no patch, only code):
  • checks if the request is made for the SVN root and grants access.
  • also, only repositories the user has access to are displayed.

Redmine.pm:


### mostly original, edits marked
sub authen_handler {
  my $r = shift;
  my ($res, $redmine_pass) =  $r->get_basic_auth_pw();

  return $res unless $res == OK;

  ##### edit
  my $loc = get_directive_location($r);
  if (($r->uri eq $loc) || ($r->uri eq ( $loc . "/" ))) {
      return OK;
  }
  ##### end edit

  if (is_member($r->user, $redmine_pass, $r)) {
      return OK;
  } else {
      $r->note_auth_failure();
      return DECLINED;
  }
}

### added sub (basically a copy of 'get_project_identifier')
sub get_directive_location {
    my $r = shift;
    my $cfg = Apache2::Module::get_config(__PACKAGE__, $r->server, $r->per_dir_config);
    my $location = $r->location;

    $location =~ s/\.git$// if (defined $cfg->{RedmineGitSmartHttp} and $cfg->{RedmineGitSmartHttp});
    $location;
}

Apache config (partial)

<Location /svn>
    DAV svn

    SVNAllowBulkUpdates Prefer
    SVNParentPath /srv/svn
    SVNListParentPath on

    ErrorDocument 404 default

    <LimitExcept GET PROPFIND OPTIONS REPORT>
        Require valid-user
    </LimitExcept>

    <Limit GET PROPFIND OPTIONS REPORT>
        Require valid-user
        Require expr req('X-Forwarded-For') == "127.0.0.1" 
    </Limit>

    PerlAccessHandler Apache::Authn::Redmine::access_handler
    PerlAuthenHandler Apache::Authn::Redmine::authen_handler
    AuthType Basic
    AuthName "Redmine SVN Repository" 
    AuthUserFile /dev/null
    RedmineDSN "DBI:mysql:database=redmine_db;host=redmine_host" 
    RedmineDbUser "redmine_user" 
    RedmineDbPass "redmine_pass" 
</Location>

Env:


Environment:
  Redmine version                2.5.1.stable
  Ruby version                   2.0.0-p481 (2014-05-08) [x86_64-linux]
  Rails version                  3.2.17
  Environment                    production
  Database adapter               Mysql2
SCM:
  Subversion                     1.8.9
  Mercurial                      3.0.2
  Git                            2.0.1
  Filesystem                     
Redmine plugins:
  redmine_better_gantt_chart     0.9.0

Hope it helps!

Also available in: Atom PDF