Patch #3827
openAllow (SVN) repository browsing in Redmine.pm
0%
Description
Currently, you cannot enable repository browsing (SVNListParentPath ...) when using Redmine.pm to grant/deny access to the various SVN repositories. The reason for that is that there obviously is no project_id for the svn root directory and thus, access is denied.
I fixed that by changing the function is_public_project in Redmine.pm like this:
sub is_public_project { my $project_id = shift; my $r = shift; my $ret = 0; if ($project_id) { my $dbh = connect_database($r); my $sth = $dbh->prepare( "SELECT * FROM projects WHERE projects.identifier=? and projects.is_public=true;" ); $sth->execute($project_id); $ret = $sth->fetchrow_array ? 1 : 0; $sth->finish(); $dbh->disconnect(); } else { $ret = 1; } $ret; } <pre> This will allow access if the project_id is empty, and use the normal access checks otherwise. I don't know whether this will have side effects on other types of repositories like git, bzr, etc. This patch should work for the curent stable version as well as for the current trunk.
Files
Updated by Felix Schäfer about 15 years ago
Please keep in mind here that this exposes the names of all svn repositories, so users will see the names of all projects, even the ones that are not public and they don't have rights on.
Updated by Toshi MARUYAMA almost 14 years ago
- Category changed from SCM to SCM extra
Updated by Bruno Medeiros over 11 years ago
I would like to use SVNListParentPath on
, any thoughts on how to implement it properly? Is there any way to filter repositories before show?
My personal case is that all users from my company (users authenticated by our LDAP server) can see all projects, and all other users (users authenticated by redmine's internal database) cannot see any project. Maybe doing that via apache would be more feasible...
Updated by Bruno Medeiros over 11 years ago
I just created a patch to allow LDAP users to be authenticated to SVNListParentPath
. It's poor because I copied the LDAP auth code, but for someone that haven't written a single line in Perl so far, it works!
Updated by Sebastian Neusser about 10 years ago
Hi all,
I got a similar issue and i came up with this fix (sorry no patch, only code):- checks if the request is made for the SVN root and grants access.
- also, only repositories the user has access to are displayed.
Redmine.pm:
### mostly original, edits marked sub authen_handler { my $r = shift; my ($res, $redmine_pass) = $r->get_basic_auth_pw(); return $res unless $res == OK; ##### edit my $loc = get_directive_location($r); if (($r->uri eq $loc) || ($r->uri eq ( $loc . "/" ))) { return OK; } ##### end edit if (is_member($r->user, $redmine_pass, $r)) { return OK; } else { $r->note_auth_failure(); return DECLINED; } } ### added sub (basically a copy of 'get_project_identifier') sub get_directive_location { my $r = shift; my $cfg = Apache2::Module::get_config(__PACKAGE__, $r->server, $r->per_dir_config); my $location = $r->location; $location =~ s/\.git$// if (defined $cfg->{RedmineGitSmartHttp} and $cfg->{RedmineGitSmartHttp}); $location; }
Apache config (partial)
<Location /svn> DAV svn SVNAllowBulkUpdates Prefer SVNParentPath /srv/svn SVNListParentPath on ErrorDocument 404 default <LimitExcept GET PROPFIND OPTIONS REPORT> Require valid-user </LimitExcept> <Limit GET PROPFIND OPTIONS REPORT> Require valid-user Require expr req('X-Forwarded-For') == "127.0.0.1" </Limit> PerlAccessHandler Apache::Authn::Redmine::access_handler PerlAuthenHandler Apache::Authn::Redmine::authen_handler AuthType Basic AuthName "Redmine SVN Repository" AuthUserFile /dev/null RedmineDSN "DBI:mysql:database=redmine_db;host=redmine_host" RedmineDbUser "redmine_user" RedmineDbPass "redmine_pass" </Location>
Env:
Environment: Redmine version 2.5.1.stable Ruby version 2.0.0-p481 (2014-05-08) [x86_64-linux] Rails version 3.2.17 Environment production Database adapter Mysql2 SCM: Subversion 1.8.9 Mercurial 3.0.2 Git 2.0.1 Filesystem Redmine plugins: redmine_better_gantt_chart 0.9.0
Hope it helps!