Patch #3827
open
Allow (SVN) repository browsing in Redmine.pm
Added by Stefan Rubner over 15 years ago.
Updated about 10 years ago.
Description
Currently, you cannot enable repository browsing (SVNListParentPath ...) when using Redmine.pm to grant/deny access to the various SVN repositories. The reason for that is that there obviously is no project_id for the svn root directory and thus, access is denied.
I fixed that by changing the function is_public_project in Redmine.pm like this:
sub is_public_project {
my $project_id = shift;
my $r = shift;
my $ret = 0;
if ($project_id) {
my $dbh = connect_database($r);
my $sth = $dbh->prepare(
"SELECT * FROM projects WHERE projects.identifier=? and projects.is_public=true;"
);
$sth->execute($project_id);
$ret = $sth->fetchrow_array ? 1 : 0;
$sth->finish();
$dbh->disconnect();
} else {
$ret = 1;
}
$ret;
}
<pre>
This will allow access if the project_id is empty, and use the normal access checks otherwise. I don't know whether this will have side effects on other types of repositories like git, bzr, etc.
This patch should work for the curent stable version as well as for the current trunk.
Files
Please keep in mind here that this exposes the names of all svn repositories, so users will see the names of all projects, even the ones that are not public and they don't have rights on.
- Category changed from SCM to SCM extra
I would like to use SVNListParentPath on, any thoughts on how to implement it properly? Is there any way to filter repositories before show?
My personal case is that all users from my company (users authenticated by our LDAP server) can see all projects, and all other users (users authenticated by redmine's internal database) cannot see any project. Maybe doing that via apache would be more feasible...
I just created a patch to allow LDAP users to be authenticated to SVNListParentPath. It's poor because I copied the LDAP auth code, but for someone that haven't written a single line in Perl so far, it works!
Hi all,
I got a similar issue and i came up with this fix (sorry no patch, only code):
- checks if the request is made for the SVN root and grants access.
- also, only repositories the user has access to are displayed.
Redmine.pm:
### mostly original, edits marked
sub authen_handler {
my $r = shift;
my ($res, $redmine_pass) = $r->get_basic_auth_pw();
return $res unless $res == OK;
##### edit
my $loc = get_directive_location($r);
if (($r->uri eq $loc) || ($r->uri eq ( $loc . "/" ))) {
return OK;
}
##### end edit
if (is_member($r->user, $redmine_pass, $r)) {
return OK;
} else {
$r->note_auth_failure();
return DECLINED;
}
}
### added sub (basically a copy of 'get_project_identifier')
sub get_directive_location {
my $r = shift;
my $cfg = Apache2::Module::get_config(__PACKAGE__, $r->server, $r->per_dir_config);
my $location = $r->location;
$location =~ s/\.git$// if (defined $cfg->{RedmineGitSmartHttp} and $cfg->{RedmineGitSmartHttp});
$location;
}
Apache config (partial)
<Location /svn>
DAV svn
SVNAllowBulkUpdates Prefer
SVNParentPath /srv/svn
SVNListParentPath on
ErrorDocument 404 default
<LimitExcept GET PROPFIND OPTIONS REPORT>
Require valid-user
</LimitExcept>
<Limit GET PROPFIND OPTIONS REPORT>
Require valid-user
Require expr req('X-Forwarded-For') == "127.0.0.1"
</Limit>
PerlAccessHandler Apache::Authn::Redmine::access_handler
PerlAuthenHandler Apache::Authn::Redmine::authen_handler
AuthType Basic
AuthName "Redmine SVN Repository"
AuthUserFile /dev/null
RedmineDSN "DBI:mysql:database=redmine_db;host=redmine_host"
RedmineDbUser "redmine_user"
RedmineDbPass "redmine_pass"
</Location>
Env:
Environment:
Redmine version 2.5.1.stable
Ruby version 2.0.0-p481 (2014-05-08) [x86_64-linux]
Rails version 3.2.17
Environment production
Database adapter Mysql2
SCM:
Subversion 1.8.9
Mercurial 3.0.2
Git 2.0.1
Filesystem
Redmine plugins:
redmine_better_gantt_chart 0.9.0
Hope it helps!
Also available in: Atom
PDF
Updated by 
Updated by Toshi MARUYAMA 
Updated by 
Updated by