Defect #4338
closedNot perfect svn auth thru perl module
0%
Description
Its really greate feature, but i have one valueble notice:
svn repo here:
http://example.com/svn/project1
In redmine user John is a participant of Project1 but he dont have access to repo, and in redmine he dont have module.
But if he goes to http://example.com/svn/project1 and type his login and password he will got access to repo.
Its very bad for me, because i have some people that must not have access to repo and must have access to trackers.
thank you.
Updated by Frank Costello about 15 years ago
My native language is Russian. Я говорю по-русски:)
Updated by Felix Schäfer about 15 years ago
Unfortunately, я не говорю по-русски (well, not anymore than that, obviously ;-) ), but I think we will find a solution for that.
So basically, what you are asking for should be solvable with the roles and permissions in Redmine. Have a look at Adminitration (top left menu) > Roles and permissions > Permission Report (at the bottom), there you have an overview of all permissions you can give to a particular role or "class of users". Scroll down a bit to get to the Repository section, in which you have the Browse repository and Commit access permissions. Those give respectively read and write access to the Repository tab and the "real" repository of a project.
Please note that for a public project, anyone logged in but not in the project will have the role Non member, and for a public Redmine, anyone not logged in has the role Anonymous. For more information, have a look at the guide, it might give more detail on some options.
Updated by Frank Costello about 15 years ago
i swear that no one box is checked in http://localhost/redmine/roles/report
but when user goes to localhost/svn/project1 and type login:pass he can view repo.
maybe it is a bug?
Updated by Thomas Pihl about 15 years ago
Are you sure you are using redmine for authentication?
See http://www.redmine.org/wiki/redmine/Repositories_access_control_with_apache_mod_dav_svn_and_mod_perl
PerlAccessHandler Apache::Authn::Redmine::access_handler
PerlAuthenHandler Apache::Authn::Redmine::authen_handler
are the cruicial parts.
/T
Updated by Frank Costello about 15 years ago
Thomas Pihl wrote:
Are you sure you are using redmine for authentication?
See http://www.redmine.org/wiki/redmine/Repositories_access_control_with_apache_mod_dav_svn_and_mod_perl
PerlAccessHandler Apache::Authn::Redmine::access_handler
PerlAuthenHandler Apache::Authn::Redmine::authen_handlerare the cruicial parts.
/T
Ofcourse i use redmine authentication, but this method auth whole list of project participants, not only roles with access to repository.
Updated by Jean-Philippe Lang almost 15 years ago
- Status changed from New to Closed
- Target version set to 0.9.0
- Resolution set to Fixed
Fixed in r3215. Redmine.pm now checks that the user has the browse_repositories permission.