Repository permissions on paths

[amu...@klicap.es]

Hello,

I'm developer at clinkerhq.com. We are thinking about to integrate SCM Manager in Clinker, and we have a question over access control to repositories.

Currently SCM Manager provide access control to repositories, at repository level, like: "User A has READ access to repository B". I would like to know if it's possible to define a rule like this: "User A has READ access to repository path B:/trunk and READ/WRITE to path B:/branches".

Thanks.

Antonio.

[Sebastian Sdorra]

Hi,

This is possible with the pathwp-plugin. Have a look at https://bitbucket.org/sdorra/scm-manager/wiki/pathwp-plugin.

Sebastian

2013/2/10 <amu...@klicap.es>

--
You received this message because you are subscribed to the Google Groups "scmmanager" group.
To unsubscribe from this group and stop receiving emails from it, send an email to scmmanager+...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

[Antonio Manuel Muñiz Martín]

Hi Sebastian.

Ok. I'll take a look on it.
Thanks!

Antonio.

[Antonio Manuel Muñiz Martín]

Hi Sebastian,

I've been testing this plugin, it covers partially our needs. For
example, this case is not covered: "User A has READ on /trunk, and
only in /trunk".

Anyway, we think that SCM Manager will bring to Clinker a lot of good
things, so we are going to integrate it in Clinker SSO by developing a
custom plugin.

Thanks for your support!
Antonio.

2013/2/11 Antonio Manuel Muñiz Martín <amu...@klicap.es>:

--
Antonio Manuel Muñiz Martín
Software Developer at klicap - ingeniería del puzle

work phone + 34 954 894 322
www.klicap.es | blog.klicap.es

[Bernardo Costa]

I was taking a look at this plugin in order to mantain a certain structure of my subversion repos. I'd like to keep a structure with trunk/tags/branches directories with a group having write permissions on these directories only but not in the root path. So I gave a group read permission in the root path and with path protection plugin I tried to gave write permission to this group only on trunk/tags/branches directories. But it fails to give access to users in this group. The only member of these groups that can really have write access into these paths are administrators, not ordinary users. What could have gone wrong here ?

https://bitbucket.org/sdorra/scm-manager/wiki/pathwp-plugin

[Sebastian Sdorra]

Hi,

You have to grant write permissions for the group on the "Permission" tab. Each user and group which should write to the repository (no matter which path) needs write permissions on the "Permission" tab.

Sebastian

2014-02-04 Bernardo Costa <bf...@ig.com.br>:

[Bernardo Costa]

Ok, I have tested it again and a normal user can't really create a new folder on the repository root path. So, as I could understand, if I have path protection scheme enabled, the groups with write access in the repository will only have real write access if it is specified in the path protection tab and only in the folders it is configured there. Great ! This way I can configure a set o users who could create new folders in the repository root and normal users would have only access to tags/trunk/branches folders. Thanks!

[Sebastian Sdorra]

You must be careful granting write permissions to the root directory by inserting /*, means the user/group has write access to the whole repository. I'm not sure what you are trying todo, could you describe it in more detail with a example?

Sebastian

2014-02-05 12:11 GMT+01:00 Bernardo Costa <bf...@ig.com.br>:

Well, as I could understand, if the same group has write permissions on the root directory, they could change the scheme of trunk/tags/branches directories adding more folders. And in this situation, I wouldn't need to grant write permissions to this same group in the root's directories son as they would have it with a simpler configuration. What I am trying to do is avoiding such a situation where somebody could create a folder by accident in the root's repository. Is there a way to do this ?

Em quarta-feira, 5 de fevereiro de 2014 06h54min29s UTC-2, Sebastian Sdorra escreveu:

[Bernardo Costa]

There is not a real standard that has to be followed but the most common cases are three groups: read-only, read-write, admins. So admins can grant access to the other two groups and also can write in anywhere. I believe the synchronization of users between groupmanagers of read-only and read-write has to be done manually. Read-only can see the complete repo and read-write can write in trunk/tags/branches directories but not in the root path. Then, i set things like this:

/*                repo-admin

/tags/*         repo-read-only

/trunk/*        repo-read-only

/branches/*  repo-read-only

As I have tested, it works.

[Bernardo Costa]

Ops, I meant

/*                repo-admin

/tags/*         repo-read-write

/trunk/*        repo-read-write

/branches/*  repo-read-write

[Sebastian Sdorra]

Ok, now i understand what you are doing. Sorry, but i think there is no "better" way to do this.

Sebastian