SVN hook

[Philipp Mueller]

Hello,

I´m new to this topic and I have quite a hard time getting into programming hooks for my problem. I need a hook which can distinguish between three different user groups:

Group A: can do anything (delete tags and trunks, commit without comment) 

Group B: can commit to tags and delete tags/branches; CANNOT delete trunks and CANNOT commit without comment 

Group C: can commit to tags; CANNOT change or delete anything

Is there any way to do that?

I am very grateful for you help !

Greetings 

Philipp from Germany

[Johan Corveleyn]

On Wed, Aug 25, 2021 at 7:36 AM Philipp Mueller
<philipp....@mahle.com> wrote:
> Hello,
>
> I´m new to this topic and I have quite a hard time getting into programming hooks for my problem. I need a hook which can distinguish between three different user groups:
> Group A: can do anything (delete tags and trunks, commit without comment)
> Group B: can commit to tags and delete tags/branches; CANNOT delete trunks and CANNOT commit without comment
> Group C: can commit to tags; CANNOT change or delete anything
>
> Is there any way to do that?

I've used a predecessor of these pre-commit hook scripts for
implementing similar checks at my company:
https://github.com/qazwart/SVN-Precommit-Kitchen-Sink-Hook

They work really well and are quite easy to configure IMHO.

HTH,
--
Johan

[Justin MASSIOT | Zentek]

Hi Philipp,

Not an expert either but from what I know, what you expect seems to be possible.

I think the best way for you to learn about hooks - apart from the official doc - is to look at the templates created by default when you create a repo ("svnadmin create"). You can also find some examples in the SVN repo:

https://svn.apache.org/viewvc/subversion/trunk/tools/hook-scripts/

https://svn.apache.org/viewvc/subversion/trunk/contrib/hook-scripts/

In your case, the way to go seems to be a pre-commit hook.

* For the commit message restriction, look at the examples.

* As for the "can do / can't do", the standard way would be to enforce "path-based authorization", but it isn't flexible at all because it doesn't support wildcards. I would personally recommend the use of "svnperms" which should do what you want: advanced path-based control (with regular expression support).

I have a kind of "framework for hooks" hosted on GitHub, this may help as an example.

Justin MASSIOT  |  Zentek

[Stefan Sperling]

On Wed, Aug 25, 2021 at 09:32:04AM +0200, Justin MASSIOT | Zentek wrote:
> * As for the "can do / can't do", the standard way would be to enforce
> "path-based
> authorization

> <https://svnbook.red-bean.com/en/1.8/svn.serverconfig.pathbasedauthz.html>",

> but it isn't flexible at all because it doesn't support wildcards.

Good news! Path-based authz does support wildcards as of 1.10.0:
http://subversion.apache.org/docs/release-notes/1.10.html#authzperf

[Justin MASSIOT | Zentek]

Thanks Stefan, I thought I've seen that feature in the past but I've been unable to find the documentation.

That's a pity there isn't an up-to-date documentation for the latest SVN releases, apart from the release notes... (or, is there any?)

Justin MASSIOT  |  Zentek

[Daniel Sahlberg]

I was also lost when wildcard path-based authz was discussed a few weeks ago. Some help to write the documentation is surely welcome and I guess the Subversion book's authors will appreciate a contribution. I'm planning to look at it but it is fairly low on my list of priorities.

Kind regards,

Daniel Sahlberg 

[Pavel Lyalyakin]

Hello,

AFAIK in the past there was some discussion [1] about the future of
SVNBook. See this [2] thread, too.

[1]: https://svn.haxx.se/dev/archive-2018-09/0006.shtml
[2]: https://mailman.red-bean.com/pipermail/svnbook-dev/2016-March/008030.html

--
With best regards,
Pavel Lyalyakin
VisualSVN Team