Subversion Account Authorization from Trac WebAdmin
|Reported by:||Owned by:||Christopher Lenz|
Description (last modified by )
My trac/svn environment is set up such that both trac and the svn repository use the same authentication realm (htdigest). It would be nice if the WebAdmin plugin (pre Trac 0.11) or Trac (0.11+) would allow management of the svn.conf for each project to control authorization (read/write access) for the svn repository when the realm auth realm is shared.
Some sample config info:
[groups] project1-developers = user1, tracuser2, tracuser3 project2-developers = user2, tracuser2 [/] * = r [project1:/] @project1-developers = rw [project1:/branches/] user2 = rw [project2:/] @project2-developers = rw
<Location /project1> DAV svn SVNPath /var/trac/projects/project1 AuthzSVNAccessFile /var/svn/conf/svn.conf Satisfy Any Require valid-user AuthType Digest AuthName "project1" AuthUserFile /etc/conf/.htdigest </Location> <Location /project1> DAV svn SVNPath /var/trac/projects/project2 AuthzSVNAccessFile /var/svn/conf/svn.conf Satisfy Any Require valid-user AuthType Digest AuthName "project2" AuthUserFile /etc/conf/.htdigest </Location>
The interface would need to provide facilities to control the following in svn.conf:
- create/alter groups
- define paths for authorization (project/base would be implied)
- select from registered users to give access
- map users/groups to svn
The following backend processes need to be addressed:
- cleanup when user accounts are deleted from trac
I am sure there are some things that need to be addressed that I am missing, but I think this is a good start to spark some interest and conversation on the topic.