Re: SVN hook

[Pavel Lyalyakin]

Hello,

On Wed, Aug 25, 2021 at 3:14 PM Daniel Sahlberg
 wrote:
>
> Den ons 25 aug. 2021 kl 13:56 skrev Justin MASSIOT | Zentek 
> :
>>
>> Thanks Stefan, I thought I've seen that feature in the past but I've been 
>> unable to find the documentation.
>> That's a pity there isn't an up-to-date documentation for the latest SVN 
>> releases, apart from the release notes... (or, is there any?)
>>
>> Justin MASSIOT  |  Zentek
>>
>>
>> On Wed, 25 Aug 2021 at 13:35, Stefan Sperling  wrote:
>>>
>>> On Wed, Aug 25, 2021 at 09:32:04AM +0200, Justin MASSIOT | Zentek wrote:
>>> > * As for the "can do / can't do", the standard way would be to enforce
>>> > "path-based
>>> > authorization
>>> > ",
>>> > but it isn't flexible at all because it doesn't support wildcards.
>>>
>>> Good news! Path-based authz does support wildcards as of 1.10.0:
>>> http://subversion.apache.org/docs/release-notes/1.10.html#authzperf
>
>
> I was also lost when wildcard path-based authz was discussed a few weeks ago. 
> Some help to write the documentation is surely welcome and I guess the 
> Subversion book's authors will appreciate a contribution. I'm planning to 
> look at it but it is fairly low on my list of priorities.
>
> Kind regards,
> Daniel Sahlberg


AFAIK in the past there was some discussion [1] about the future of
SVNBook. See this [2] thread, too.

[1]: https://svn.haxx.se/dev/archive-2018-09/0006.shtml
[2]: https://mailman.red-bean.com/pipermail/svnbook-dev/2016-March/008030.html

-- 
With best regards,
Pavel Lyalyakin
VisualSVN Team

Re: SVN hook

[Daniel Sahlberg]

Den ons 25 aug. 2021 kl 13:56 skrev Justin MASSIOT | Zentek <
justin.mass...@zentek.fr>:

> Thanks Stefan, I thought I've seen that feature in the past but I've been
> unable to find the documentation.
> That's a pity there isn't an up-to-date documentation for the latest SVN
> releases, apart from the release notes... (or, is there any?)
>
> Justin MASSIOT  |  Zentek
>
>
> On Wed, 25 Aug 2021 at 13:35, Stefan Sperling  wrote:
>
>> On Wed, Aug 25, 2021 at 09:32:04AM +0200, Justin MASSIOT | Zentek wrote:
>> > * As for the "can do / can't do", the standard way would be to enforce
>> > "path-based
>> > authorization
>> > <
>> https://svnbook.red-bean.com/en/1.8/svn.serverconfig.pathbasedauthz.html
>> >",
>> > but it isn't flexible at all because it doesn't support wildcards.
>>
>> Good news! Path-based authz does support wildcards as of 1.10.0:
>> http://subversion.apache.org/docs/release-notes/1.10.html#authzperf
>
>
I was also lost when wildcard path-based authz was discussed a few weeks
ago. Some help to write the documentation is surely welcome and I guess the
Subversion book's authors will appreciate a contribution. I'm planning to
look at it but it is fairly low on my list of priorities.

Kind regards,
Daniel Sahlberg

Re: SVN hook

[Justin MASSIOT | Zentek]

Thanks Stefan, I thought I've seen that feature in the past but I've been
unable to find the documentation.
That's a pity there isn't an up-to-date documentation for the latest SVN
releases, apart from the release notes... (or, is there any?)

Justin MASSIOT  |  Zentek


On Wed, 25 Aug 2021 at 13:35, Stefan Sperling  wrote:

> On Wed, Aug 25, 2021 at 09:32:04AM +0200, Justin MASSIOT | Zentek wrote:
> > * As for the "can do / can't do", the standard way would be to enforce
> > "path-based
> > authorization
> > <
> https://svnbook.red-bean.com/en/1.8/svn.serverconfig.pathbasedauthz.html
> >",
> > but it isn't flexible at all because it doesn't support wildcards.
>
> Good news! Path-based authz does support wildcards as of 1.10.0:
> http://subversion.apache.org/docs/release-notes/1.10.html#authzperf
>

Re: SVN hook

[Stefan Sperling]

On Wed, Aug 25, 2021 at 09:32:04AM +0200, Justin MASSIOT | Zentek wrote:
> * As for the "can do / can't do", the standard way would be to enforce
> "path-based
> authorization
> ",
> but it isn't flexible at all because it doesn't support wildcards.

Good news! Path-based authz does support wildcards as of 1.10.0:
http://subversion.apache.org/docs/release-notes/1.10.html#authzperf

Re: SVN hook

[Justin MASSIOT | Zentek]

Hi Philipp,

Not an expert either but from what I know, what you expect seems to be
possible.
I think the best way for you to learn about hooks - apart from the official
doc  -
is to look at the templates created by default when you create a repo
("svnadmin create"). You can also find some examples in the SVN repo:
https://svn.apache.org/viewvc/subversion/trunk/tools/hook-scripts/
https://svn.apache.org/viewvc/subversion/trunk/contrib/hook-scripts/

In your case, the way to go seems to be a *pre-commit* hook.
* For the commit message restriction, look at the examples.
* As for the "can do / can't do", the standard way would be to enforce
"path-based
authorization
",
but it isn't flexible at all because it doesn't support wildcards. I would
personally recommend the use of "svnperms
"
which should do what you want: advanced path-based control (with regular
expression support).

I have a kind of "framework for hooks" hosted on GitHub
, this may help as an example.

Justin MASSIOT  |  Zentek


On Wed, 25 Aug 2021 at 07:36, Philipp Mueller 
wrote:

> Hello,
>
> I´m new to this topic and I have quite a hard time getting into
> programming hooks for my problem. I need a hook which can distinguish
> between three different user groups:
>
> Group A: can do anything (delete tags and trunks, commit without comment)
>
> Group B: can commit to tags and delete tags/branches; CANNOT delete trunks
> and CANNOT commit without comment
>
> Group C: can commit to tags; CANNOT change or delete anything
>
> Is there any way to do that?
>
>
> I am very grateful for you help !
>
> Greetings
>
> Philipp from Germany
>
>

Re: SVN hook

[Johan Corveleyn]

On Wed, Aug 25, 2021 at 7:36 AM Philipp Mueller
 wrote:
> Hello,
>
> I´m new to this topic and I have quite a hard time getting into programming 
> hooks for my problem. I need a hook which can distinguish between three 
> different user groups:
> Group A: can do anything (delete tags and trunks, commit without comment)
> Group B: can commit to tags and delete tags/branches; CANNOT delete trunks 
> and CANNOT commit without comment
> Group C: can commit to tags; CANNOT change or delete anything
>
> Is there any way to do that?

I've used a predecessor of these pre-commit hook scripts for
implementing similar checks at my company:
https://github.com/qazwart/SVN-Precommit-Kitchen-Sink-Hook

They work really well and are quite easy to configure IMHO.

HTH,
-- 
Johan