subversion-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Grant <>
Subject Re: File access control
Date Fri, 30 Sep 2011 23:37:05 GMT
>> I see that subversion supports path-based authorization:
>> Is there a way to do file-based authorization?  Or maybe some sort of
>> trickery to mimic file-based authorization?  If not, can anyone think
>> of a way to allow read/write access to only certain files in a working
>> system?  I could use chmod/chown but the files to which access is
>> allowed will be changing pretty frequently so it would be nice to have
>> accessible files defined in a list as part of the version control
>> system, file transport mechanism, or anything else.
> Files are paths too.  The path-based authz applies to any path (folder
> or file).  For example:
> [repos:/trunk/readme.txt]
> @releng = rw
> * = r
> A rule like that works fine.

That's great news.  I've never used a version control system or any
sort of developer framework.  Would something like this work?

I set up a dev machine, install subversion, and copy all necessary
files from my production machine to the dev machine.  I decide which
file or files I want my dev to work on and give him read/write access
to only those files (and neither read nor write access to any other
files) via path-based authz on the dev machine.  He uses subversion to
edit the permissible files and test his changes on the dev machine.
Once he is done, I test the dev machine to verify everything is
working after his changes, take a look at the specific code changes he
made, and then import the changes to the production machine.  Then I
change the files he has access to via path-based authz and repeat the
process.  Should this work?

How does "He uses subversion to edit the permissible files and test
his changes on the dev machine" work?  Maybe subversion allows him to
download copies of the permissible files, edit them locally, and
upload them back to the dev machine?

Should subversion be installed on the production machine too?

As far as why I'm doing this, the server-side code for my website is
in a series of many files.  I'd like to hire a dev to work on some of
those files, but I don't want to give him read or write access to any
of the files besides the ones he is working on.  The problem is, each
of the files can't be coded in isolation.  He needs to be able to test
his changes in a running version of the website.

- Grant

View raw message