使用 Trac 权限组的 SVN 写入身份验证
我正在启动一个小型开源项目,并且已经有一个存储库和 Trac 实例正在运行。我安装了 AccountManager 插件,并且有 RegistrationModule,因为我希望用户即使没有增加权限也能够创建帐户并提交票证(又名我希望任何人都可以提交错误报告)。
我只为经过身份验证的用户设置读取访问权限和写入访问权限。这是我的 dav_svn.conf 文件的一部分。
AuthType Basic
AuthName "Subversion Repository"
AuthUserFile /trac-pages/ocm/htpasswd
# To enable authorization via mod_authz_svn
#AuthzSVNAccessFile /etc/apache2/dav_svn.authz
# The following three lines allow anonymous read, but make
# committers authenticate themselves. It requires the 'authz_user'
# module (enable it with 'a2enmod').
<LimitExcept GET PROPFIND OPTIONS REPORT>
Require valid-user
</LimitExcept>
但是,如果有人在 Trac 上使用 RegistrationModule 并创建帐户,那么他们可以写入存储库,而无需获得进一步的权限。我希望只有 Trac 上“经过身份验证”组中的用户才能提交到存储库。
I'm starting up a small open source project and I have a repository and Trac instance running already. I installed the AccountManager plugin and I have the RegistrationModule, because I want users to be able to make accounts and submit tickets even without increased permissions (aka I want bug reports to be filed by anybody).
I've set up read access and write access only to authenticated users. Here's part of my dav_svn.conf file.
AuthType Basic
AuthName "Subversion Repository"
AuthUserFile /trac-pages/ocm/htpasswd
# To enable authorization via mod_authz_svn
#AuthzSVNAccessFile /etc/apache2/dav_svn.authz
# The following three lines allow anonymous read, but make
# committers authenticate themselves. It requires the 'authz_user'
# module (enable it with 'a2enmod').
<LimitExcept GET PROPFIND OPTIONS REPORT>
Require valid-user
</LimitExcept>
But if somebody uses the RegistrationModule on Trac and creates an account, then they can write to the repository without being given further permissions. I want to make it so that only users in the "authenticated" group on Trac can commit to the repository.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
嗯...Trac 上的“经过身份验证”的组自动包含所有已登录的用户,包括刚刚注册新帐户并登录的每个人。所以听起来您需要一种方法来限制 svn 访问权限,仅允许那些具有某些权限的用户访问。其他权限/组。 (您可以使用 Trac 源中的
sample-plugins/permissions/extrapermissionsprovider.py创建任意新权限。)不过,我不知道如何让 svn 查看 Trac 来获取该信息。
您可以查看这个或这个插件来自 trac-hacks 让您可以从 Trac 中管理您的 svn 访问。 (警告:我没有使用过它们。)这可能会让你做一些接近你想要的事情。
披露:我是 Trac 开发人员之一。
Uhm... The "authenticated" group on Trac automatically contains all users that have logged in, including everyone who just registered a new account and logged in. So it sounds like you need a way to restrict svn access to only those users with some other permission/group. (And you can create arbitrary new permissions using
sample-plugins/permissions/extrapermissionsprovider.pyfrom the Trac sources.)I don't know how you would make svn look at Trac for that information though.
You might look into this or this plugin from trac-hacks to let you manage your svn access from within Trac. (Caveat: I haven't used them.) That may let you do something close to what you want.
Disclosure: I am one of the Trac devs.