如何限制 SVN 中的用户仅访问提交的日志历史记录(无 RO 访问权限)
我需要限制 SVN 用户只能获取带有修订号和消息的修订日志,以及已更改文件的列表。
用户不得访问源文件内容。
我们需要它来将项目管理系统与 Redmine 集成,这样它就会自动更新问题状态,并能够通过获取 SVN 修订日志消息来列出变更日志。出于安全原因,我们不希望该用户访问源。
你有什么想法吗?提前致谢。
I need to restrict a SVN user to be able to obtain only the revision log with revision number and message, and the list of changed files as well.
The user must not have access to the source files content.
We need this to integrate the project management system with Redmine so it will automatically update the issue status and be able to list the changelog by getting the SVN revision log messages. We don`t want this user to have access to the sources by security reasons.
Do you have any ideas? Thanks in advance.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
哇:这是一个非常不寻常的请求,我不确定是否可能。
我只能想到一种(非常遥远)的可能性:向这组人授予对存储库根目录的访问权限,但拒绝他们自己对分支、标签和主干子目录的访问权限。用户可能能够在存储库的根目录上执行 svn log,但无法自行签出文件。
我真的没有时间设置完整的测试,但这是我能想到的唯一可能性。授权中类似这样的事情。我什至不确定此语法是否 100% 正确:
另一种可能性:使用基于 Web 的程序或客户端服务器类型程序来查看日志信息。例如,想象一个有限的程序可以执行“svn ls”或“svn log”,但仅此而已。服务器可以完全访问 Subversion 存储库,但只允许有限的查询。
最后一种可能性(也是我的偏好)是使用像 Jenkins 这样的连续构建系统在每次签入时进行构建Jenkins 将让您轻松查看每个构建中发生的更改,甚至会列出已更改的文件,但拒绝访问源代码。对于这个特定的用户群来说,这很可能已经足够好了。
更好的是,Jenkins 可以与 Redmine 集成,这样 Redmine 就可以引入更改。
Wow: This is a very unusual request, and I'm not sure if it is possible.
I can only think of a single (very remote) possibility: Give access to the root of the repository to this group of people, but deny them access to the branches, tags, and trunk subdirectory themselves. It is possible that the user might be able to do a svn log on the root of the repository, but won't be able to checkout the files themselves.
I really don't have time to setup a complete test, but that's the only possibility I can think of. Something like this in authorization. I'm not even sure if this syntax would be 100% correct:
Another possibility: Use a web based program or a client server type program to view the log information. For example, imagine a limited program that can do either "svn ls" or "svn log", but that's all. The server could have full access to the Subversion repository, but only allow for limited querying.
The final possibility (and my preference) is to use a continuous build system like Jenkins to do a build on every check in. Jenkins will make it easy to see what changed in each build, and will even list the files that were change, but deny access to the source. It is very likely that this is good enough for this particular group of users.
Even better, Jenkins can integrate with Redmine, so Redmine can pull in the changes.
此解决方案来自另一个问题。将这些行添加到 svnserve.conf 文件:
这可以在未经授权的情况下从命令行运行:
This solution from another question. Add these lines to the svnserve.conf file:
This works from command line without authorization: