Defect #4338

Not perfect svn auth thru perl module

Added by Frank Costello almost 8 years ago. Updated almost 8 years ago.

Status:ClosedStart date:2009-12-04
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:Permissions and roles
Target version:0.9.0
Resolution:Fixed Affected version:0.8.7

Description

Its really greate feature, but i have one valueble notice:

svn repo here:
http://example.com/svn/project1

In redmine user John is a participant of Project1 but he dont have access to repo, and in redmine he dont have module.
But if he goes to http://example.com/svn/project1 and type his login and password he will got access to repo.
Its very bad for me, because i have some people that must not have access to repo and must have access to trackers.
thank you.

Associated revisions

Revision 3215
Added by Jean-Philippe Lang almost 8 years ago

Redmine.pm: deny access if user doesn't have browse_repository permission (#4338).

History

#1 Updated by Frank Costello almost 8 years ago

My native language is Russian. Я говорю по-русски:)

#2 Updated by Felix Schäfer almost 8 years ago

Unfortunately, я не говорю по-русски (well, not anymore than that, obviously ;-) ), but I think we will find a solution for that.

So basically, what you are asking for should be solvable with the roles and permissions in Redmine. Have a look at Adminitration (top left menu) > Roles and permissions > Permission Report (at the bottom), there you have an overview of all permissions you can give to a particular role or "class of users". Scroll down a bit to get to the Repository section, in which you have the Browse repository and Commit access permissions. Those give respectively read and write access to the Repository tab and the "real" repository of a project.

Please note that for a public project, anyone logged in but not in the project will have the role Non member, and for a public Redmine, anyone not logged in has the role Anonymous. For more information, have a look at the guide, it might give more detail on some options.

#3 Updated by Frank Costello almost 8 years ago

i swear that no one box is checked in http://localhost/redmine/roles/report
but when user goes to localhost/svn/project1 and type login:pass he can view repo.
maybe it is a bug?

#4 Updated by Thomas Pihl almost 8 years ago

Are you sure you are using redmine for authentication?

See http://www.redmine.org/wiki/redmine/Repositories_access_control_with_apache_mod_dav_svn_and_mod_perl

PerlAccessHandler Apache::Authn::Redmine::access_handler
PerlAuthenHandler Apache::Authn::Redmine::authen_handler

are the cruicial parts.

/T

#5 Updated by Frank Costello almost 8 years ago

Thomas Pihl wrote:

Are you sure you are using redmine for authentication?

See http://www.redmine.org/wiki/redmine/Repositories_access_control_with_apache_mod_dav_svn_and_mod_perl

PerlAccessHandler Apache::Authn::Redmine::access_handler
PerlAuthenHandler Apache::Authn::Redmine::authen_handler

are the cruicial parts.

/T

Ofcourse i use redmine authentication, but this method auth whole list of project participants, not only roles with access to repository.

#6 Updated by Jean-Philippe Lang almost 8 years ago

  • Status changed from New to Closed
  • Target version set to 0.9.0
  • Resolution set to Fixed

Fixed in r3215. Redmine.pm now checks that the user has the browse_repositories permission.

Also available in: Atom PDF