read rights on repository not taken into account by Redmine

Added by gabriel scolan over 10 years ago

Dear all,

I'm facing an issue that might be a mis-use of Redmine integration with subversion...
I've set up my repository so that only one user (me) can have read access to the content. When I "connect" the repository to a Redmine project, I'm asked to fill in the field 'SCM', 'URL', 'login', 'password'.

When I set up all of these fields, I see the content of the repository, but any other user, set up as a member of the project in Redmine (but with no svn rights), does as well !
When I do not define the login and password, then nothing is visible from Redmine, even to me.

Did I miss something ? Is it a missing feature ? is it a bug ? My idea was that in Redmine repository tab, only what is allowed by svn to be read shall be displayed, depending on the user connected in Redmine.

Has anyone any idea ?

many thanks

gabriel

PS: I'm on 0.8.1, svn 1.5

Replies (6)

RE: read rights on repository not taken into account by Redmine - Added by Mats Klepsland over 10 years ago

gabriel scolan wrote:

Dear all,

I'm facing an issue that might be a mis-use of Redmine integration with subversion...
I've set up my repository so that only one user (me) can have read access to the content. When I "connect" the repository to a Redmine project, I'm asked to fill in the field 'SCM', 'URL', 'login', 'password'.

When I set up all of these fields, I see the content of the repository, but any other user, set up as a member of the project in Redmine (but with no svn rights), does as well !
When I do not define the login and password, then nothing is visible from Redmine, even to me.

Did I miss something ? Is it a missing feature ? is it a bug ? My idea was that in Redmine repository tab, only what is allowed by svn to be read shall be displayed, depending on the user connected in Redmine.

Has anyone any idea ?

many thanks

gabriel

PS: I'm on 0.8.1, svn 1.5

When you setup a repository for a Redmine project you tell it which SVN account to use (username, password, etc). This account is used to display the SVN repository in Redmine and is therefore shared with all the members in the project. In your case everyone involved in the project sees your SVN repository. This is a feature and is not meant for single (one user) use. It's meant for sharing a repository in a project with all the members involved in that project.

RE: read rights on repository not taken into account by Redmine - Added by gabriel scolan over 10 years ago

Ok, thanks for the precisions.

Don't you think that it would be useful to be allowed to navigate through the repository according to the reading rights set up in Subversion ?
Should I trace this as a new feature ?

many thanks

gabriel

RE: read rights on repository not taken into account by Redmine - Added by Mauro Toffanin over 10 years ago

gabriel scolan wrote:

Don't you think that it would be useful to be allowed to navigate through the repository according to the reading rights set up in Subversion ?

you can do it changing the users permissions on the Redmine administration section.

RE: read rights on repository not taken into account by Redmine - Added by gabriel scolan over 10 years ago

Mauro Toffanin wrote:

you can do it changing the users permissions on the Redmine administration section.

This is not exactly what I meant. I meant that the subdirectories contained in the repository should be visible only if the user is allowed via the svn configuration. The permissions are associated to the complete repository.

One solution could be to define as many projects as necessary to map the repository organisation, but it is a bit heavy. Better would be to use the login/password of the redmine session and use them instead of using the login/password configured by the Manager in the "settings" tab. Is this feasible ?

RE: read rights on repository not taken into account by Redmine - Added by Mauro Toffanin over 10 years ago

You continue to not understand, Redmine do not know anything about your local subversion repository, how it can? redmine users are stored inside its db and subversion users/permissions rules are stored into the local repositories .conf files; it's not a redmine bug or a missing feature. Keep in mind that redmine SCM integration is *just for browsing repositories and nothing else.

You can try this tutorial if you want to control creation of SVN repositories from Redmine.

(1-6/6)