[prev in list] [next in list] [prev in thread] [next in thread]
List: subversion-users
Subject: Access to the SVNParentPath
From: Andy Canfield <andy.canfield () pimco ! mobi>
Date: 2011-07-29 6:12:51
Message-ID: 4E324F63.9070902 () pimco ! mobi
[Download RAW message or body]
That's a wonderful thing about computers. Every time I come up with
something that is impossible, I figure out a way to do it.
My current test repository server is named "athol". But I can not look
at "http://athol/svn"; nobody is allowed to see that.
But, as of now, if I point my browser to "http://athol/Subversion", I
see this:
Subversion on Athol
Repositories
sample3 <http://athol/svn/sample3>
subdoc <http://athol/svn/subdoc>
How? Well, the file /Subversion/GSite/index.php is how:
<?php
$TITLE = "Subversion on Athol";
echo "<html>\n";
echo "<head>\n";
echo "<title>$TITLE</title>\n";
echo "</head>\n";
echo "<body>\n";
echo "<h1>$TITLE</h1>\n";
echo "<h2>Repositories</h2>\n";
$SVNParentPath = "/Subversion";
$RepoList = scandir( $SVNParentPath );
foreach ( $RepoList as $RepoName )
{
$TestRepo = $SVNParentPath . "/" . $RepoName . "/hooks" ;
if ( file_exists( $TestRepo ) )
{
echo "<a href='http://athol/svn/"
. $RepoName
. "'>"
. $RepoName
, "</a><br />\n";
}
}
closedir( $DIR );
echo "</body>\n";
echo "</html>\n";
?>
It is, of course, trivlal to use .htpassed to restrict access to this
web page to people who are supposed to be there, and even if someone can
bypass that restriction they only get a list of repositories; The
standard Subversion authz mechanism takes care of access to the
individual repositories.
It is also possible to extend this page with a form you can use to
create a new repository. The form would call up a php page that uses the
system() command to call svnadmin. Ahah! If we move /usr/sbin/svnadmin
into a directory which is only readable by Apache, that makes it
difficult for anyone to use svnadmin at all except through this page.
It's nasty; I love it.
It's compatable; all the standard commands of the form "svn ...
http://athol/svn/RepoName" still work as before. That's because access
to the individual repositories is still handled by Subversion.
Maybe one of those wonderful packages like WebSVN could have done that
for me, but I haven't got any of them to work yet. This took me an hour
to get up and running and I can make it do whatever I like.
I am happy! I think I've got it!
Of course, this depends on HTTP or HTTPS access to the production
server, which we're still working on. But it feels good. In the meantime
we can live with svn+ssh.
Thank you all very much.
[Attachment #3 (text/html)]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#ffffff">
That's a wonderful thing about computers. Every time I come up with
something that is impossible, I figure out a way to do it.<br>
<br>
My current test repository server is named "athol". But I can not
look at <a class="moz-txt-link-rfc2396E" \
href="http://athol/svn">"http://athol/svn"</a>; nobody is allowed to see that.<br> \
<br> But, as of now, if I point my browser to <a class="moz-txt-link-rfc2396E" \
href="http://athol/Subversion">"http://athol/Subversion"</a>, I see this:<br>
<blockquote>
<h1>Subversion on Athol</h1>
<h2>Repositories</h2>
<a href="http://athol/svn/sample3">sample3</a><br>
<a href="http://athol/svn/subdoc">subdoc</a><br>
</blockquote>
How? Well, the file /Subversion/GSite/index.php is how:<br>
<tt> <?php<br>
$TITLE = "Subversion on Athol";<br>
echo "<html>\n";<br>
echo "<head>\n";<br>
echo "<title>$TITLE</title>\n";<br>
echo "</head>\n";<br>
echo "<body>\n";<br>
echo "<h1>$TITLE</h1>\n";<br>
echo "<h2>Repositories</h2>\n";<br>
$SVNParentPath = "/Subversion";<br>
$RepoList = scandir( $SVNParentPath );<br>
foreach ( $RepoList as $RepoName )<br>
{<br>
$TestRepo = $SVNParentPath . "/" . $RepoName .
"/hooks" ;<br>
if ( file_exists( $TestRepo ) )<br>
{<br>
echo "<a href='<a class="moz-txt-link-freetext" \
href="http://athol/svn/">http://athol/svn/</a>"<br>
. $RepoName<br>
. "'>"<br>
. $RepoName <br>
, "</a><br />\n";<br>
}<br>
}<br>
closedir( $DIR );<br>
echo "</body>\n";<br>
echo "</html>\n";<br>
?><br>
</tt><br>
It is, of course, trivlal to use .htpassed to restrict access to
this web page to people who are supposed to be there, and even if
someone can bypass that restriction they only get a list of
repositories; The standard Subversion authz mechanism takes care of
access to the individual repositories.<br>
<br>
It is also possible to extend this page with a form you can use to
create a new repository. The form would call up a php page that uses
the system() command to call svnadmin. Ahah! If we move
/usr/sbin/svnadmin into a directory which is only readable by
Apache, that makes it difficult for anyone to use svnadmin at all
except through this page. It's nasty; I love it.<br>
<br>
It's compatable; all the standard commands of the form "svn ...
<a class="moz-txt-link-freetext" \
href="http://athol/svn/RepoName">http://athol/svn/RepoName</a>" still work as before. \
That's because access to the individual repositories is still handled by
Subversion.<br>
<br>
Maybe one of those wonderful packages like WebSVN could have done
that for me, but I haven't got any of them to work yet. This took me
an hour to get up and running and I can make it do whatever I like.<br>
<br>
I am happy! I think I've got it!<br>
<br>
Of course, this depends on HTTP or HTTPS access to the production
server, which we're still working on. But it feels good. In the
meantime we can live with svn+ssh.<br>
<br>
Thank you all very much.<br>
<br>
</body>
</html>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic