Subversion info: Collabnet Subversion Edge 3.2.2 SVN Version: 1.8.0 Apache HTTP Server 2.4.4 Using mod_authz_svn, no ldap
What I'm trying to do is allocate access of a Subversion project to all developers on the team, but have certain directories that only certain developers should be given access to. Rather than create dozens of entries like so:
@superdevs = trusteddev, projman
@devs = @specdevs, user1, user2, user3
[/]
* = rw
[MyProj:/]
~@devs =
[MyProj:/trunk/AllDevs/SuperDevsOnly]
~@superdevs =
[MyProj:/trunk/ManyOtherDirs/SuperDevsOnly]
~@superdevs =
# the list goes on and on...
Is it possible to configure the path-based authorization file to define a file pattern instead of explicitly creating an entry for each restricted path? I'm hoping to avoid adding 200+ entries to the authorization file as I know more entries will affect performance of all SVN operations hosted on the server. This also seems like a lot of work to secure sensitive code that is necessary to build our final solution.
TL;DR; Can you define common file patterns when setting up Subversion's Path-Based Authorization file instead of defining a rule for each explicit file or directory you need to restrict?
ONE MORE THING
I am familiar with externals, but we have not been able to get them to work with our continuous integration system, and the powers that be do not want to "waste time" to update or replace it at the moment.
The wildcard issue has been discussed for quite some time with svn, and there is an open bug report for it:
http://subversion.tigris.org/issues/show_bug.cgi?id=2662
The last comment (from June 2013) included the following statement:
The pre-commit hook svnperms.py has limited wildcard support, only for writes, not for reads: https://stackoverflow.com/questions/916758/set-up-svnperms-pre-commit-hook
Subversion 1.10 supports globbing wildcards in path-based authorization: https://subversion.apache.org/docs/release-notes/1.10.html#authzperf