Looking for Hook Script to restrict Folder deletion/update

jatin
jatin
Hi    Looking for (working)Hook Script to restrict Folder deletion/update.  If we have some documentation to to the required setup, it would be really helpful

Last updated

GPinzone
GPinzone
You want to ensure no folders get deleted, but files can be or do you want to lock down particular folders recursively? Also, is this in Windows or Linux?
jatin
jatin
Wanted to lock down folder for some set of users where they can add folder/files but cannot remove folder or files
GPinzone
jatin
jatin
Access control is not working as expected. User(user1) is able to delete under branches where he is not supposed to. Pls suggest    Pre-commit.bat:  REM precommit.bat script for Windows Systems  REM ### Set the location of the “svnlook” command below ###  set SVN_LOOK=C:\csvn\bin  set REPOS=%1  set TXN=%2  set HOOKS_DIR=C:\csvn\data\repositories\Test\hooks  set SVNLK=”C:\csvn\bin\svnlook.exe”  C:\csvn\data\repositories\Test\hooks\svnperms.py” -r “%REPOS%” -t “%TXN%”||exit 1  exit 0    svnperms.conf:  [groups]  admin = user1  group1 = user2  [Test]  branches/[^/]+/.* = @admin(add) @group1(update)  tags/[^/]+/ = user3,@admin(add) @group1(update)  trunk/.* = user3,@admin(add,remove,update) @group1(update)    Access Rules in corignal conf  [Test:/]  user1 = rw  user2 = rw  user3 = rw    Parameters:  C:\csvn\data\repositories\Test\hooks\pre-commit.bat C:\csvn\data\repositories\Test\ 1
GPinzone
GPinzone
The way you have it written, anyone can make, update, or delete a branch, but admins and group1 users are restricted under the new branch(es). If you want to lock out the whole branches directory including the base of the branches directory, I think you need to use:  branches/.* = @admin(add) @group1(update)  Look at this for examples: https://svn.apache.org/repos/asf/subversion/trunk/tools/hook-scripts/svnperms.conf.example
jatin
jatin
I think svnperms.conf is not working as expected.  If I create svnperms.conf as below, still user1/user2 can do rw operations      [/]  * = r      Pls suggest if the parameters used while invoking pre-commit.bat are in-correct(you can refer above thread for details).  Or is there any way to fix this script.
GPinzone
GPinzone
First, are you sure you're actually executing the python script? I'm assuming python is in your PATH and the .py extension is registered to the python executable, but don't assume the PATH variable is valid in your hook scripts. You should provide the full path to the python executable in the hook script BAT file and to the svnperms.py file. You should also try using the -f parameter and provide the full path to the svnperms.conf file. It's possible the svnperms.py script isn't finding the config. (The lack of a config file should trigger an error, so I'm not sure that's the problem, but try it anyway.)  I did find a bug with it back in 2008 that claims it won't work with Windows: http://subversion.tigris.org/issues/show_bug.cgi?id=3298 I don't know if it's still applicable, but there is a patch to fix it: http://svn.haxx.se/users/archive-2007-11/0823.shtml and http://subversion.tigris.org/ds/viewMessage.do?dsForumId=462&dsMessageId=1661097  Sorry, Python is one language that I'm not familiar with. If it was Perl, I could help.
jatin
jatin
[ATTACH]265[/ATTACH]    First, are you sure you're actually executing the python script? -> Python script details are provided in .BAT file so it should be invoked automatically  Yes,python is already st as an evn variables  .py extension is registered to the python executable - not sure how to check that  but don't assume the PATH variable is valid in your hook scripts -> ?  You should provide the full path to the python executable in the hook script BAT file ->which file ?  and to the svnperms.py file. --> already there  You should also try using the -f parameter and provide the full path to the svnperms.conf file -> done    It's possible the svnperms.py script isn't finding the config. (The lack of a config file should trigger an error, so I'm not sure that's the problem, but try it anyway.) - > looks like    Thaks for providing patch details but not sure how to use it.    Attching the updated bat file below. Pls suggest if you see any problem with that script    set REPOS=%1  set TXN=%2  set HOOKS_DIR=C:\csvn\data\repositories\Test\hooks  set SVNLK="C:\csvn\bin\svnlook.exe"    C:\csvn\data\repositories\Test\hooks\svnperms.py -r "%REPOS%" -t "%TXN%" -f C:\csvn\data\repositories\Test\conf\svnperms.conf  exit 1       exit 0
GPinzone
GPinzone
jatin;123069Thaks for providing patch details but not sure how to use it.[/QUOTE]  Google the patch command. You can also do it by hand in a text editor. It doesn't look that intricate.  [QUOTE=jatin;123069]Attching the updated bat file below. Pls suggest if you see any problem with that script  set REPOS=%1 set TXN=%2 set HOOKS_DIR=C:\csvn\data\repositories\Test\hooks set SVNLK="C:\csvn\bin\svnlook.exe"   C:\csvn\data\repositories\Test\hooks\svnperms.py -r "%REPOS%" -t "%TXN%" -f C:\csvn\data\repositories\Test\conf\svnperms.conf exit 1    exit 0
  Try this:  "C:\program files\python25\python.exe" C:\csvn\data\repositories\Test\hooks\svnperms.py -r "%REPOS%" -t "%TXN%" -f C:\csvn\data\repositories\Test\conf\svnperms.conf || exit 1 exit 0  Change the bolded part to the correct path to the Python you installed. You did install Python, yes? I'm beginning to wonder if you did.
jatin
jatin
GPinzone;123072Google the patch command. You can also do it by hand in a text editor. It doesn't look that intricate.    Jatin --> I tried to search but no luck    Try this:    "C:\program files\python25\python.exe" C:\csvn\data\repositories\Test\hooks\svnperms.py -r "%REPOS%" -t "%TXN%" -f C:\csvn\data\repositories\Test\conf\svnperms.conf || exit 1  exit 0    Change the bolded part to the correct path to the Python you installed. You did install Python, yes? I'm beginning to wonder if you did.
   Jatin --->  Yes Python is already installed. I am getting error during commit. I modified the bat file as below:  set REPOS=%1  set TXN=%2  set HOOKS_DIR=C:\csvn\data\repositories\Test\hooks  set SVNLOOK="C:\csvn\bin\svnlook.exe"    "C:\csvn\Python25\python.exe" C:\csvn\data\repositories\Test\hooks\svnperms.py -r "%REPOS%" -t "%TXN%" -f C:\csvn\data\repositories\Test\conf\svnperms.conf -A "user1"|| exit 1       exit 0      I [ATTACH]266[/ATTACH][ATTACH]267[/ATTACH]
GPinzone
GPinzone
You didn't use a patched svnperms.py. Try the one I'm attaching. I had to zip it to upload it: [ATTACH]268[/ATTACH]    I can't test it. Hopefully this will fix it.
jatin
jatin
GPinzone;123079You didn't use a patched svnperms.py. Try the one I'm attaching. I had to zip it to upload it: [ATTACH]268[/ATTACH]    I can't test it. Hopefully this will fix it.
     Thank You !!!! this worked
jatin
jatin
During further testing, found update is not working as expected. Below is the conf file:    [groups]    admin = user1  group1 = user2 u1 u2 u3    [Test]  branches/[^/]+/.* = @admin(add,update) @group1(add,update)  tags/[^/]+/ = user3,@admin(add) @group1(update)      If I update any file and commit it, I get below message:
GPinzone
GPinzone
You are trying to upload to the branches directory rather than a folder under it. If you change:  branches/[^/]+/.* = @admin(add,update) @group1(add,update)  to:  branches/.* = @admin(add,update) @group1(add,update)  Does it work?

1-15 of 15

Reply to this discussion

You cannot edit posts or make replies: You should be logged in before you can post.