Originally created by: rferreira-itav
Right now allura can set permissions for access to code repositories, but they are only applied when cloning repositories over ssh (because of fuse/accessfs). It would be nice if the same was also possible when Git/SVN are accessed over HTTP.
In our deployment we run Git(git-http-backend) SVN(Apache mod_svn), and we created an access handler for apache to handle Git and SVN requests, authenticating against LDAP, and checking permissions against the /repo_permissions/ web service.
I'm attaching the access handler script, with a Git config example inside. The SVN settings should be similar.
A few missing pieces:
- Unlike accessfs.py there is no caching yet
- Unfortunately I know nothing about Mercurial over HTTP so I never added support for it :S
Hopefully this is useful to someone out there
I am working on [#5424] so that there's a place to explain how to use this script.
Related
Tickets:
#5424cj/6701
I refactored the handler and converted it to POST to a (configurable) login URL for auth (e.g.,
/auth/do_login
). The idea being that it use Allura to verify the auth, so that whatever auth method Allura is configured to use gets used automatically by the SCM.Did we get docs/scm_host.rst updated for these changes too?