#6701 Integrate allura authorization with Git/SVN(over HTTP)
Originally created by: rferreira-itav
Right now allura can set permissions for access to code repositories, but they are only applied when cloning repositories over ssh (because of fuse/accessfs). It would be nice if the same was also possible when Git/SVN are accessed over HTTP.
In our deployment we run Git(git-http-backend) SVN(Apache mod_svn), and we created an access handler for apache to handle Git and SVN requests, authenticating against LDAP, and checking permissions against the /repo_permissions/ web service.
I'm attaching the access handler script, with a Git config example inside. The SVN settings should be similar.
A few missing pieces:
- Unlike accessfs.py there is no caching yet
- Unfortunately I know nothing about Mercurial over HTTP so I never added support for it :S
Hopefully this is useful to someone out there
I am working on [#5424] so that there's a place to explain how to use this script.
Related
Tickets:
#5424cj/6701I refactored the handler and converted it to POST to a (configurable) login URL for auth (e.g.,
/auth/do_login). The idea being that it use Allura to verify the auth, so that whatever auth method Allura is configured to use gets used automatically by the SCM.Did we get docs/scm_host.rst updated for these changes too?