#6701 Integrate allura authorization with Git/SVN(over HTTP)

sf-4 (350)
Cory Johns

Originally created by: rferreira-itav

Right now allura can set permissions for access to code repositories, but they are only applied when cloning repositories over ssh (because of fuse/accessfs). It would be nice if the same was also possible when Git/SVN are accessed over HTTP.

In our deployment we run Git(git-http-backend) SVN(Apache mod_svn), and we created an access handler for apache to handle Git and SVN requests, authenticating against LDAP, and checking permissions against the /repo_permissions/ web service.

I'm attaching the access handler script, with a Git config example inside. The SVN settings should be similar.

A few missing pieces:
- Unlike accessfs.py there is no caching yet
- Unfortunately I know nothing about Mercurial over HTTP so I never added support for it :S

Hopefully this is useful to someone out there

1 Attachments


Tickets: #5424
Tickets: #7134
Tickets: #7287


  • Dave Brondsema

    Dave Brondsema - 2013-09-23
    • status: open --> code-review
  • Dave Brondsema

    Dave Brondsema - 2013-11-06
    • QA: Dave Brondsema
  • Dave Brondsema

    Dave Brondsema - 2013-12-05

    I am working on [#5424] so that there's a place to explain how to use this script.



    Tickets: #5424

  • Dave Brondsema

    Dave Brondsema - 2014-03-07
    • Size: --> 4
    • Milestone: limbo --> forge-mar-21
  • Cory Johns

    Cory Johns - 2014-03-18
    • QA: Dave Brondsema --> Cory Johns
  • Cory Johns

    Cory Johns - 2014-03-19


    I refactored the handler and converted it to POST to a (configurable) login URL for auth (e.g., /auth/do_login). The idea being that it use Allura to verify the auth, so that whatever auth method Allura is configured to use gets used automatically by the SCM.

  • Cory Johns

    Cory Johns - 2014-03-20
    • status: code-review --> closed
  • Dave Brondsema

    Dave Brondsema - 2014-03-20

    Did we get docs/scm_host.rst updated for these changes too?

  • Dave Brondsema

    Dave Brondsema - 2015-01-05
    • Milestone: unreleased --> asf_release_1.2.0