ACLs and Web Interfaces?
Jeff Abbott
fdiv_bug at sniping.org
Wed Feb 27 17:06:48 GMT 2008
Folks,
I'm evaluating whether or not Bazaar could replace our existing
Subversion-based workflow, and the largest question that's come up is
with access control.
We take great advantage of Subversion's authorization facilities with
mod_authz_svn, and the ability of ViewVC to use that same authorization
file to determine who should and shouldn't be able to see portions of
the repository over the web. bzr+https looks to be quite fully featured
and capable (at least, with the patch from
https://lists.ubuntu.com/archives/bazaar/2008q1/037864.html which
doesn't appear to have been filed as a bug yet), but it seems my only
option with that would be to use <Location> directives in the Apache
configuration to restrict access to different paths, and that causes a
traceback for denied users. That doesn't cover web browsing, either,
with something like Loggerhead.
Does anyone on the mailing list have any suggestions? Basically, what I
need is the ability to restrict read and write access for users and
groups to different branches on the server. Ideally I'd also like for
that same authorization source to apply to the web interface, though
that's not a /strict/ requirement. Thoughts?
Thanks,
Jeff
More information about the bazaar
mailing list