ACLs and Web Interfaces?

Jeff Abbott fdiv_bug at
Wed Feb 27 17:06:48 GMT 2008


I'm evaluating whether or not Bazaar could replace our existing 
Subversion-based workflow, and the largest question that's come up is 
with access control.

We take great advantage of Subversion's authorization facilities with 
mod_authz_svn, and the ability of ViewVC to use that same authorization 
file to determine who should and shouldn't be able to see portions of 
the repository over the web.  bzr+https looks to be quite fully featured 
and capable (at least, with the patch from which 
doesn't appear to have been filed as a bug yet), but it seems my only 
option with that would be to use <Location> directives in the Apache 
configuration to restrict access to different paths, and that causes a 
traceback for denied users.  That doesn't cover web browsing, either, 
with something like Loggerhead.

Does anyone on the mailing list have any suggestions?  Basically, what I 
need is the ability to restrict read and write access for users and 
groups to different branches on the server.  Ideally I'd also like for 
that same authorization source to apply to the web interface, though 
that's not a /strict/ requirement.  Thoughts?


More information about the bazaar mailing list