[mod_python] Using mod_python to customise subversion repository access.

Graham Dumpleton grahamd at dscpl.com.au
Fri Sep 1 02:30:45 EDT 2006


Deron Meranda wrote ..
> >   BLOCK_URI = '/svn/drives/!svn/*/*/packages/tags/*/*/*'
> >
> >   BLOCK_METHOD = [ 'MKCOL', 'PUT', 'PROPPATCH', 'CHECKOUT',
> >           'MERGE', 'MKACTIVITY', 'LOCK', 'UNLOCK' ]
> >
> >   def authzhandler(req):
> >       if fnmatch.fnmatch(req.uri, BLOCK_URI):
> >           if req.method in BLOCK_METHOD:
> >               return apache.HTTP_FORBIDDEN
> >       return apache.OK
> 
> I like to reverse this logic and list those methods I want
> to allow instead of those to block.  There are so many
> different methods (and more being invented by the
> DAV working groups all the time), that I don't want
> to leave one out.
> 
> The methods needed for complete read-only access are:
>    ['GET','HEAD','OPTIONS','PROPFIND','REPORT']

I knew someone would pick me up on that, as has been done before. My
only excuse is that I am playing at this point.

As it turns out, I should have been blocking "MOVE" and "DELETE" as
well for that part of the tree. If I had taken the other approach of only
allowing 'OPTIONS', 'GET', 'PROPFIND', 'REPORT' and 'COPY', then I
would have indeed been okay for the default case. :-)

Graham


More information about the Mod_python mailing list