1. Sebastian Sdorra
  2. scm-manager
Issue #62 resolved

Branch & Tag Access Control

Anonymous created an issue

Hi,

We are investigating using scm-manager in place of our current svn deployment to benefit from its multi-scm nature.

What we miss fisrt is the ability to control access to specific branches and tag in repositories.

What would be the preferred way to realize this feature? I have not found any extension point to build this as a plugin. Seems this requires at least some support on the core-side.

Comments (11)

  1. Sebastian Sdorra repo owner

    I think the best way to implement this feature is a plugin. You could check the permissions with a Servlet-Filter. Have a look at https://bitbucket.org/sdorra/scm-manager/src/tip/scm-plugins/scm-svn-plugin/src/main/java/sonia/scm/web/SvnPermissionFilter.java and https://bitbucket.org/sdorra/scm-manager/src/tip/scm-plugins/scm-svn-plugin/src/main/java/sonia/scm/web/SvnServletModule.java . You could store the extra permission as repository properties, for a example have a look at the scm-jenkins-plugins (https://bitbucket.org/sdorra/scm-jenkins-plugin).

  2. Anonymous

    Thanks for the pointers.

    I have reviewed both SVN and GIT access control features, as well as the provided scm-manager references, and it seems to me that our needs would be best served by a pre-commit hook. Both svn and git currently provide enhanced access policies through pre-commit hooks. But both are evidently scm-specific.

    I think of implementing a pre-commit hook to have a scm-independent access policy. But it seems a pre-commit-hook is currently not available in scm-manager.

    Did I overlook anything?

  3. Mike Zhao
    • changed status to open

    Hi Sebastian, with permission refinement on branch level in mind, we found this issue, well it is marked as resolved, we still want to ask if it is possible to use the pathw-plugin to confine access to Git branches.

    After installation that option is available for Git repo as a separate tab, but it doesn't seem to work with Git branches. We don't know what to associate "path" in Git with.

    We have LDAP integration and we want to grant only subset of users with write access to master branch.

    The pathw-plugin might be only for SVN repo, we are not sure. Maybe we have specified the path wrongly for Git repo, or branch level access control is already planned in the next release. It would be very nice if you can give us some further info. Thanks a lot.

    Best regards, Mike

  4. Sebastian Sdorra repo owner

    Hi, The pathwp plugin is only for protecting a path int the repository, not for a branch. The git branch support in scm-manager is not ready for a case like that. But the improvement of the branch support is planned for version 1.18. I will create a plugin to protect branches after version 1.18 is released.

  5. Log in to comment