SVNAccess is a small Web application which lets one manage the access to SVN repositories through a simple interface.
SVNAccess uses existing Apache password files/users and stores information in a MySQL database in order to generate an AuthzSVNAccessFile formatted access file.
One can also delegate admin rights to a group and repository access to users so that repository owners can manage their own access.
· Apache Web Server
· PHP (version shouldn't matter)
· MySQL (version shouldn't matter)
· Existing Apache password file (such as htpasswd.svn)
· Existing Apache group file (such as htgroup.svn)
· This application placed in a location accessible web folder
Features and Usage:
1) Manage Groups
You can create new groups for users, and control membership to those groups from this page. You can edit existing groups, which really just allows you to rename a group. However, since the groups are stored in the database keyed on an ID number, you will not need to change anything in the repository management section. All group changes will automatically be reflected in the repository management section. Any user added to the "Admins" area of a group will then be allowed add and remove users from that group. This allows the delegation of maintaining group membership to regular SVN users. Admins DO NOT have the ability to do anything but add and remove members. They cannot change who is an admin, edit the group properties, or [de]activate the group. Any group that is made "inactive" will not be written out when the AuthzSVNAccessFile is created.
2) Manage Repositories
Repositories can be created and managed here. The only difference from Group Management is that the groups can be named anything, and the repositories must reflect actual SVN locations. For example: If you have a repository named "BigProject" you could create a repository named "BigProject:/" and "BigProject:/tags".
Since permissions propagate to children, all subfolders would inherit from "BigProject:/" except for "BigProject:/tags" which could have different permissions.
3) Create SVN Access File
Clicking this link at any time will force the AuthzSVNAccessFile to be recreated. For this to work of course, the file must be writable by the web server (usually means it has to be owned by the same user that the web server executes as). Permissions are
immediately updated and nothing has to be restarted for them to take effect.
4) General Access
It is perfectly safe to allow all valid users to access this app. This does two things. First, anyone who is not an "Admin" of a group or repository just won't be displayed any data or options. Second, anyone who DOES have admin access to a group or repository will be able to manage their resources.
1) Place all of the source into a web folder by itself. Typically this might be /svnaccess off of your DocumentRoot. For sanity's sake, we will assume that you have chosen that folder name for the rest of the steps.
2) Create a database for use by this application. This will be referred to here as $DB.
3) Import the svnaccess.sql file from the /svnaccess/install folder into $DB.
4) If you did a "checkout" instead of an "export" to retrieve the distribution (assuming of course that you got it from SVN and not from one of the released versions) you might want to delete any .svn folders. They won't hurt anything, but they probably shouldn't be there.
5) Copy the config-sample.php to config.php in the /svnaccess folder and then open it in the text editor of your choice. It has comments explaining all the changes that you should need to make.
6) Just like SVN, it is HIGHLY recommended that you use SSL for the location where you access this app. That way no plaintext passwords are transmitted over the internet (bad juju). Here is a sample config that you might use in your httpd.conf file.
< Location /svnaccess >
AuthName "SVN Access Administration"
< /Location >
7) Edit your htgroup.svn (or whatever) file. The config.php file references the proper group name (it defaults to repositoryadmins). Make sure you have a line that looks like this:
Where "superuser" would be a comma separated list of users who have full access rights to change all of the groups and repositories.
8) You will need to restart Apache in order for the httpd.conf changes to take effect.
What's New in This Release:
· User/password management capability was added and creation options for the Authz file were improved.