VisualSVN Server provides an extension for path-based authorization that allows users to browse to any location they have read access to, starting from the server root.
Starting from version 5.0, VisualSVN Server provides a per-repository authorization option named Implicit list folder permission for parents of readable paths. It allows users to navigate to any readable path without requiring read access to all parent folders of that path.
Imagine that a user has read access to
Previously, this would mean that:
- The user cannot browse to this location starting from the server root.
- The user cannot access it unless he knows the repository name and the exact path.
- The user cannot see the repository in the repository list.
To remove these drawbacks, VisualSVN Server 5.0 adds a per-repository option that automatically grants list folder permission to parents of paths readable by a user. These permissions do not grant read access to the content, but allow entering the corresponding folders.
Imagine a repository with read access permission for
The table below shows the detailed permission state and the corresponding client behavior.
|/repos/project/trunk||List folder||Read contents|
repos is shown in the repository list.
repos is not shown in the repository list.
/repos/project/trunk is discoverable starting from the server root.
/repos/project/trunk is not discoverable starting from the server root.
/repos/project/trunk is accessible without knowing the repository name and exact path.
/repos/project/trunk is not accessible without knowing the repository name and exact path.
|/repos/project/trunk can be checked out or downloaded.|
Configuring implicit list folder permission
The option to enable Implicit list folder permission for parents of readable paths is part of the per-repository authorization settings and can be found on the Advanced Security Settings dialog:
Follow these steps to enable implicit list folder permissions for a repository in VisualSVN Server Manager:
- Start the VisualSVN Server Manager console.
- Expand the Repositories node.
- Right-click the repository and click Properties.
- Click Advanced to open the Advanced Security Settings dialog.
- Select the Implicit list folder permission for parents of readable paths checkbox.
- Click OK to close the dialog.
- Click Apply in the Properties of the repository.
The authorization settings used by the Subversion and Windows authentication modes have independent values for this option. If you are using separate authorization profiles for distributed VDFS repositories, then you should configure it separately for each profile too.
Default implicit list folder permission setting for new repositories
VisualSVN Server allows configuring the state of the Implicit list folder permission for parents of readable paths option for all new repositories. The state of this option applies to all repositories created in VisualSVN Server Manager or with VisualSVN Server PowerShell.
Follow these steps to enable implicit list folder permissions for all new repositories:
- Start the VisualSVN Server Manager console.
- Click the Action | Properties main menu command.
- Click the Security tab.
- Select Implicit list folder permissions for parents of readable paths.
- Click Apply.
Managing the implicit list folder permission options through PowerShell
You can use PowerShell to view and toggle the above-mentioned authorization options that control implicit list folder permissions. This can be especially convenient for bulk operations on multiple repositories.
The per-repository option for implicit list folder permissions
For the per-repository option called Implicit list folder permissions for parents of readable paths, which turns implicit list folder permissions on or off for a specific repository, use the Get-SvnAccessConfiguration cmdlet to display the current state of this option for a particular repository or for all repositories. Using the Set-SvnAccessConfiguration cmdlet, you can toggle this per-repository option on or off for any repository.
Bulk operations on multiple repositories
Set-SvnAccessConfiguration cmdlets can operate on an
individual specified repository as well as on multiple repositories in
bulk. For example, to turn on implicit list folder permissions in all your
repositories, execute the following command:
Get-SvnAccessConfiguration | Set-SvnAccessConfiguration -ImplicitListFolderAccess Enabled
The global default setting
You can also view or change the global default Implicit list folder permissions for parents of readable paths setting, which determines whether implicit list folder permissions are turned on or off, by default, in newly added repositories.
To view the current default setting, use the
cmdlet. The value is stored in the property called
DefaultImplicitListFolderAccess. You can change this default
setting using the
cmdlet, for example:
Set-SvnServerConfiguration -DefaultImplicitListFolderAccess Enabled