0

When a user is using TortoiseSVN and RapidSVN, he sees the files as they are on the server, and thus has the ability to delete them. I want to prevent that. Maybe to block the option to delete?

To clarify, I want the only way a file will be deleted from a server is that a user deletes it from his local drive, and then commits it to the server. I want to restrict the ability of any user to delete directly from the server.

tshepang
  • 12,111
  • 21
  • 91
  • 136
Oded
  • 795
  • 2
  • 12
  • 32
  • 1
    Do you want to make your repository read-only or just to prevent deletions (i.e. users can modify files, but not delete them)? – oggy Jul 28 '09 at 10:31
  • I want the users to not be able to delete files FROM THE SERVER. I don't mind them doing it locally. – Oded Jul 28 '09 at 10:45
  • That part I understand, but do you want your users to be able to modify the files in the repository (or "on the server" as you put it) in ways other than deletion or not? – oggy Jul 28 '09 at 11:04
  • My users check out the files and modify them as needed. But both in TortoiseSVN and in RapidSVN, they can see the files as they are in the server, not on the local directory. By mistake, they can delete files from the server. I want to prevent that. they will modify the files in the local directory and then will make a commit. – Oded Jul 28 '09 at 11:07
  • 1
    You know that the SVN DELETE command does not physically delete any files from your repository? They are just marked as deleted in the latest revision, but can still be recovered from the previous revisions. Once a file has been added to the repository it stays there for good (that's why I hate when somebody checks in garbage - even if I delete it in the subsequent commit it will still be in the repo and occupy the space...). – Pawel Krakowiak Jul 28 '09 at 11:42
  • can you explain how do I do that? recover previous revision? lets say I deleted a cpp file from the server. – Oded Jul 28 '09 at 11:47

2 Answers2

2

Trying to prevent anything on the client side is, as always, inherently insecure. Your users could always use a different client.

So you need to manage the access rights on the server side (in the repository itself). Unfortunately, as far as I know, SVN natively supports only "read" and "write" access levels. Giving someone "write" access means that the user is not only able to modify existing files, but also to add new files and to delete existing ones.

You might be able to add this functionality via a pre-commit hook.

oggy
  • 3,483
  • 1
  • 20
  • 24
  • I'm familiar with the PRE-COMMIT hook, can you explain in detail? – Oded Jul 28 '09 at 11:44
  • If you're familiar with Python or Perl, you can try tweaking commit-access-control.pl and svnperms.py hooks from: http://subversion.tigris.org/tools_contrib.html#hook_scripts Or try Google, you might find some pre-baked solutions. – oggy Jul 28 '09 at 14:39
0

Prevent deletions by adding pre-commit hook. In windows this can be done by adding "pre-commit.bat" in "Your_SVN_repository\hooks\" with content as follows.

@echo off
::
:: Stops commits that have deleted/renamed/moved files/folders.
::

setlocal

rem Subversion sends through the path to the repository and transaction id
set REPOS=%1
set TXN=%2

rem check for an delete command in commit
svnlook changed %REPOS% -t %TXN% | findstr /i /m /b D > nul

if %errorlevel% gtr 0  exit 0 else (goto err)

:err
echo. 1>&2
echo Your commit includes files/folder deleted or renamed from repository 1>&2
echo Deletion/Rename is not allowed from repository>&2
echo Please revert the deletion/rename changes 1>&2
exit 1
Pradeep Kumar B
  • 1