Right now allura can set permissions for access to code repositories, but they are only applied when cloning repositories over ssh (because of fuse/accessfs). It would be nice if the same was also possible when Git/SVN are accessed over HTTP.
In our deployment we run Git(git-http-backend) SVN(Apache mod_svn), and we created an access handler for apache to handle Git and SVN requests, authenticating against LDAP, and checking permissions against the /repo_permissions/ web service.
I'm attaching the access handler script, with a Git config example inside. The SVN settings should be similar.
A few missing pieces:
- Unlike accessfs.py there is no caching yet
- Unfortunately I know nothing about Mercurial over HTTP so I never added support for it :S
Hopefully this is useful to someone out there