SVN's authz and folder renaming

Question

Say I want to prevent certain users form accessing certain folders in my SVN repo. I just do:

[/]
* = rw

[/NewSecretFolder]
* = rw
some_poor_sap = 

But what if that folder was renamed from SecretFolder to NewSecretFolder? Will user some_poor_sap be able to access the history for /SecretFolder?

Answer 1

Yes, he will be able then. You need to do

[/]
* =

And then allow access to required users where needed. This is how I do that.

Answer 2

The authz file authorization mechanism is entirely path based and ignores the different names an object may have at other revisions. So when you access the repository at a certain revision, the authorizations will be applied according to the folder names at that revision.

So when I have these authorizations:

[/]
* = r

[/MyProject]
* = 
devs = rw

And I rename the project to MyRenamedProject, then I change the authorizations like this:

[/]
* = r

[/MyProject]
* = 
devs = r

[/MyNewProject]
* = 
devs = rw

Here I kept the old project path in the authz file and granted read access to ensure that the devs can always still read the history of the project from before the rename.

Also note that we always grant at least read-access to the root and then take it away again with a * = in the project authorizations, to work around the strange svn copy issues. I suspect this is only relevant if you're using apache to host SVN.