SVN pre-revprop-change hook script, working with active directory groups

Question

I've been looking for something simular but haven't been lucky.

I'm using VisualSVN Server and want to have a pre-revprop-change hook, which only allows users of certan active directory group to edit the log message.

I have a working script with local group members:

#pre-revprop-change.ps1 



# Function check if $user is a member of $group
function Check-GroupMembership
{
  param([string]$group, [string]$user)

  $server = get-content env:COMPUTERNAME
  $query = [ADSI]("WinNT://$server/$group,group")

  $ulist = $query.psbase.invoke("Members") |`
           %{$_.GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null)}

  $ulist -contains $user
}

# Store hook arguments into variables with mnemonic names
$repos    = $args[0]
$rev      = $args[1]
$user     = $args[2]
$propname = $args[3]
$action   = $args[4]

# Check user's group membership and deny revprop changes if a user does not belong to the svn_test group
      if (-not (Check-GroupMembership "svn_test" $user))
       {
        [Console]::Error.WriteLine("You are not allowed to change revision properties.")
        exit 1
       }

exit 0

#pre-revprop-change.bat 

[[[
@echo off

set PWSH=%SystemRoot%\System32\WindowsPowerShell\v1.0\powershell.exe

%PWSH% -command $input ^| %1\hooks\pre-revprop-change.ps1 %1 %2 %3 %4 %5

if errorlevel 1 exit %errorlevel%
]]]

I'm pretty sure that powershell can do that, but unfortunately I am no PS expert. :)

Thanks!

Answer 1

You can create a local Windows group and add those domain users who should have privileges to change revision properties to this group. E.g., create a local group named "vsvn-revprop-reponame-group". Then add domain users to this local group.