您可以使用下面提供的示例PowerShell预锁钩子脚本检查AD组成员身份。
的lock.ps1预 PowerShell脚本检查用户是否是管理员 Active Directory组的成员,并且拒绝,如果用户不是该组成员的窃取锁。
把这两样预lock.bat和预lock.ps1到你的资料库“钩子”的文件夹,例如C:\Repositories\repository\hooks\
。
预lock.ps1
# Function check if $user is a member of $group
function Check-GroupMembership
{
param([string]$group, [string]$user)
$server = get-content env:COMPUTERNAME
$query = [ADSI]("WinNT://$server/$group,group")
$ulist = $query.psbase.invoke("Members") |`
%{$_.GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null)}
$ulist -contains $user
}
# Store hook arguments into variables with mnemonic names
$repos = $args[0]
$path = $args[1]
$user = $args[2]
$comment = $args[3]
$steallock = $args[4]
# Build path to svnlook.exe
$svnlook = "$env:VISUALSVN_SERVER\bin\svnlook.exe"
# Get the lock description
$lockdescr = (&"$svnlook" lock $repos $path)
# Find owner name
foreach ($str in $lockdescr)
{
if ($str.StartsWith("Owner: "))
{
$owner = $str.Substring(7)
# We find lock owner's name and it is not the user name
if ($owner -ne "" -and $owner -ne $user)
{
# If the $user is a member of 'Administrators'
# group allow to steal the lock
if (-not (Check-GroupMembership "Administrators" $user))
{
[Console]::Error.WriteLine("Error: $path already locked by $owner.")
exit 1
}
}
exit 0
}
}
exit 0
预lock.bat
@echo off
set PWSH=%SystemRoot%\System32\WindowsPowerShell\v1.0\powershell.exe
%PWSH% %1\hooks\pre-lock.ps1 %1 %2 %3 %4 %5
if errorlevel 1 exit %errorlevel%
这是更好地使用VISUALSVN_SERVER环境变量获得路径svnlook.exe到与x64 OS兼容。即$ svnlook =“$ env:VISUALSVN_SERVER \ bin \ svnlook.exe” – 2012-07-18 13:24:30
谢谢!我已经调整了示例代码以利用%VISUALSVN_SERVER%环境变量。 – bahrep 2012-07-18 13:34:56