svn fine-grained permission module: pre-contribution advice needed

I needed a way to control user access to a subversion repository, including issues such as fine-grain access and allowing users to change their own passwords via a web interface per established password policies. Installing svn under Apache with the dav_svn module and drupal under the same webserver seemed like a good idea, and so far it is working out pretty well. (I'll write up a configuration howto sometime when I get a chance...)

I used the drupal modules "export_users_dbm" and "password_policy" to get most of the functionality I needed. To get the rest of the way there, I patched export_users_dbm to add the following features/bug fixes:

• Added a collapsed configuration panel that allows the admin to type in the path to the AuthzSVNAccessFile. The groups section is created automatically based on each user's membership in the Drupal roles being exported; fine-grained permissions are specified by typing in AuthzSVNAccessFile-format directives into a textarea.
• Integrated with password policy_module: if a user has an expired password but has not been locked out yet, then that user is not exported. This insures that expired users cannot use svn until they log into Drupal and change their password. This feature can be disabled via a checkbox on the export_users_dbm config page and is disabled by default so as to not cause problems for those who do not use the password_policy module.
• Added an "export now" button
• Bugfix: fixed to work with Postgresql
• Bugfix: if the role "authenticated users" is checked, every user would only be a member of the group "default". Fixed this so that roles are still emitted when all authenticated users are exported. Users are a member of the group "default" only when they are a member of no exported role.

Things I could use advice on:

• Make a new module? I could have duplicated most of the code in export_users_dbm and made my own module that requires export_users_dbm; however, that seemed like a worse solution to me. Even though not all users of export_users_dbm will be using it with svn, putting all of the svn preferences into a collapsible section limits the impact this module has on non-svn users. It wouldn't be too onerous to add additional sections for other services managed by export_users_dbm, but if there were many of them then making separate modules might start to look better...
• Drupal temporary directory? I overwrite the AuthzSVNAccessFile every time I export rather than writing to a tmp file and then moving it over because the directory that this file is in isn't (or shouldn't be) writable by Apache. If there's a good function for finding a writable tmp directory, I could change the code a bit (I don't want to use /tmp...)
• Name of default form "save" function? The "export now" button should call the form-save function first, but I'm not sure what that's called. I could implement my own form save function and call that, but I don't need a custom save function, so that solution seems inelegant.

After I get a bit of advice and clean up the code a little, I'll post a patch to the export_users_dbm module.

Thanks,

- Greg