authz gives "Permission Denied" when viewing empty changeset

[jander@…]

If authz is enabled, trying to view an empty changeset will result in a "Permission Denied" error. Discovered in 0.10.3; inspection suggests the same bug currently exists in the trunk.

Suggested fix, in versioncontrol/svn_authz.py (there's probably a prettier way to do this):

     def has_permission_for_changeset(self, rev):
+        seen_change = 0
         changeset = self.repos.get_changeset(rev)
         for path,_,_,_,_ in changeset.get_changes():
+            seen_change = 1
             if self.has_permission(path):
                 return 1
+        if seen_change == 0:
+            return 1
         return 0

[sid]

In the path you have, 1 will always be the returned value. That doesn't seem quite right...

[anonymous]

Replying to sid:

In the path you have, 1 will always be the returned value. That doesn't seem quite right...

Hm, so it will. I wasn't expecting get_changes() to weed out unauthorized paths. In that case, I retract my quick fix.

[hyuga <hyugaricdeau@…>]

I'm pretty sure there's already a ticket for this, but I can't find it. Also, I'm pretty sure this has been fixed, but I'm not positive.