Ticket #5097 (closed defect: fixed)
Opened 5 years ago
Last modified 2 years ago
authz gives "Permission Denied" when viewing empty changeset
| Reported by: | jander@… | Owned by: | rblank |
|---|---|---|---|
| Priority: | normal | Milestone: | 0.12-multirepos |
| Component: | version control | Version: | 0.10.3 |
| Severity: | normal | Keywords: | svnauthz |
| Cc: | osimons | ||
| Release Notes: | |||
| API Changes: | |||
Description
If authz is enabled, trying to view an empty changeset will result in a "Permission Denied" error. Discovered in 0.10.3; inspection suggests the same bug currently exists in the trunk.
Suggested fix, in versioncontrol/svn_authz.py (there's probably a prettier way to do this):
def has_permission_for_changeset(self, rev):
+ seen_change = 0
changeset = self.repos.get_changeset(rev)
for path,_,_,_,_ in changeset.get_changes():
+ seen_change = 1
if self.has_permission(path):
return 1
+ if seen_change == 0:
+ return 1
return 0
Attachments
Change History
comment:1 follow-up: ↓ 2 Changed 4 years ago by sid
- Version changed from devel to 0.10.3
comment:2 in reply to: ↑ 1 Changed 4 years ago by anonymous
Replying to sid:
In the path you have, 1 will always be the returned value. That doesn't seem quite right...
Hm, so it will. I wasn't expecting get_changes() to weed out unauthorized paths. In that case, I retract my quick fix.
comment:3 Changed 4 years ago by hyuga <hyugaricdeau@…>
I'm pretty sure there's already a ticket for this, but I can't find it. Also, I'm pretty sure this has been fixed, but I'm not positive.
comment:4 Changed 4 years ago by cboos
- Keywords svn_authz verify added
- Milestone set to 0.12
comment:5 Changed 3 years ago by osimons
- Cc osimons added
- Keywords verify removed
I see this one too - I've got a repos with an empty changeset, and permissions stop me from viewing it (not much to see, but still...). Repos is not scoped, it has authz but I of course have permissions. Disable the authz file setting and it displays. I've tried to rewind my 0.11 stable some 1000 revisions back, and nothing changes - I suspect this problem is not new.
My changeset is many years old, and I have problems recreating an 'empty' changeset now. How do they arise? I have a feeling it was old Subversion (like 1.2.3 at the time) and perhaps just a property change on root or something (like an svn:ignore perhaps), or something similar that at the time left no permanent mark in the revision log. Anyone know?
The empty changeset caused another problem following [8184], so more added to #5640.
comment:6 Changed 3 years ago by jander@…
In my case, large numbers of empty revisions were created when I split a repository in two with an 'svnadmin dump | filter | svnadmin load' pipeline. I think the tool did it automatically (or maybe I asked with a flag), but I also wanted the revision numbers to line up to avoid having to play stupid games with revision references in externals.
Also, according to http://subversion.tigris.org/svn_1.6_releasenotes.html ("Detection of tree conflicts" section), svn versions before 1.6 will commit an empty revision if asked to commit delete a file that has already been deleted. So you don't need crazy admin tricks, just bad luck.
comment:7 Changed 3 years ago by rblank
- Milestone changed from 0.13 to 0.11.5
- Owner changed from cboos to rblank
I'll try to solve this together with #5640.
comment:8 Changed 3 years ago by cboos
- Keywords svnauthz added; svn_authz removed
- Milestone changed from 0.11.6 to 0.12.1
comment:9 Changed 2 years ago by rblank
- Milestone changed from next-minor-0.12.x to 0.12-multirepos
Moved alongside #5640.
comment:10 Changed 2 years ago by rblank
- Resolution set to fixed
- Status changed from new to closed
This should be fixed with [9082], where the AuthzSourcePolicy grants permission to empty changesets as well as non-empty changesets where access is granted to at least one modified file.
In the path you have, 1 will always be the returned value. That doesn't seem quite right...