set svnauthz - cant download anything

[moppie.mop@…]

I've set my svnauthz file like:

[/]
* = rw
[/users]
* = rw
[/code]
bob =
joe = rw

Now, if bob wants to download some files with browse source in root/users/... as zip archive he gets the error:

Insufficient permissions to access /code

Does this bug exist in newer version than 0.10.4?

[ebray]

How exactly is this a bug? Your authz file denies bob read access to /code.

[anonymous]

The Problem is that bob can't download folders in /users, too. I think the bug is, that u need access to the whole repository to download a zip.

[osimons]

There are possibly two issues here, neither of them a Trac bug:

• As ebray says, the /code problem is clearly missing permissions in the authz file
• All paths are not downloadable by default - the default TracIni setting for downloadable_paths says something like /trunk, /branches/*, /tags/* so unless you have set your other paths there (or just use a '*' wildcard to make all paths downloadable), zip downloads will not work.

Closing as 'worksforme' - quite sure this is an installation issue, and please ask questions of usage on the MailingList or IrcChannel.

[moppie.mop@…]

No, am i so bad in explanation ?
I've set the downloadable-paths correctly, and i've tested '*', too.

And Bob must not see anything in /code}} (thats why bob = ), but Bob should be able to browse and download zips in {{{/users (bob has rw), but thats impossible cause trac always says bob must have permission to /code.
What has a download under root/users/... to do with root/code? Or why need bob read-access in root/code to download a file in root/users/...?

[osimons]

Ah. Could you then turn on debug logging, and see if any further explanation is available in the log file? Also: Is the "Download as zip" option available when browsing /users ('alternative formats' at the bottom) - and the error occurs when clicking to download? Final thing to check is if any of the files/folders to download are copied/moved from non-permitted areas, or part of changesets that span both allowed and disallowed locations.

Lastly, 0.10.x is not actively maintained anymore - if anything just important security fixes. If you could try using the same repos + same authz file on a 0.11.5dev test installation, that would be helpful. See if it can be recreated with code somewhat younger than the 2+ years since 0.10.4 was released.

[anonymous]

I've tested with trac 11.4 - same result, i can't download the user-files.
Maybe i'll try trunk, but i'am sure there will be the same result.

[anonymous]

ok, trac 0.12dev tested - same problem

[moppie.mop@…]

last 2 posts where mine

I've checked my trac 0.11.4 (the important code is almost exactly the same to trunk).
The Problem is the old_path in the download-link. If i cut this old_path=/ i can download without problems.
For some reason that doesn't work in trac 0.10.4

I think the bug is close to source:trunk/trac/versioncontrol/svn_fs.py@8222#L711​
In the case if change != Changeset.ADD: is true, then path is /code

[cboos]

I think this will get solved when we switch the implementation of download to the browser module, like #8919 does.