Edgewall Software

Opened 9 years ago

Last modified 8 years ago

#10208 closed defect

AuthzSourcePolicy does not conform to mod_authz_svn rules — at Initial Version

Reported by: dmcr@… Owned by:
Priority: normal Milestone: 0.12.3
Component: version control Version: 0.12.1
Severity: normal Keywords: authzpolicy patch verify
Cc: itamarost@…, jordi@… Branch:
Release Notes:
API Changes:



I noticed a discrepancy between AuthzSourcePolicy and mod_authz_svn that I think qualifies as a bug in the AuthzSourcePolicy implementation.

We have a user that wants to give universal read-only access to his repo's 'tags' project, but only give specific user access to the 'trunk' and 'branches' projects. In the simplest case, if I give someone r or rw access to tags, but not to trunk and branches, nor to the parent level, they can see all the files in the tags project (and none of the others) when accessing the repo using mod_authz_svn, by using a browser for example.


[myrepo:/] user1 = r

[myrepo:/trunk] user2 = r

[myrepo:/tags] user3 = r

In this example, user1 and user3 can both see the contents of the tags project when using a browser to directly view the svn 'myrepo' repo. But user3 can't see the trunk project while user1 can. This is what you would expect.

But when they try to browse from inside the associated Trac project, user3 can't see any files or directories in the svn 'tags' project, whereas user1 can. This is because the files in the tags project are the result of 'svn copy' operations from the trunk project to the tags project. Presumably, this does not copy the actual data, but instead provides a pointer in the tags project to the data residing in the trunk project, since the log file shows permission failures for trunk-resident files when browsing the tags project. So it would appear that AuthzSourcePolicy is coded to check permissions on the pointers, which it should *not* do, since the internal arrangement of data should be of no concern to the user.

But as a result, my Trac administrator has to choose between not giving the world read-only access to his tags project, or also giving the world read-only access to his trunk project, which he does not want to do since some of the code there is confidential and also not ready to run.

So it would be very helpful if AuthzSourcePolicy were to conform to the behavior of mod_authz_svn in this regard.



Change History (0)

Note: See TracTickets for help on using tickets.