[PATCH] permissions determined by svn_authz aren't the same as determined by Subversion
|Reported by:||Owned by:||Jun Omae|
Fix inconsistency between AuthzSourcePolicy and svnauthz file.
It's necessary for me to restrict access to areas of the Subversion repository using a Subversion path-based authorization file. Therefore, I need Trac to restrict access in the same way.
However, the Trac AuthzSourcePolicy doesn't interpret the authorization file in the same way that Subversion does. Specifically, Subversion will check all the entries for a particular path and grant access to a particular entity if any of those entries gives permission. Trac on the other hand uses the permissions for the first entry that matches and doesn't check subsequent entries.
Example: if I have a file along the lines of
[groups] everyone = dave.public, joe.private [repo:/] @everyone = rw [repo:/hidden] @everyone = joe.private = rw
then Subversion would allow
joe.private access to
/hidden, but Trac would deny it. Obviously, I would like the visibility to Subversion clients to be the same as the visibility in the Trac source browser.
Using Trac 1.0.1 with Python 2.7.
The attached patch appears to fix the problem for me. So far, I have only tested it with a minimal configuration like the one above.
Change History (15)
comment:2 by , 6 years ago
|Keywords:||svnauthz verify added; svn_authz removed|
comment:5 by , 4 years ago
|Milestone:||undecided → next-stable-1.0.x|
|Status:||new → assigned|
comment:12 by , 4 years ago
|Release Notes:||modified (diff)|
|Status:||assigned → closed|