Opened 10 years ago
Last modified 7 years ago
#11744 closed defect
[PATCH] permissions determined by svn_authz aren't the same as determined by Subversion — at Initial Version
Reported by: | Owned by: | ||
---|---|---|---|
Priority: | normal | Milestone: | 1.0.14 |
Component: | version control/browser | Version: | 1.0.1 |
Severity: | normal | Keywords: | svnauthz authzsourcepolicy |
Cc: | Branch: | ||
Release Notes: | |||
API Changes: | |||
Internal Changes: |
Description
It's necessary for me to restrict access to areas of the Subversion repository using a Subversion path-based authorization file. Therefore, I need Trac to restrict access in the same way.
However, the Trac AuthzSourcePolicy doesn't interpret the authorization file in the same way that Subversion does. Specifically, Subversion will check all the entries for a particular path and grant access to a particular entity if any of those entries gives permission. Trac on the other hand uses the permissions for the first entry that matches and doesn't check subsequent entries.
Example: if I have a file along the lines of
[groups] everyone = dave.public, joe.private [repo:/] @everyone = rw [repo:/hidden] @everyone = joe.private = rw
then Subversion would allow joe.private
access to /hidden
, but Trac would deny it. Obviously, I would like the visibility to Subversion clients to be the same as the visibility in the Trac source browser.
Using Trac 1.0.1 with Python 2.7.
The attached patch appears to fix the problem for me. So far, I have only tested it with a minimal configuration like the one above.
Patch to make svn_authz behave more like Subversion