Opened 19 years ago
Closed 18 years ago
#2477 closed defect (fixed)
FineGrainedPermissions using module and Scoped Repository doesn't work
| Reported by: | Owned by: | Matthew Good | |
|---|---|---|---|
| Priority: | highest | Milestone: | 0.10.5 |
| Component: | version control | Version: | 0.10.2 |
| Severity: | normal | Keywords: | scoped repository authz patch |
| Cc: | Branch: | ||
| Release Notes: | |||
| API Changes: | |||
| Internal Changes: | |||
Description
Testcase: In Trac.ini
[trac] repository_dir = D:/SVN_REPOSITORY/MBB/common authz_file = D:/SVN_REPOSITORY/svnaccessfile authz_module_name = MBB
And in svnaccessfile
#access to SomeDir is NOT blocked by TRAC [MBB:/common/SomeDir] @all-sw-developers =
but leaving out the subset does the job.
#access to SomeDir is blocked [MBB:/SomeDir] @all-sw-developers =
Attachments (4)
Change History (17)
comment:1 by , 19 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
by , 19 years ago
| Attachment: | auth_paths.patch added |
|---|
comment:2 by , 19 years ago
I am not sure this is the (best) way to solve it. It solved the problem for me.
comment:3 by , 18 years ago
| Summary: | Fine Grained Permissions using module and Repository Subset doesn't work → FineGrainedPermissions using module and Scoped Repository doesn't work |
|---|---|
| Version: | 0.9.2 → 0.10.2 |
In source:branches/0.10-stable@4310 I still encounter this (or similar) problem.
I found 3 things which seem incorrect to me
- posixpath.join(self.scope, path) removes the scope if path has a leading / ( source:branches/0.10-stable/trac/versioncontrol/svn_fs.py@4310#352 )
- path in self.authz.has_permission(path) must be full path so including the scope ( source:branches/0.10-stable/trac/versioncontrol/svn_fs.py@4310#576 )
- path in self.has_permission(path) must also be a full path as while the changesets contain 'path's within the scope' ( source:branches/0.10-stable/trac/versioncontrol/svn_authz.py@4310#98 )
I will attach a patch which I used to find and hopefully solve this.
by , 18 years ago
| Attachment: | ScopedRepoAndFineGrainedPermissions_0.10.stable_r4310.patch added |
|---|
comment:4 by , 18 years ago
| Keywords: | patch added |
|---|
I think these are bugs which should be 'patched'. Just let me know if I have to do some rework or something else to get this patch accepted. (this is the only Python code I ever wrote so don't expect too much.)
comment:5 by , 18 years ago
| Milestone: | → 0.10.3 |
|---|
Right, sorry if that went unnoticed, we have so many tickets ;)
mgood, do you still want to take care of this one? If not, I can take the ticket.
comment:6 by , 18 years ago
| Priority: | normal → highest |
|---|
by , 18 years ago
| Attachment: | scope-authz.diff added |
|---|
make repositories include the scope when checking authz permissions
follow-up: 10 comment:7 by , 18 years ago
There was some inconsistency since some of the SVN methods included the scope while others didn't, so attachment:scope-auth.diff should address this. We should probably have some unit tests for this too.
comment:8 by , 18 years ago
| Keywords: | scoped repository authz added |
|---|
comment:10 by , 18 years ago
Replying to mgood:
There was some inconsistency since some of the SVN methods included the scope while others didn't,
I noticed the inconsistency too.
However the problem was not only caused by this inconsistency but also by the posixpath.join(self.scope, path) construction.
Example: if scope='/subdir' and path='/' the result of posixpath.join is '/' and NOT '/subdir/'
comment:12 by , 18 years ago
Should be fixed by r5245 (trunk).
I started by applying mgood's patch, then added the path.strip('/') in the places that needed it, as this was necessary as M.v.Kalmthout pointed out.
comment:13 by , 18 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Ported to 0.10-stable in r5246.
Yes, I noticed this same issue looking at #2453.