Edgewall Software
Modify

Opened 17 years ago

Closed 16 years ago

#2477 closed defect (fixed)

FineGrainedPermissions using module and Scoped Repository doesn't work

Reported by: M.v.Kalmthout_1@… Owned by: Matthew Good
Priority: highest Milestone: 0.10.5
Component: version control Version: 0.10.2
Severity: normal Keywords: scoped repository authz patch
Cc: Branch:
Release Notes:
API Changes:
Internal Changes:

Description

Testcase: In Trac.ini

[trac]
repository_dir = D:/SVN_REPOSITORY/MBB/common
authz_file = D:/SVN_REPOSITORY/svnaccessfile 
authz_module_name = MBB

And in svnaccessfile

#access to SomeDir is NOT blocked by TRAC
[MBB:/common/SomeDir]
@all-sw-developers =

but leaving out the subset does the job.

#access to SomeDir is blocked 
[MBB:/SomeDir]
@all-sw-developers =

Attachments (4)

auth_paths.patch (3.7 KB ) - added by M.v.Kalmthout_1@… 17 years ago.
auth_paths2.patch (1.6 KB ) - added by M.v.Kalmthout_1@… 17 years ago.
auth_paths.patch corrected
ScopedRepoAndFineGrainedPermissions_0.10.stable_r4310.patch (1.7 KB ) - added by M.v.Kalmthout@… 16 years ago.
scope-authz.diff (2.7 KB ) - added by Matthew Good 16 years ago.
make repositories include the scope when checking authz permissions

Download all attachments as: .zip

Change History (17)

comment:1 by Matthew Good, 17 years ago

Owner: changed from Christopher Lenz to Matthew Good
Status: newassigned

Yes, I noticed this same issue looking at #2453.

by M.v.Kalmthout_1@…, 17 years ago

Attachment: auth_paths.patch added

by M.v.Kalmthout_1@…, 17 years ago

Attachment: auth_paths2.patch added

auth_paths.patch corrected

comment:2 by anonymous, 17 years ago

I am not sure this is the (best) way to solve it. It solved the problem for me.

comment:3 by M.v.Kalmthout_1@…, 16 years ago

Summary: Fine Grained Permissions using module and Repository Subset doesn't workFineGrainedPermissions using module and Scoped Repository doesn't work
Version: 0.9.20.10.2

In source:branches/0.10-stable@4310 I still encounter this (or similar) problem.

I found 3 things which seem incorrect to me

I will attach a patch which I used to find and hopefully solve this.

comment:4 by M.v.Kalmthout_1@…, 16 years ago

Keywords: patch added

I think these are bugs which should be 'patched'. Just let me know if I have to do some rework or something else to get this patch accepted. (this is the only Python code I ever wrote so don't expect too much.)

comment:5 by Christian Boos, 16 years ago

Milestone: 0.10.3

Right, sorry if that went unnoticed, we have so many tickets ;)

mgood, do you still want to take care of this one? If not, I can take the ticket.

comment:6 by Matthew Good, 16 years ago

Priority: normalhighest

by Matthew Good, 16 years ago

Attachment: scope-authz.diff added

make repositories include the scope when checking authz permissions

comment:7 by Matthew Good, 16 years ago

There was some inconsistency since some of the SVN methods included the scope while others didn't, so attachment:scope-auth.diff should address this. We should probably have some unit tests for this too.

comment:8 by Christian Boos, 16 years ago

Keywords: scoped repository authz added

#3192 and #3489 are potential duplicates of this one.

comment:9 by Christian Boos, 16 years ago

I meant #4389.

in reply to:  7 comment:10 by M.v.Kalmthout_1@…, 16 years ago

Replying to mgood:

There was some inconsistency since some of the SVN methods included the scope while others didn't,

I noticed the inconsistency too.

However the problem was not only caused by this inconsistency but also by the posixpath.join(self.scope, path) construction.

Example: if scope='/subdir' and path='/' the result of posixpath.join is '/' and NOT '/subdir/'

comment:11 by Christian Boos, 16 years ago

#5065 was closed as duplicate.

comment:12 by Christian Boos, 16 years ago

Should be fixed by r5245 (trunk).

I started by applying mgood's patch, then added the path.strip('/') in the places that needed it, as this was necessary as M.v.Kalmthout pointed out.

comment:13 by Christian Boos, 16 years ago

Resolution: fixed
Status: assignedclosed

Ported to 0.10-stable in r5246.

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain Matthew Good.
The resolution will be deleted. Next status will be 'reopened'.
to The owner will be changed from Matthew Good to the specified user.

Add Comment


E-mail address and name can be saved in the Preferences .
 
Note: See TracTickets for help on using tickets.