Edgewall Software
Modify

Opened 10 years ago

Closed 6 years ago

Last modified 6 years ago

#8336 closed defect (fixed)

set svnauthz - cant download anything

Reported by: moppie.mop@… Owned by: Martin.vGagern@…
Priority: normal Milestone: 1.0.2
Component: version control/browser Version: 0.12dev
Severity: normal Keywords: download, svnauthz, verify, authzsourcepolicy
Cc: Branch:
Release Notes:

Downloading directories as zip now interacts in a more intuitive way with fine grained control permissions.

API Changes:

Description

I've set my svnauthz file like:

[/]
* = rw
[/users]
* = rw
[/code]
bob =
joe = rw

Now, if bob wants to download some files with browse source in root/users/... as zip archive he gets the error:

Insufficient permissions to access /code

Does this bug exist in newer version than 0.10.4?

Attachments (0)

Change History (15)

comment:1 by ebray, 10 years ago

How exactly is this a bug? Your authz file denies bob read access to /code.

comment:2 by anonymous, 10 years ago

The Problem is that bob can't download folders in /users, too. I think the bug is, that u need access to the whole repository to download a zip.

comment:3 by osimons, 10 years ago

Resolution: worksforme
Status: newclosed

There are possibly two issues here, neither of them a Trac bug:

  • As ebray says, the /code problem is clearly missing permissions in the authz file
  • All paths are not downloadable by default - the default TracIni setting for downloadable_paths says something like /trunk, /branches/*, /tags/* so unless you have set your other paths there (or just use a '*' wildcard to make all paths downloadable), zip downloads will not work.

Closing as 'worksforme' - quite sure this is an installation issue, and please ask questions of usage on the MailingList or IrcChannel.

comment:4 by moppie.mop@…, 10 years ago

Resolution: worksforme
Status: closedreopened

No, am i so bad in explanation ? I've set the downloadable-paths correctly, and i've tested '*', too.

And Bob must not see anything in /code (thats why bob = ), but Bob should be able to browse and download zips in /users (bob has rw), but thats impossible cause trac always says bob must have permission to /code.
What has a download under root/users/... to do with root/code? Or why need bob read-access in root/code to download a file in root/users/...?

Last edited 6 years ago by Christian Boos (previous) (diff)

comment:5 by osimons, 10 years ago

Ah. Could you then turn on debug logging, and see if any further explanation is available in the log file? Also: Is the "Download as zip" option available when browsing /users ('alternative formats' at the bottom) - and the error occurs when clicking to download? Final thing to check is if any of the files/folders to download are copied/moved from non-permitted areas, or part of changesets that span both allowed and disallowed locations.

Lastly, 0.10.x is not actively maintained anymore - if anything just important security fixes. If you could try using the same repos + same authz file on a 0.11.5dev test installation, that would be helpful. See if it can be recreated with code somewhat younger than the 2+ years since 0.10.4 was released.

comment:6 by anonymous, 10 years ago

I've tested with trac 11.4 - same result, i can't download the user-files. Maybe i'll try trunk, but i'am sure there will be the same result.

comment:7 by anonymous, 10 years ago

Version: 0.10.40.12dev

ok, trac 0.12dev tested - same problem

comment:8 by moppie.mop@…, 10 years ago

last 2 posts where mine

I've checked my trac 0.11.4 (the important code is almost exactly the same to trunk). The Problem is the old_path in the download-link. If i cut this old_path=/ i can download without problems.
For some reason that doesn't work in trac 0.10.4

I think the bug is close to source:trunk/trac/versioncontrol/svn_fs.py@8222#L711
In the case if change != Changeset.ADD: is true, then path is /code

comment:9 by Christian Boos, 10 years ago

Keywords: verify added
Milestone: 0.12.1

comment:10 by Christian Boos, 8 years ago

I think this will get solved when we switch the implementation of download to the browser module, like #8919 does.

comment:11 by Christian Boos, 6 years ago

Milestone: next-minor-0.12.x1.0.2

Probably fixed by r11744, to be tested.

comment:12 by Christian Boos, 6 years ago

Resolution: fixed
Status: reopenedclosed

Indeed, it seems to work as one would expected now.

comment:13 by Christian Boos, 6 years ago

Owner: set to Martin.vGagern@…

comment:14 by Christian Boos, 6 years ago

Release Notes: modified (diff)

comment:15 by Ryan J Ollos, 6 years ago

Keywords: authzsourcepolicy added

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain Martin.vGagern@….
The resolution will be deleted. Next status will be 'reopened'.

Add Comment


E-mail address and name can be saved in the Preferences .
 
Note: See TracTickets for help on using tickets.