Itamar O wrote: > I was playing with the SVN authz to control access to repository > directories, > and noticed that the path that is compared to the authz file is the one > given by "resource.id <http://resource.id>" [1]. > This means that for scoped repositories the svn_authz module treats the > relative path within the scoped repository as the full path.
Oops, that's bad... > This was surprising for me, > since I was trying to reuse the same authz file used for serving SVN, > which obviously contains full paths in the unscoped-repository... Yes, I forgot about this case while converting the authz stuff to a permission policy. > I was wondering whether this behavior is by-design, and if so what were > the considerations. No, it's an omission, and therefore a bug. > If I'm not the only one who expects the behavior I described, I'd create > a ticket on t.e.o > with a patch to replace "resource.id <http://resource.id>" in [1] with > "url_join(repo_scope, resource.id <http://resource.id>)". Unfortunately, it's going to be a bit more complicated than that. Since the authz checking is now a permission policy, it can be used for any repository type. And we don't have a "generic" way yet to get the scope of a repository (or, alternatively, to get the full path from the "Trac path"), so we will need to add that. Please do open a ticket about this, and add your thoughts about the solution, and we will build on that. There's another issue with authz already (#9542), so I'll be working on it shortly. Thanks for the heads-up! -- Remy
signature.asc
Description: OpenPGP digital signature
