Hi Daniel, thank you for your response. i have tried to recreate customer issue in a test repo so that i dont expose customer name, i have created mostly same path structure to the uasset file and created same authz file in my repo
authz file [groups] r_users = andrei [:glob:/] * = rw [:glob:/**/*.uasset] @r_users = rw [:glob:/**/Source/**] @r_users = server version is the same Apache/2.4.25 (Debian) SVN/1.14.1 mod_wsgi/4.5.11 Python/2.7 i still get same error in my test repo $ svn rm https://subversion.assembla.com/svn/andrei-hook-test/trunk/SomeTestProject/Projects/ShooterGame/Content/Mods/OtherProjectName/Assets/Foliage/Trees/StepeeGrass/Grass01/SteppeGrass01.uasset svn: E175013: Access to '/svn/andrei-hook-test/!svn/txr/13-e/trunk/SomeTestProject/Projects/ShooterGame/Content/Mods/OtherProjectName/Assets/Foliage/Trees/StepeeGrass/Grass01/SteppeGrass01.uasset' forbidden svn: E175013: Your commit message was left in a temporary file: svn: E175013: 'svn-commit.6.tmp' here is the info detail you was asking for $ svn info https://subversion.assembla.com/svn/andrei-hook-test/trunk/SomeTestProject/Projects/ShooterGame/Content/Mods/OtherProjectName/Assets/Foliage/Trees/StepeeGrass/Grass01/SteppeGrass01.uasset Path: SteppeGrass01.uasset Name: SteppeGrass01.uasset URL: https://subversion.assembla.com/svn/andrei-hook-test/trunk/SomeTestProject/Projects/ShooterGame/Content/Mods/OtherProjectName/Assets/Foliage/Trees/StepeeGrass/Grass01/SteppeGrass01.uasset Relative URL: ^/trunk/SomeTestProject/Projects/ShooterGame/Content/Mods/OtherProjectName/Assets/Foliage/Trees/StepeeGrass/Grass01/SteppeGrass01.uasset Repository Root: https://subversion.assembla.com/svn/andrei-hook-test Repository UUID: 9cc42384-c8a0-427d-8479-b41cec84e7da Revision: 13 Node Kind: file Size in Repository: 492 Last Changed Author: andrei Last Changed Rev: 13 Last Changed Date: 2021-08-01 00:48:13 +0200 (Sun, 01 Aug 2021) So in this case I have directly submitted the files in my test repo, so these have no parents, and have a single revision, still the same authz forbidden error is happening, do i have to report a bug at the issues.apache.org for this one? Thanks, Andrei On Sat, Jul 31, 2021 at 3:17 AM Daniel Shahaf <d...@daniel.shahaf.name> wrote: > Daniel Shahaf wrote on Sat, Jul 31, 2021 at 00:41:48 +0000: > > Now, the delete logic should request a *non* recursive access check if > > the thing to be deleted is a plain file in HEAD. > subversion/libsvn_repos/commit.c:delete_entry() > > does behave this way — when the .uasset path identifies a non-directory > > in HEAD, which is why I asked about that above — but if I'm reading > > mod_authz_svn's code correctly, it requires svn_authz_recursive access > > on all DELETE calls, regardless of whether a file or a directory is > > being requested to be deleted. > > > > Which is to say, this would seem to be a bug in mod_authz_svn. > > The following test results in SKIP/PASS/XFAIL on ra_local/ra_svn/ra_serf, > respectively. It's a bit rough — no comments and line length style > violation — but putting it here for anyone who may want to take this > further. > > When testing this I commented out the AuthzSVNReposRelativeAccessFile > line in davautocheck.sh for reasons discussed in the "1.14.x test > failure under USE_HTTPV1=1: ra-test 13 commit_empty_last_change" thread > (the secondary problem in that thread, not the one the subject line is > about). > > Cheers, > > Daniel > > > [[[ > Index: subversion/tests/cmdline/authz_tests.py > =================================================================== > --- subversion/tests/cmdline/authz_tests.py (revision 1891909) > +++ subversion/tests/cmdline/authz_tests.py (working copy) > @@ -1732,6 +1732,25 @@ def empty_group(sbox): > sbox.repo_url) > > > +@XFail(svntest.main.is_ra_type_dav) > +@Skip(svntest.main.is_ra_type_file) > +def delete_file_with_starstar_rules(sbox): > + "delete file with ** rules" > + > + sbox.build(create_wc = False) > + > + write_restrictive_svnserve_conf(sbox.repo_dir) > + > + prefixed_rules = dict() > + prefixed_rules[':glob:/**/lorem'] = '* = \n' > + prefixed_rules['/'] = '%s = rw\n' % (svntest.main.wc_author,) > + prefixed_rules['/A'] = '%s = \n' % (svntest.main.wc_author,) > + prefixed_rules['/iota'] = '%s = rw\n' % (svntest.main.wc_author,) > + write_authz_file(sbox, None, prefixed_rules = prefixed_rules) > + > + svntest.main.run_svn(None, 'rm', sbox.repo_url + '/iota', '-m', 'Delete > by URL') > + > + > ######################################################################## > # Run the tests > > @@ -1771,6 +1790,7 @@ test_list = [ None, > inverted_group_membership, > group_member_empty_string, > empty_group, > + delete_file_with_starstar_rules, > ] > serial_only = True > > ]]] >
