You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@subversion.apache.org by st...@apache.org on 2016/06/12 17:39:21 UTC
svn commit: r1748029 -
/subversion/branches/authzperf/subversion/libsvn_repos/authz.c
Author: stefan2
Date: Sun Jun 12 17:39:20 2016
New Revision: 1748029
URL: http://svn.apache.org/viewvc?rev=1748029&view=rev
Log:
On the authzperf branch: Resolve global and repo-specific rules for the
same paths just like rule conflicts within those sets - the last one wins.
This is relevant because the authz structure contains a default rule for
[/] (sequence number 0) that denies all access. The parser already takes
care of rejecting the "real" conflicting definitions where the same path
shows up in multiple rules.
* subversion/libsvn_repos/authz.c
(insert_path): Multiple rules for the same path are not a fault per se.
Use our standard arbiter rules to pick the right one.
Modified:
subversion/branches/authzperf/subversion/libsvn_repos/authz.c
Modified: subversion/branches/authzperf/subversion/libsvn_repos/authz.c
URL: http://svn.apache.org/viewvc/subversion/branches/authzperf/subversion/libsvn_repos/authz.c?rev=1748029&r1=1748028&r2=1748029&view=diff
==============================================================================
--- subversion/branches/authzperf/subversion/libsvn_repos/authz.c (original)
+++ subversion/branches/authzperf/subversion/libsvn_repos/authz.c Sun Jun 12 17:39:20 2016
@@ -341,12 +341,15 @@ insert_path(construction_context_t *ctx,
/* End of path? */
if (segment_count == 0)
{
- /* Set access rights. Since we call this function once per authz
- * config file section, there cannot be multiple paths having the
- * same leave node. Hence, access gets never overwritten.
+ /* Set access rights. Note that there might be multiple rules for
+ * the same path due to non-repo-specific rules vs. repo-specific
+ * ones. Whichever gets defined last wins.
*/
- SVN_ERR_ASSERT_NO_RETURN(!has_local_rule(&node->rights));
- node->rights.access = *access;
+ limited_rights_t rights;
+ rights.access = *access;
+ rights.max_rights = access->rights;
+ rights.min_rights = access->rights;
+ combine_access(&node->rights, &rights);
return;
}