RE: "svn log" via svnserve is letting me see things it shouldn't, but "svn ls" works as I expect

[Jon Foster <Jo...@cabot.co.uk>]

Hi,

Stefan Sperling wrote:
> On Wed, Mar 03, 2010 at 03:01:22PM -0600, Reid Priedhorsky wrote:
> > In particular, log messages to files not in
> > /cyclingproject/public should not be available.
>
> Log message are not per file. They are per revision.
> They aren't tied to any particular path.
> Off-hand I cannot think of a way to prevent them from being seen.

But the documentation for how authz works says:

http://svn.apache.org/viewvc/subversion/trunk/notes/authz_policy.txt?ann
otate=859714

> ==============================================
> WHAT USERS SHOULD EXPECT FROM PATH-BASED AUTHZ
> ==============================================
> 
[...]
> 2. LOG MESSAGES
>
> Log information may be restricted, based on readability of
> changed-paths.
>   
> * If the target of 'svn log' wanders into unreadable territory,
>   then log output will simply stop at the last readable revision.
>   If the log is tracing backwards through time, as the plain
>   "svn log" command does, the target will appear to be added
>   (without history) in that revision.
>   
> * If a revision returned by 'svn log' contains a mixture of
>   readable/unreadable changed-paths, then the log message is
>   suppressed, along with the unreadable changed-paths.  Only
>   the revision number, author, date, and readable paths are
>   displayed.
>   
> * If a revision returned by 'svn log' contains only unreadable
>   changed-paths, then only the revision number is displayed.

Is this documentation wrong?  Or doesn't it apply for some reason?

Kind regards,

Jon


**********************************************************************
This email and its attachments may be confidential and are intended solely for the use of the individual to whom it is addressed. Any views or opinions expressed are solely those of the author and do not necessarily represent those of Cabot Communications Ltd.

If you are not the intended recipient of this email and its attachments, you must take no action based upon them, nor must you copy or show them to anyone.

Cabot Communications Limited
Verona House, Filwood Road, Bristol BS16 3RY, UK
+44 (0) 1179584232

Co. Registered in England number 02817269

Please contact the sender if you believe you have received this email in error.

**********************************************************************


______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________

Re: "svn log" via svnserve is letting me see things it shouldn't, but "svn ls" works as I expect

[Reid Priedhorsky <re...@umn.edu>]

On 03/04/10 07:14, Jon Foster wrote:
> Hi,
> 
> Stefan Sperling wrote:
>> On Wed, Mar 03, 2010 at 03:01:22PM -0600, Reid Priedhorsky wrote:
>>> In particular, log messages to files not in
>>> /cyclingproject/public should not be available.
>> Log message are not per file. They are per revision.
>> They aren't tied to any particular path.
>> Off-hand I cannot think of a way to prevent them from being seen.
> 
> But the documentation for how authz works says:
> 
> http://svn.apache.org/viewvc/subversion/trunk/notes/authz_policy.txt?ann
> otate=859714
> 
>> ==============================================
>> WHAT USERS SHOULD EXPECT FROM PATH-BASED AUTHZ
>> ==============================================
>>
> [...]
>> 2. LOG MESSAGES
>>
>> Log information may be restricted, based on readability of
>> changed-paths.
>>   
>> * If the target of 'svn log' wanders into unreadable territory,
>>   then log output will simply stop at the last readable revision.
>>   If the log is tracing backwards through time, as the plain
>>   "svn log" command does, the target will appear to be added
>>   (without history) in that revision.
>>   
>> * If a revision returned by 'svn log' contains a mixture of
>>   readable/unreadable changed-paths, then the log message is
>>   suppressed, along with the unreadable changed-paths.  Only
>>   the revision number, author, date, and readable paths are
>>   displayed.
>>   
>> * If a revision returned by 'svn log' contains only unreadable
>>   changed-paths, then only the revision number is displayed.
> 
> Is this documentation wrong?  Or doesn't it apply for some reason?

That's my take. If I can't "svn ls" it, why can I "svn log" it?

Note that the anomaly only appears at the repository root - one 
directory down, neither "svn ls" or "svn log" gives any results, which 
is what I'd expect.

In this case, I wrote a post-commit hook that cleared non-public log 
messages when they were mirrored with svnsync. But that seems like a 
hack, and if we were not mirroring, it seems we'd be out of luck.

Reid

Re: "svn log" via svnserve is letting me see things it shouldn't, but "svn ls" works as I expect

[Stefan Sperling <st...@elego.de>]

On Thu, Mar 04, 2010 at 01:14:19PM -0000, Jon Foster wrote:
> Hi,
> 
> Stefan Sperling wrote:
> > On Wed, Mar 03, 2010 at 03:01:22PM -0600, Reid Priedhorsky wrote:
> > > In particular, log messages to files not in
> > > /cyclingproject/public should not be available.
> >
> > Log message are not per file. They are per revision.
> > They aren't tied to any particular path.
> > Off-hand I cannot think of a way to prevent them from being seen.
> 
> But the documentation for how authz works says:
> 
> http://svn.apache.org/viewvc/subversion/trunk/notes/authz_policy.txt?annotate=859714

Those are developer notes, not documentation.
I'm not sure if this was ever implemented, but I'm not an expert on authz.

Stefan