You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@subversion.apache.org by st...@apache.org on 2016/12/21 19:36:28 UTC
svn commit: r1775546 - in /subversion/branches/authzperf/subversion:
libsvn_repos/authz_info.c tests/libsvn_repos/authz-test.c
Author: stefan2
Date: Wed Dec 21 19:36:28 2016
New Revision: 1775546
URL: http://svn.apache.org/viewvc?rev=1775546&view=rev
Log:
On the authzperf branch:
Fix the calculation of global access rights for the cases where explicit
and implicit rights need to be combined.
* subversion/libsvn_repos/authz_info.c
(resolve_global_rights): If there are no rules for the repository itself,
the global rules apply but not the ones for other
repos.
(svn_authz__get_global_rights): Even if we do have per-user rights, they
still overlap with $authenticated rights.
* subversion/tests/libsvn_repos/authz-test.c
(test_global_rights): Add test cases for per-repos and global rules
combination as well as per-user and $authenticated
user rule combinations.
Modified:
subversion/branches/authzperf/subversion/libsvn_repos/authz_info.c
subversion/branches/authzperf/subversion/tests/libsvn_repos/authz-test.c
Modified: subversion/branches/authzperf/subversion/libsvn_repos/authz_info.c
URL: http://svn.apache.org/viewvc/subversion/branches/authzperf/subversion/libsvn_repos/authz_info.c?rev=1775546&r1=1775545&r2=1775546&view=diff
==============================================================================
--- subversion/branches/authzperf/subversion/libsvn_repos/authz_info.c (original)
+++ subversion/branches/authzperf/subversion/libsvn_repos/authz_info.c Wed Dec 21 19:36:28 2016
@@ -132,8 +132,9 @@ resolve_global_rights(authz_rights_t *ri
}
}
- /* Fall-through: return accumulated rights across all repositories. */
- *rights_p = global_rights->all_repos_rights;
+ /* Fall-through: return the rights defined for "any" repository
+ because this user has no specific rules for this specific REPOS. */
+ *rights_p = global_rights->any_repos_rights;
return FALSE;
}
@@ -157,12 +158,18 @@ svn_authz__get_global_rights(authz_right
if (user_rights)
{
- authz_rights_t rights;
- if (resolve_global_rights(&rights, user_rights, repos))
+ svn_boolean_t explicit
+ = resolve_global_rights(rights_p, user_rights, repos);
+
+ /* Rights given to _any_ authenticated user may apply, too. */
+ if (authz->has_authn_rights)
{
- *rights_p = rights;
- return TRUE;
+ authz_rights_t authn;
+ explicit |= resolve_global_rights(&authn, &authz->authn_rights,
+ repos);
+ combine_rights(rights_p, rights_p, &authn);
}
+ return explicit;
}
/* Check if we have explicit rights for authenticated access. */
Modified: subversion/branches/authzperf/subversion/tests/libsvn_repos/authz-test.c
URL: http://svn.apache.org/viewvc/subversion/branches/authzperf/subversion/tests/libsvn_repos/authz-test.c?rev=1775546&r1=1775545&r2=1775546&view=diff
==============================================================================
--- subversion/branches/authzperf/subversion/tests/libsvn_repos/authz-test.c (original)
+++ subversion/branches/authzperf/subversion/tests/libsvn_repos/authz-test.c Wed Dec 21 19:36:28 2016
@@ -374,7 +374,72 @@ test_global_rights(apr_pool_t *pool)
{ NULL }
};
+ const char* authz2 =
+ "[/]" NL
+ "userA = r" NL
+ "" NL
+ "[/public]" NL
+ "userB = rw" NL
+ "" NL
+ "[repo:/]" NL
+ "userA = rw" NL;
+
+ const global_right_text_case_t test_cases2[] =
+ {
+ /* Everyone may get read access b/c there might be a "/public" path. */
+ { "", "", { authz_access_none, authz_access_none }, TRUE },
+ { "", "userA", { authz_access_none, authz_access_read }, TRUE },
+ { "", "userB", { authz_access_none, authz_access_write }, TRUE },
+ { "", "userC", { authz_access_none, authz_access_none }, TRUE },
+
+ /* Two users do even get write access on some paths in "greek".
+ * The root always defaults to n/a due to the default rule. */
+ { "greek", "", { authz_access_none, authz_access_none }, FALSE },
+ { "greek", "userA", { authz_access_none, authz_access_read }, FALSE },
+ { "greek", "userB", { authz_access_none, authz_access_write }, FALSE },
+ { "greek", "userC", { authz_access_none, authz_access_none }, FALSE },
+
+ { NULL }
+ };
+
+ const char* authz3 =
+ "[/]" NL
+ "userA = r" NL
+ "" NL
+ "[greek:/public]" NL
+ "userB = rw" NL
+ "" NL
+ "[repo:/users]" NL
+ "$authenticated = rw" NL;
+
+ const global_right_text_case_t test_cases3[] =
+ {
+ /* Everyone may get read access b/c there might be a "/public" path. */
+ { "", "", { authz_access_none, authz_access_none }, TRUE },
+ { "", "userA", { authz_access_none, authz_access_read }, TRUE },
+ { "", "userB", { authz_access_none, authz_access_none }, TRUE },
+ { "", "userC", { authz_access_none, authz_access_none }, TRUE },
+
+ /* Two users do even get write access on some paths in "greek".
+ * The root always defaults to n/a due to the default rule. */
+ { "greek", "", { authz_access_none, authz_access_none }, FALSE },
+ { "greek", "userA", { authz_access_none, authz_access_read }, FALSE },
+ { "greek", "userB", { authz_access_none, authz_access_write }, TRUE },
+ { "greek", "userC", { authz_access_none, authz_access_none }, FALSE },
+
+ /* Two users do even get write access on some paths in "greek".
+ * The root always defaults to n/a due to the default rule. */
+ { "repo", "", { authz_access_none, authz_access_none }, FALSE },
+ { "repo", "userA", { authz_access_none, authz_access_write }, TRUE },
+ { "repo", "userB", { authz_access_none, authz_access_write }, TRUE },
+ { "repo", "userC", { authz_access_none, authz_access_write }, TRUE },
+
+ { NULL }
+ };
+
SVN_ERR(run_global_rights_tests(authz1, test_cases1, pool));
+ SVN_ERR(run_global_rights_tests(authz2, test_cases2, pool));
+ SVN_ERR(run_global_rights_tests(authz3, test_cases3, pool));
return SVN_NO_ERROR;
}