You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@subversion.apache.org by "David Grierson (Jira)" <ji...@apache.org> on 2019/10/09 10:12:00 UTC

[jira] [Created] (SVN-4833) Exclusion markers incorrectly excluding users not in authz file

David Grierson created SVN-4833:
-----------------------------------

             Summary: Exclusion markers incorrectly excluding users not in authz file
                 Key: SVN-4833
                 URL: https://issues.apache.org/jira/browse/SVN-4833
             Project: Subversion
          Issue Type: Bug
          Components: mod_authz_svn
    Affects Versions: 1.11.x
         Environment: Validated on Cygwin version 1.11.1:
{noformat}
 svnauthz, version 1.11.1 (r1850623)
   compiled Jan 11 2019, 10:30:22 on x86_64-unknown-cygwinCopyright (C) 2019 The Apache Software Foundation.
This software consists of contributions made by many people;
see the NOTICE file for more information.
Subversion is open source software, see http://subversion.apache.org/The following repository back-end (FS) modules are available:* fs_fs : Module for working with a plain file (FSFS) repository.
* fs_x : Module for working with an experimental (FSX) repository.
* fs_base : Module for working with a Berkeley DB repository.{noformat}

And also on CollabNet Subversion Edge 1.11.1:
{noformat}
Name        : CollabNetSubversion-client
Version     : 1.11.1
Release     : 1
Architecture: x86_64
Install Date: Fri Jul 12 15:14:41 2019
Group       : Utilities/System
Size        : 54487640
License     : Proprietary
Signature   : RSA/SHA1, Wed Jan  9 10:14:31 2019, Key ID 16682a5b2e45c0ca
Source RPM  : CollabNetSubversion-client-1.11.1-1.src.rpm
Build Date  : Wed Jan  9 10:14:14 2019
Build Host  : 2bdf55779747
Relocations : (not relocatable)
Packager    : Build User (CollabNet) <bu...@collab.net>
Vendor      : CollabNet
URL         : http://open.collab.net
Summary     : A Concurrent Versioning system similar to but better than CVS.
Description :
CollabNet Subversion client is a free download of open-source Subversion,
compiled and tested by CollabNet. For more information about CollabNet
Subversion, visit the CollabNet community at http://open.collab.net.
{noformat}
            Reporter: David Grierson
         Attachments: svn_access_test

See attached [^svn_access_test] for data for test cases:

This file contains two groups:
 # {{user-group}} is a list of users (which might be used for specific repository access);
 membership of this group: {{namedUser}}
 # {{blocked-group}} is a list of users who are to be blocked;
 membership of this group: {{blockedUser}}

[^svn_access_test] contains a rule for the top level access which declares that anyone *NOT* in the {{blocked-group}} should get read-write access. Users in the {{blocked-group}} should get read-only access.
h3. TEST CASES
 # What access does {{namedUser}} have?
{noformat}
$ svnauthz accessof svn_access_test --username namedUser
rw{noformat}
*Result:* PASS

 # What access does {{blockedUser}} have?
{noformat}
$ svnauthz accessof svn_access_test --username blockedUser
r{noformat}
*Result:* PASS

 # What access does unnamedUser (a user who is authenticated to access Subversion but not mentioned in the authz file) have?
{noformat}
$ svnauthz accessof svn_access_test --username unnamedUser
r{noformat}
*Result:* {color:#de350b}FAIL{color}

----
 The fact that users who are not mentioned in the authz file (which is a valid use case) are incorrectly interpretted as being in the {{blocked-group}} (IMHO) is a bug.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)