Affects Version/s: 1.11.x
Fix Version/s: None
Environment:Validated on Cygwin version 1.11.1: svnauthz, version 1.11.1 (r1850623) compiled Jan 11 2019, 10:30:22 on x86_64-unknown-cygwinCopyright (C) 2019 The Apache Software Foundation. This software consists of contributions made by many people; see the NOTICE file for more information. Subversion is open source software, see http://subversion.apache.org/The following repository back-end (FS) modules are available:* fs_fs : Module for working with a plain file (FSFS) repository. * fs_x : Module for working with an experimental (FSX) repository. * fs_base : Module for working with a Berkeley DB repository. And also on CollabNet Subversion Edge 1.11.1: Name : CollabNetSubversion-client Version : 1.11.1 Release : 1 Architecture: x86_64 Install Date: Fri Jul 12 15:14:41 2019 Group : Utilities/System Size : 54487640 License : Proprietary Signature : RSA/SHA1, Wed Jan 9 10:14:31 2019, Key ID 16682a5b2e45c0ca Source RPM : CollabNetSubversion-client-1.11.1-1.src.rpm Build Date : Wed Jan 9 10:14:14 2019 Build Host : 2bdf55779747 Relocations : (not relocatable) Packager : Build User (CollabNet) <email@example.com> Vendor : CollabNet URL : http://open.collab.net Summary : A Concurrent Versioning system similar to but better than CVS. Description : CollabNet Subversion client is a free download of open-source Subversion, compiled and tested by CollabNet. For more information about CollabNet Subversion, visit the CollabNet community at http://open.collab.net.
See attached svn_access_test for data for test cases:
This file contains two groups:
- user-group is a list of users (which might be used for specific repository access);
membership of this group: namedUser
- blocked-group is a list of users who are to be blocked;
membership of this group: blockedUser
svn_access_test contains a rule for the top level access which declares that anyone NOT in the blocked-group should get read-write access. Users in the blocked-group should get read-only access.
- What access does namedUser have?
- What access does blockedUser have?
- What access does unnamedUser (a user who is authenticated to access Subversion but not mentioned in the authz file) have?
The fact that users who are not mentioned in the authz file (which is a valid use case) are incorrectly interpretted as being in the blocked-group (IMHO) is a bug.