Details
-
Bug
-
Status: Open
-
Major
-
Resolution: Unresolved
-
1.11.x
-
None
-
None
-
Validated on Cygwin version 1.11.1:
svnauthz, version 1.11.1 (r1850623) compiled Jan 11 2019, 10:30:22 on x86_64-unknown-cygwinCopyright (C) 2019 The Apache Software Foundation. This software consists of contributions made by many people; see the NOTICE file for more information. Subversion is open source software, see http://subversion.apache.org/The following repository back-end (FS) modules are available:* fs_fs : Module for working with a plain file (FSFS) repository. * fs_x : Module for working with an experimental (FSX) repository. * fs_base : Module for working with a Berkeley DB repository.
And also on CollabNet Subversion Edge 1.11.1:
Name : CollabNetSubversion-client Version : 1.11.1 Release : 1 Architecture: x86_64 Install Date: Fri Jul 12 15:14:41 2019 Group : Utilities/System Size : 54487640 License : Proprietary Signature : RSA/SHA1, Wed Jan 9 10:14:31 2019, Key ID 16682a5b2e45c0ca Source RPM : CollabNetSubversion-client-1.11.1-1.src.rpm Build Date : Wed Jan 9 10:14:14 2019 Build Host : 2bdf55779747 Relocations : (not relocatable) Packager : Build User (CollabNet) <build@collab.net> Vendor : CollabNet URL : http://open.collab.net Summary : A Concurrent Versioning system similar to but better than CVS. Description : CollabNet Subversion client is a free download of open-source Subversion, compiled and tested by CollabNet. For more information about CollabNet Subversion, visit the CollabNet community at http://open.collab.net.
Validated on Cygwin version 1.11.1: svnauthz, version 1.11.1 (r1850623) compiled Jan 11 2019, 10:30:22 on x86_64-unknown-cygwinCopyright (C) 2019 The Apache Software Foundation. This software consists of contributions made by many people; see the NOTICE file for more information. Subversion is open source software, see http://subversion.apache.org/The following repository back-end (FS) modules are available:* fs_fs : Module for working with a plain file (FSFS) repository. * fs_x : Module for working with an experimental (FSX) repository. * fs_base : Module for working with a Berkeley DB repository. And also on CollabNet Subversion Edge 1.11.1: Name : CollabNetSubversion-client Version : 1.11.1 Release : 1 Architecture: x86_64 Install Date: Fri Jul 12 15:14:41 2019 Group : Utilities/System Size : 54487640 License : Proprietary Signature : RSA/SHA1, Wed Jan 9 10:14:31 2019, Key ID 16682a5b2e45c0ca Source RPM : CollabNetSubversion-client-1.11.1-1.src.rpm Build Date : Wed Jan 9 10:14:14 2019 Build Host : 2bdf55779747 Relocations : (not relocatable) Packager : Build User (CollabNet) <build@collab.net> Vendor : CollabNet URL : http://open.collab.net Summary : A Concurrent Versioning system similar to but better than CVS. Description : CollabNet Subversion client is a free download of open-source Subversion, compiled and tested by CollabNet. For more information about CollabNet Subversion, visit the CollabNet community at http://open.collab.net.
Description
See attached svn_access_test
for data for test cases:
This file contains two groups:
- user-group is a list of users (which might be used for specific repository access);
membership of this group: namedUser - blocked-group is a list of users who are to be blocked;
membership of this group: blockedUser
svn_access_test contains a rule for the top level access which declares that anyone NOT in the blocked-group should get read-write access. Users in the blocked-group should get read-only access.
TEST CASES
- What access does namedUser have?
$ svnauthz accessof svn_access_test --username namedUser rw
Result: PASS
- What access does blockedUser have?
$ svnauthz accessof svn_access_test --username blockedUser r
Result: PASS
- What access does unnamedUser (a user who is authenticated to access Subversion but not mentioned in the authz file) have?
$ svnauthz accessof svn_access_test --username unnamedUser r
Result: FAIL
The fact that users who are not mentioned in the authz file (which is a valid use case) are incorrectly interpretted as being in the blocked-group (IMHO) is a bug.