On 10/23/2012 08:48 AM, Stefan Sperling wrote: > On Tue, Oct 23, 2012 at 04:29:51PM +0400, Ivan Zhakov wrote: >>>> I'm working on the patch to list only readable repositories. There is >>>> already TODO comment in the code by cmpilato: >>>> subversion\mod_dav_svn\repos.c:3461 >>>> [[[ >>>> /* ### TODO: We could test for readability of the root >>>> directory of each repository and hide those that >>>> the user can't see. */ > >> I'm going to create small patch to just fix this problem and probably >> refactor later in separate commit. > > What about users who are allowed to see a subtree of the repository but > not the root? Shouldn't such users be allowed to list the repository?
That would be ideal in a universe where Subversion's overall authz policy was designed to accommodate it, but would today be entirely inconsistent with our handling of in-repos paths. What would the repository root name link to? A directory view they'd get 403'd on? Sorry, but at this time I would oppose that (questionably) feature creep. -- C. Michael Pilato <cmpil...@collab.net> CollabNet <> www.collab.net <> Enterprise Cloud Development
signature.asc
Description: OpenPGP digital signature
