[
https://issues.apache.org/jira/browse/SVN-4833?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16947519#comment-16947519
]
David Grierson commented on SVN-4833:
-------------------------------------
Link to original mailing list thread added.
> Exclusion markers incorrectly excluding users not in authz file
> ---------------------------------------------------------------
>
> Key: SVN-4833
> URL: https://issues.apache.org/jira/browse/SVN-4833
> Project: Subversion
> Issue Type: Bug
> Components: mod_authz_svn
> Affects Versions: 1.11.x
> Environment: Validated on Cygwin version 1.11.1:
> {noformat}
> svnauthz, version 1.11.1 (r1850623)
> compiled Jan 11 2019, 10:30:22 on x86_64-unknown-cygwinCopyright (C) 2019
> The Apache Software Foundation.
> This software consists of contributions made by many people;
> see the NOTICE file for more information.
> Subversion is open source software, see http://subversion.apache.org/The
> following repository back-end (FS) modules are available:* fs_fs : Module for
> working with a plain file (FSFS) repository.
> * fs_x : Module for working with an experimental (FSX) repository.
> * fs_base : Module for working with a Berkeley DB repository.{noformat}
> And also on CollabNet Subversion Edge 1.11.1:
> {noformat}
> Name : CollabNetSubversion-client
> Version : 1.11.1
> Release : 1
> Architecture: x86_64
> Install Date: Fri Jul 12 15:14:41 2019
> Group : Utilities/System
> Size : 54487640
> License : Proprietary
> Signature : RSA/SHA1, Wed Jan 9 10:14:31 2019, Key ID 16682a5b2e45c0ca
> Source RPM : CollabNetSubversion-client-1.11.1-1.src.rpm
> Build Date : Wed Jan 9 10:14:14 2019
> Build Host : 2bdf55779747
> Relocations : (not relocatable)
> Packager : Build User (CollabNet) <bu...@collab.net>
> Vendor : CollabNet
> URL : http://open.collab.net
> Summary : A Concurrent Versioning system similar to but better than CVS.
> Description :
> CollabNet Subversion client is a free download of open-source Subversion,
> compiled and tested by CollabNet. For more information about CollabNet
> Subversion, visit the CollabNet community at http://open.collab.net.
> {noformat}
> Reporter: David Grierson
> Priority: Major
> Attachments: svn_access_test
>
>
> See attached [^svn_access_test] for data for test cases:
> This file contains two groups:
> # {{user-group}} is a list of users (which might be used for specific
> repository access);
> membership of this group: {{namedUser}}
> # {{blocked-group}} is a list of users who are to be blocked;
> membership of this group: {{blockedUser}}
> [^svn_access_test] contains a rule for the top level access which declares
> that anyone *NOT* in the {{blocked-group}} should get read-write access.
> Users in the {{blocked-group}} should get read-only access.
> h3. TEST CASES
> # What access does {{namedUser}} have?
> {noformat}
> $ svnauthz accessof svn_access_test --username namedUser
> rw{noformat}
> *Result:* PASS
> # What access does {{blockedUser}} have?
> {noformat}
> $ svnauthz accessof svn_access_test --username blockedUser
> r{noformat}
> *Result:* PASS
> # What access does unnamedUser (a user who is authenticated to access
> Subversion but not mentioned in the authz file) have?
> {noformat}
> $ svnauthz accessof svn_access_test --username unnamedUser
> r{noformat}
> *Result:* {color:#de350b}FAIL{color}
> ----
> The fact that users who are not mentioned in the authz file (which is a
> valid use case) are incorrectly interpretted as being in the
> {{blocked-group}} (IMHO) is a bug.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
