I have noticed some problems with review groups and private repositories. 
It seems access control doesn't work properly or is it me? Scenario is this:

- I have one SVN repository called repository1 and it's not publicly 
- Review group named group1 has access to repository1 via admin panel 
(admin panel -> repositories -> repository1 -> Review groups with access:)
- Also group2 has same access to that repository as group1
- User1 belongs to group1 and User2 belongs to group2

So thats the setup, and the "problem" occuress when:
- User1 creates a review request (repository1) and sets group1 as the group 
for the request
- Now if User2 tries to read the review request he/she gets access denied 

So if you set repository to be private, only the selected group can view 
the review request, and not all the groups which have access to the 
repository via admin panel or am I missing something here?

And if User2 is a superuser, then he/she can view the request. And this 
only works if group2 have access to the repository. If I remove group2 from 
the repository access list and user2 still have superuser rights, review 
request will not open (Access Denied). 


Get the Review Board Power Pack at http://www.reviewboard.org/powerpack/
Sign up for Review Board hosting at RBCommons: https://rbcommons.com/
Happy user? Let us know at http://www.reviewboard.org/users/
You received this message because you are subscribed to the Google Groups 
"reviewboard" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to reviewboard+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Reply via email to