Author: stsp Date: Thu Oct 8 12:00:28 2020 New Revision: 1882319 URL: http://svn.apache.org/viewvc?rev=1882319&view=rev Log: Revert r1882186.
The change introduced a regression where behaviour of trunk differs from both 1.9 and 1.10: http://mail-archives.apache.org/mod_mbox/subversion-dev/202010.mbox/%3C20201006162606.GA86427%40byrne.stsp.name%3E Modified: subversion/trunk/subversion/libsvn_repos/authz.c subversion/trunk/subversion/tests/cmdline/svnauthz_tests.py subversion/trunk/subversion/tests/libsvn_repos/authz-test.c subversion/trunk/subversion/tests/libsvn_repos/repos-test.c Modified: subversion/trunk/subversion/libsvn_repos/authz.c URL: http://svn.apache.org/viewvc/subversion/trunk/subversion/libsvn_repos/authz.c?rev=1882319&r1=1882318&r2=1882319&view=diff ============================================================================== --- subversion/trunk/subversion/libsvn_repos/authz.c (original) +++ subversion/trunk/subversion/libsvn_repos/authz.c Thu Oct 8 12:00:28 2020 @@ -1674,13 +1674,23 @@ svn_repos_authz_parse2(svn_authz_t **aut return SVN_NO_ERROR; } -static svn_error_t * -authz_check_access(svn_authz_t *authz, const char *path, - authz_user_rules_t *rules, - svn_repos_authz_access_t required_access, - authz_access_t required, - svn_boolean_t *access_granted, apr_pool_t *pool) +svn_error_t * +svn_repos_authz_check_access(svn_authz_t *authz, const char *repos_name, + const char *path, const char *user, + svn_repos_authz_access_t required_access, + svn_boolean_t *access_granted, + apr_pool_t *pool) { + const authz_access_t required = + ((required_access & svn_authz_read ? authz_access_read_flag : 0) + | (required_access & svn_authz_write ? authz_access_write_flag : 0)); + + /* Pick or create the suitable pre-filtered path rule tree. */ + authz_user_rules_t *rules = get_user_rules( + authz, + (repos_name ? repos_name : AUTHZ_ANY_REPOSITORY), + user); + /* In many scenarios, users have uniform access to a repository * (blanket access or no access at all). * @@ -1726,39 +1736,3 @@ authz_check_access(svn_authz_t *authz, c return SVN_NO_ERROR; } - -svn_error_t * -svn_repos_authz_check_access(svn_authz_t *authz, const char *repos_name, - const char *path, const char *user, - svn_repos_authz_access_t required_access, - svn_boolean_t *access_granted, - apr_pool_t *pool) -{ - svn_error_t *err; - const authz_access_t required = - ((required_access & svn_authz_read ? authz_access_read_flag : 0) - | (required_access & svn_authz_write ? authz_access_write_flag : 0)); - authz_user_rules_t *rules; - svn_boolean_t access_granted_by_any = FALSE; - svn_boolean_t access_granted_by_repos = FALSE; - - *access_granted = FALSE; - - rules = get_user_rules(authz, AUTHZ_ANY_REPOSITORY, user); - err = authz_check_access(authz, path, rules, required_access, required, - &access_granted_by_any, pool); - if (err) - return err; - - if (repos_name) - { - rules = get_user_rules(authz, repos_name, user); - err = authz_check_access(authz, path, rules, required_access, required, - &access_granted_by_repos, pool); - if (err) - return err; - } - - *access_granted = (access_granted_by_any || access_granted_by_repos); - return SVN_NO_ERROR; -} Modified: subversion/trunk/subversion/tests/cmdline/svnauthz_tests.py URL: http://svn.apache.org/viewvc/subversion/trunk/subversion/tests/cmdline/svnauthz_tests.py?rev=1882319&r1=1882318&r2=1882319&view=diff ============================================================================== --- subversion/trunk/subversion/tests/cmdline/svnauthz_tests.py (original) +++ subversion/trunk/subversion/tests/cmdline/svnauthz_tests.py Thu Oct 8 12:00:28 2020 @@ -224,8 +224,8 @@ def svnauthz_accessof_file_test(sbox): svntest.actions.run_and_verify_svnauthz(["r\n"], None, 0, False, "accessof", authz_path, "--path", "/jokes") - # Anonymous access on /jokes on slapstick repo should be r via rules on [/] - svntest.actions.run_and_verify_svnauthz(["r\n"], None, 0, False, "accessof", + # Anonymous access on /jokes on slapstick repo should be no + svntest.actions.run_and_verify_svnauthz(["no\n"], None, 0, False, "accessof", authz_path, "--path", "/jokes", "--repository", "slapstick") @@ -289,8 +289,8 @@ def svnauthz_accessof_repo_test(sbox): svntest.actions.run_and_verify_svnauthz(["r\n"], None, 0, False, "accessof", authz_url, "--path", "/jokes") - # Anonymous access on /jokes on slapstick repo should be r via rules on [/] - svntest.actions.run_and_verify_svnauthz(["r\n"], None, 0, False, "accessof", + # Anonymous access on /jokes on slapstick repo should be no + svntest.actions.run_and_verify_svnauthz(["no\n"], None, 0, False, "accessof", authz_url, "--path", "/jokes", "--repository", "slapstick") @@ -356,8 +356,8 @@ def svnauthz_accessof_groups_file_test(s "--repository", "comedy") # User stafford (@musicians) specified on /jokes with the repo comedy - # will be rw. - svntest.actions.run_and_verify_svnauthz(["rw\n"], None, + # will be no. + svntest.actions.run_and_verify_svnauthz(["no\n"], None, 0, False, "accessof", authz_path, "--groups-file", groups_path, "--path", "jokes", @@ -440,8 +440,8 @@ def svnauthz_accessof_groups_repo_test(s "--repository", "comedy") # User stafford (@musicians) specified on /jokes with the repo comedy - # will be rw via rules on [/]. - svntest.actions.run_and_verify_svnauthz(["rw\n"], None, + # will be no. + svntest.actions.run_and_verify_svnauthz(["no\n"], None, 0, False, "accessof", authz_url, "--groups-file", groups_url, "--path", "jokes", @@ -508,19 +508,19 @@ def svnauthz_accessof_is_file_test(sbox) authz_path, "--path", "/jokes", "--is", "no") - # Anonymous access on /jokes on slapstick repo should be r via rules on [/] - # Test --is r returns 0. + # Anonymous access on /jokes on slapstick repo should be no + # Test --is no returns 0. svntest.actions.run_and_verify_svnauthz(None, None, 0, False, "accessof", authz_path, "--path", "/jokes", "--repository", "slapstick", - "--is", "r") + "--is", "no") # Test --is rw returns 3. svntest.actions.run_and_verify_svnauthz(None, None, 3, False, "accessof", authz_path, "--path", "/jokes", "--repository", "slapstick", "--is", "rw") - # Test --is r returns 0. - svntest.actions.run_and_verify_svnauthz(None, None, 0, False, "accessof", + # Test --is r returns 3. + svntest.actions.run_and_verify_svnauthz(None, None, 3, False, "accessof", authz_path, "--path", "/jokes", "--repository", "slapstick", "--is", "r") @@ -666,19 +666,19 @@ def svnauthz_accessof_is_repo_test(sbox) authz_url, "--path", "/jokes", "--is", "no") - # Anonymous access on /jokes on slapstick repo should be r via rules on [/] - # Test --is r returns 0. + # Anonymous access on /jokes on slapstick repo should be no + # Test --is no returns 0. svntest.actions.run_and_verify_svnauthz(None, None, 0, False, "accessof", authz_url, "--path", "/jokes", "--repository", "slapstick", - "--is", "r") + "--is", "no") # Test --is rw returns 3. svntest.actions.run_and_verify_svnauthz(None, None, 3, False, "accessof", authz_url, "--path", "/jokes", "--repository", "slapstick", "--is", "rw") - # Test --is r returns 0. - svntest.actions.run_and_verify_svnauthz(None, None, 0, False, "accessof", + # Test --is r returns 3. + svntest.actions.run_and_verify_svnauthz(None, None, 3, False, "accessof", authz_url, "--path", "/jokes", "--repository", "slapstick", "--is", "r") Modified: subversion/trunk/subversion/tests/libsvn_repos/authz-test.c URL: http://svn.apache.org/viewvc/subversion/trunk/subversion/tests/libsvn_repos/authz-test.c?rev=1882319&r1=1882318&r2=1882319&view=diff ============================================================================== --- subversion/trunk/subversion/tests/libsvn_repos/authz-test.c (original) +++ subversion/trunk/subversion/tests/libsvn_repos/authz-test.c Thu Oct 8 12:00:28 2020 @@ -522,7 +522,7 @@ static struct svn_test_descriptor_t test "test svn_authz__get_global_rights"), SVN_TEST_PASS2(issue_4741_groups, "issue 4741 groups"), - SVN_TEST_PASS2(reposful_reposless_stanzas_inherit, + SVN_TEST_XFAIL2(reposful_reposless_stanzas_inherit, "[foo:/] inherits [/]"), SVN_TEST_NULL }; Modified: subversion/trunk/subversion/tests/libsvn_repos/repos-test.c URL: http://svn.apache.org/viewvc/subversion/trunk/subversion/tests/libsvn_repos/repos-test.c?rev=1882319&r1=1882318&r2=1882319&view=diff ============================================================================== --- subversion/trunk/subversion/tests/libsvn_repos/repos-test.c (original) +++ subversion/trunk/subversion/tests/libsvn_repos/repos-test.c Thu Oct 8 12:00:28 2020 @@ -1601,7 +1601,20 @@ test_authz_prefixes(apr_pool_t *pool) enum { PATH_COUNT = 2 }; const char *test_paths[PATH_COUNT] = { "/", "/A" }; - struct check_access_tests test_set[] = { + /* Definition of the paths to test and expected replies for each. */ + struct check_access_tests test_set1[] = { + /* Test that read rules are correctly used. */ + { "", "greek", NULL, svn_authz_read, FALSE }, + /* Test that write rules are correctly used. */ + { "", "greek", "plato", svn_authz_read, TRUE }, + { "", "greek", "plato", svn_authz_write, FALSE }, + /* Sentinel */ + { NULL, NULL, NULL, svn_authz_none, FALSE } + }; + + /* To be used when global rules are specified after per-repos rules. + * In that case, the global rules still win. */ + struct check_access_tests test_set2[] = { /* Test that read rules are correctly used. */ { "", "greek", NULL, svn_authz_read, TRUE }, { "", "greek", NULL, svn_authz_write, FALSE }, @@ -1621,6 +1634,7 @@ test_authz_prefixes(apr_pool_t *pool) const char *repo1 = (combi & 4) ? "greek:" : ""; const char *repo2 = (combi & 4) ? "" : "greek:"; const char *test_path = test_paths[combi / 8]; + struct check_access_tests *test_set = (combi & 4) ? test_set2 : test_set1; /* Create and parse the authz rules. */ svn_pool_clear(iterpool);