Details
-
Bug
-
Status: Open
-
Major
-
Resolution: Unresolved
-
1.12.x, 1.14.1
-
None
-
None
-
OS: Debian 9
SVN: 1.14.1
Apache/2.4.25 (Debian) SVN/1.14.1 mod_wsgi/4.5.11 Python/2.7
svn client:
$ svn --version svn, version 1.13.0 (r1867053) compiled Nov 5 2019, 06:46:51 on x86_64-apple-darwin19.0.0
was replicated as well by customer with
SVN/1.14.1 (x64-microsoft-windows) serf/1.3.9 TortoiseSVN-1.14.1.29085
OS: Debian 9 SVN: 1.14.1 Apache/2.4.25 (Debian) SVN/1.14.1 mod_wsgi/4.5.11 Python/2.7 svn client: $ svn --version svn, version 1.13.0 (r1867053) compiled Nov 5 2019, 06:46:51 on x86_64-apple-darwin19.0.0 was replicated as well by customer with SVN/1.14.1 (x64-microsoft-windows) serf/1.3.9 TortoiseSVN-1.14.1.29085
Description
need to have a user that is not allowed to see any paths with Source in it
and to be allowed to have full access to the files ending in uasset
while user can add and update any uasset files, however it is not possible to delete such a file
described by following authz file
[groups] r_users = andrei [:glob:/] * = rw [:glob:/**/*.uasset] @r_users = rw [:glob:/**/Source/**] @r_users =
uassets files have no parents and were added from single commit to replicate a customer issue
example of svn rm command and output
$ svn rm https://subversion.assembla.com/svn/andrei-hook-test/trunk/SomeTestProject/Projects/ShooterGame/Content/Mods/OtherProjectName/Assets/Foliage/Trees/StepeeGrass/Grass01/SteppeGrass01.uasset svn: E175013: Access to '/svn/andrei-hook-test/!svn/txr/13-f/trunk/SomeTestProject/Projects/ShooterGame/Content/Mods/OtherProjectName/Assets/Foliage/Trees/StepeeGrass/Grass01/SteppeGrass01.uasset' forbidden svn: E175013: Your commit message was left in a temporary file: svn: E175013: 'svn-commit.7.tmp'
adding Daniel Shahaf comments
The following test results in SKIP/PASS/XFAIL on ra_local/ra_svn/ra_serf,
respectively. It's a bit rough — no comments and line length style
violation — but putting it here for anyone who may want to take this
further.
When testing this I commented out the AuthzSVNReposRelativeAccessFile
line in davautocheck.sh for reasons discussed in the "1.14.x test
failure under USE_HTTPV1=1: ra-test 13 commit_empty_last_change" thread
(the secondary problem in that thread, not the one the subject line is
about).
Cheers,
Daniel
[[[
Index: subversion/tests/cmdline/authz_tests.py
===================================================================
--- subversion/tests/cmdline/authz_tests.py (revision 1891909)
+++ subversion/tests/cmdline/authz_tests.py (working copy)
@@ -1732,6 +1732,25 @@ def empty_group(sbox):
sbox.repo_url)
+@XFail(svntest.main.is_ra_type_dav)
+@Skip(svntest.main.is_ra_type_file)
+def delete_file_with_starstar_rules(sbox):
+ "delete file with ** rules"
+
+ sbox.build(create_wc = False)
+
+ write_restrictive_svnserve_conf(sbox.repo_dir)
+
+ prefixed_rules = dict()
+ prefixed_rules[':glob:/**/lorem'] = '* = \n'
+ prefixed_rules['/'] = '%s = rw\n' % (svntest.main.wc_author,)
+ prefixed_rules['/A'] = '%s = \n' % (svntest.main.wc_author,)
+ prefixed_rules['/iota'] = '%s = rw\n' % (svntest.main.wc_author,)
+ write_authz_file(sbox, None, prefixed_rules = prefixed_rules)
+
+ svntest.main.run_svn(None, 'rm', sbox.repo_url + '/iota', '-m', 'Delete by URL')
+
+
########################################################################
# Run the tests
@@ -1771,6 +1790,7 @@ test_list = [ None,
inverted_group_membership,
group_member_empty_string,
empty_group,
+ delete_file_with_starstar_rules,
]
serial_only = True
]]]
issue described here as well, leaving the thread link for the reference