| Log Message: |
Propagate knowledge about inverted access rule selectors (e.g., ~user,
~@group, ~&alias) to the global level of the parsed authz file structure
and take that information into account during access resolution.
* subversion/libsvn_repos/authz.h
(authz_full_t): Add members has_neg_rights and neg_rights.
(authz_acl_t): Add members has_neg_access and neg_access.
* subversion/libsvn_repos/authz_parse.c
(neg_access_token): "User name" for the global inverted access rights.
(insert_default_acl): Initialize neg_access and has_neg_access.
(create_ctor_baton): Initialize the inverted global rights.
(rules_open_section): Initialize the ALC's inverted access.
(add_access_entry): Record the inverted rights.
(expand_acl_callback): Propagate the inverted rights to global scope.
* subversion/libsvn_repos/authz_info.c
(svn_authz__get_global_rights): When the user is authenticated but
does not have an explicit entry in the authz file, use the available global
inverted rights to resolve the user's access.
* subversion/tests/cmdline/authz_tests.py
(inverted_group_membership): Remove XFail decorator.
Delete the reference to the mail archives, it's in the issue tracker.
* subversion/tests/cmdline/svnauthz_tests.py
(svnauthz_inverted_selector_test): New test case.
Fixes: SVN-4793
Suggested by: Pavel Goran <inbox-17{_AT_}pvgoran.name>
|
subversion/trunk/subversion/libsvn_repos/authz.h