| Log Message: |
[ Note from the future: Reverted in r1882319 ]
Fix issue #4762 "authz doesn't combine global and repository rules"
The new authz implementation of SVN 1.10 introduced an incompatible change
in the interpretation of authz rules: Global rules access were not
considered if per-repository access rules were also supplied.
This change seems entirely unnecessary and is still causing problems today
for deployments which upgrade from earlier versions, such as from SVN 1.8.
Existing authz files no longer produce expected results and adjusting
large existing authz rule files to avoid this problem is a lot of work.
* subversion/libsvn_repos/authz.c
(authz_check_access): New helper function, extracted from ...
(svn_repos_authz_check_access): ... here. Always consider the global
rule set in addition to the repository-specific one. The results
from both rulesets are now merged as was the case before SVN 1.10.
* subversion/tests/cmdline/svnauthz_tests.py
(svnauthz_accessof_file_test,
svnauthz_accessof_repo_test,
svnauthz_accessof_groups_file_test,
svnauthz_accessof_groups_repo_test,
svnauthz_accessof_is_file_test,
svnauthz_accessof_is_repo_test): Adjust test expectations accordingly.
* subversion/tests/libsvn_repos/authz-test.c
(reposful_reposless_stanzas_inherit): Remove XFAIL marker.
* subversion/tests/libsvn_repos/repos-test.c
(test_authz_prefixes): Adjust test expectations. This test shows that
the behaviour change was likely deliberate. This test assumed that
global rules would only apply if listed after per-repository rules.
Change test expectations such that global rules are always taken
into account.
|
subversion/trunk/subversion/libsvn_repos/authz.c