RE: [BUG] Revprop edits are checked for read access.

This is a bug. This allows editing of log message as long as user has some write access somewhere in the repository not necessarily on the change paths.

With regards
Kamesh Jayachandran

-----Original Message-----
From: C. Michael Pilato [mailto:cmpilato_at_collab.net]
Sent: Thu 7/19/2012 6:21 PM
To: Arwin Arni Nandagopal
Cc: dev_at_subversion.apache.org
Subject: Re: [BUG] Revprop edits are checked for read access.
 
On 07/19/2012 07:29 AM, Arwin wrote:
> Hi All,
>
> I've raised http://subversion.tigris.org/issues/show_bug.cgi?id=4206 .
>
> Here is the Description:
>
> <Description>
> Revision properties are now checked for read access during propedits. This
> is done by making a GET subrequest to each of the changed paths in that
> revision. GETs are always checked for read access only.
>
> This enables anyone with ONLY read access to a path edit the log message for
> a revision that modified that path.
>
> The attached patch special cases these subrequests by checking for write
> access for all GET requests except if they are subrequests of PROPFIND or
> REPORT (in which case they are checked for read access).
> </Description>
>
> Please share your thoughts on this.

There's no bug here. The behavior you see is be design. See my comments in
the issue you filed.

-- 
C. Michael Pilato <cmpilato_at_collab.net>
CollabNet   <>   www.collab.net   <>   Enterprise Cloud Development