RE: [BUG] Revprop edits are checked for read access.
This is a bug. This allows editing of log message as long as user has some write access somewhere in the repository not necessarily on the change paths.
From: C. Michael Pilato [mailto:cmpilato_at_collab.net]
Sent: Thu 7/19/2012 6:21 PM
To: Arwin Arni Nandagopal
Subject: Re: [BUG] Revprop edits are checked for read access.
On 07/19/2012 07:29 AM, Arwin wrote:
> Hi All,
> I've raised http://subversion.tigris.org/issues/show_bug.cgi?id=4206 .
> Here is the Description:
> Revision properties are now checked for read access during propedits. This
> is done by making a GET subrequest to each of the changed paths in that
> revision. GETs are always checked for read access only.
> This enables anyone with ONLY read access to a path edit the log message for
> a revision that modified that path.
> The attached patch special cases these subrequests by checking for write
> access for all GET requests except if they are subrequests of PROPFIND or
> REPORT (in which case they are checked for read access).
> Please share your thoughts on this.
There's no bug here. The behavior you see is be design. See my comments in
the issue you filed.
C. Michael Pilato <cmpilato_at_collab.net>
CollabNet <> www.collab.net <> Enterprise Cloud Development
Received on 2012-07-19 15:03:22 CEST
This is an archived mail posted to the Subversion Dev