Index: subversion/mod_authz_svn/mod_authz_svn.c =================================================================== --- subversion/mod_authz_svn/mod_authz_svn.c (revision 1361944) +++ subversion/mod_authz_svn/mod_authz_svn.c (working copy) @@ -291,9 +291,29 @@ case M_COPY: authz_svn_type |= svn_authz_recursive; + /* M_GET should be treated specially. + If it is not a subrequest, check for read access. + If it is a subrequest of PROPFIND or REPORT, check read access. + For subrequests of all other methods, check for write access. */ + case M_GET: + if (r->main == NULL) + { + authz_svn_type |= svn_authz_read; + break; + } + if (r->main->method_number == M_PROPFIND || r->main->method_number == M_REPORT) + { + authz_svn_type |= svn_authz_read; + break; + } + else + { + authz_svn_type |= svn_authz_write; + break; + } + /* All methods requiring read access to r->uri */ case M_OPTIONS: - case M_GET: case M_PROPFIND: case M_REPORT: authz_svn_type |= svn_authz_read; @@ -615,12 +635,20 @@ */ if (repos_path) { - svn_err = svn_repos_authz_check_access(access_conf, repos_name, - repos_path, - username_to_authorize, - svn_authz_none|svn_authz_read, - &authz_access_granted, - r->pool); + if (r->method_number == M_PROPFIND || r->method_number == M_REPORT) + svn_err = svn_repos_authz_check_access(access_conf, repos_name, + repos_path, + username_to_authorize, + svn_authz_none|svn_authz_read, + &authz_access_granted, + r->pool); + else + svn_err = svn_repos_authz_check_access(access_conf, repos_name, + repos_path, + username_to_authorize, + svn_authz_none|svn_authz_write, + &authz_access_granted, + r->pool); if (svn_err) { ap_log_rerror(APLOG_MARK, APLOG_ERR,