Re: Authz on Collection of Repositories (was: Expansion of authz policy name leak)

From: Stefan Sperling <stsp_at_elego.de>
Date: Tue, 23 Oct 2012 14:48:29 +0200

On Tue, Oct 23, 2012 at 04:29:51PM +0400, Ivan Zhakov wrote:
> >> I'm working on the patch to list only readable repositories. There is
> >> already TODO comment in the code by cmpilato:
> >> subversion\mod_dav_svn\repos.c:3461
> >> [[[
> >> /* ### TODO: We could test for readability of the root
> >> directory of each repository and hide those that
> >> the user can't see. */

> I'm going to create small patch to just fix this problem and probably
> refactor later in separate commit.

What about users who are allowed to see a subtree of the repository but
not the root? Shouldn't such users be allowed to list the repository?
Received on 2012-10-23 14:49:18 CEST

This message: [ Message body ]
Next message: C. Michael Pilato: "Re: Authz on Collection of Repositories (was: Expansion of authz policy name leak)"
Previous message: Ivan Zhakov: "Re: Authz on Collection of Repositories (was: Expansion of authz policy name leak)"
In reply to: Ivan Zhakov: "Re: Authz on Collection of Repositories (was: Expansion of authz policy name leak)"
Next in thread: C. Michael Pilato: "Re: Authz on Collection of Repositories (was: Expansion of authz policy name leak)"
Reply: C. Michael Pilato: "Re: Authz on Collection of Repositories (was: Expansion of authz policy name leak)"
Reply: Branko Čibej: "Re: Authz on Collection of Repositories (was: Expansion of authz policy name leak)"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]