On 10/23/2012 08:48 AM, Stefan Sperling wrote:
> On Tue, Oct 23, 2012 at 04:29:51PM +0400, Ivan Zhakov wrote:
>>>> I'm working on the patch to list only readable repositories. There is
>>>> already TODO comment in the code by cmpilato:
>>>> subversion\mod_dav_svn\repos.c:3461
>>>> [[[
>>>> /* ### TODO: We could test for readability of the root
>>>> directory of each repository and hide those that
>>>> the user can't see. */
>
>> I'm going to create small patch to just fix this problem and probably
>> refactor later in separate commit.
>
> What about users who are allowed to see a subtree of the repository but
> not the root? Shouldn't such users be allowed to list the repository?
That would be ideal in a universe where Subversion's overall authz policy
was designed to accommodate it, but would today be entirely inconsistent
with our handling of in-repos paths. What would the repository root name
link to? A directory view they'd get 403'd on? Sorry, but at this time I
would oppose that (questionably) feature creep.
--
C. Michael Pilato <cmpilato_at_collab.net>
CollabNet <> www.collab.net <> Enterprise Cloud Development
Received on 2012-10-23 15:05:20 CEST