On Fri, Jan 15, 2010 at 6:16 AM, Philip Martin <phi...@codematters.co.uk>wrote:
> What should happen when a username matches multiple lines in an authz > file? The svnbook states that the first matching line applies: > > [groups] > paint-developers = frank, sally, jane > > [paint:/projects/paint] > jane = r > @paint-developers = rw > > Another important fact is that the first matching rule is the one > which gets applied to a user. In the prior example, even though > Jane is a member of the paint-developers group (which has > read/write access), the jane = r rule will be discovered and > matched before the group rule, thus denying Jane write access. > > That's not what happens when I try it. I've stepped through in the > debugger and all lines that match get considered and the resulting > authz is the combination of all the permissions. In the above example > jane will have read/write access. Even simple authz files behave this > way: > > [/] > philip = > * = r > > The book implies that philip would be denied access but when I try it > read access is allowed. Is this a book bug or a Subversion bug? > > If it's a Subversion bug can we fix it? Do admins want this > behaviour? Can we change the behaviour of existing authz files? I > suppose we could introduce a some sort of directive to control the > matching behaviour: > > [directives] > match = first > > Yes, you are right. it actual permission given out was the r , w but not r only. I have been experience this issue staring from 1.6.4. ( I have't yet tested it on later version) May I ask when a patch will come up for fixing this ? Eric, Regards, -- > Philip >
