Commits

Christian Boos committed 3458df8

svn_authz: really allow access to all parent directories of allowed paths (follow-up to r10006)

Fixes #7343.

Comments (0)

Files changed (2)

trac/versioncontrol/svn_authz.py

                 if path != '/':
                     path += '/'
                 
+                # Allow access to parent directories of allowed resources
+                if any(section.get(user) is True
+                       for module in modules
+                       for spath, section in authz.get(module, {}).iteritems()
+                       if spath.startswith(path)
+                       for user in usernames):
+                    return True
+
                 # Walk from resource up parent directories
                 for spath in parent_iter(path):
                     for module in modules:
                                 result = section.get(user)
                                 if result is not None:
                                     return result
-                
-                # Allow access to parent directories of allowed resources
-                if any(section.get(user) is True
-                       for module in modules
-                       for spath, section in authz.get(module, {}).iteritems()
-                       if spath.startswith(path)
-                       for user in usernames):
-                    return True
             
             if realm == 'source':
                 return check_path(resource.id)

trac/versioncontrol/tests/svn_authz.py

         self.assertPathPerm(False, 'user', 'module', '/precedence_a')
         # The most specific section applies
         self.assertPathPerm(True, 'user', '', '/precedence_b/sub/test')
-        self.assertPathPerm(False, 'user', '', '/precedence_b/sub')
+        # ... intentional deviation from SVN's rules as we need to
+        # make '/precedence_b/sub' browseable so that the user can see
+        # '/precedence_b/sub/test':
+        self.assertPathPerm(True, 'user', '', '/precedence_b/sub')
         self.assertPathPerm(True, 'user', '', '/precedence_b')
         # Within a section, the first matching rule applies
         self.assertPathPerm(False, 'user', '', '/precedence_c')