r1847598 | brane | 2018-11-27 21:32:21 +0000 (Tue, 27 Nov 2018) Add a test for the bug reported on dev@ list with subject "authz's inverted group access rules are only effective for users mentioned in authz". * subversion/tests/cmdline/authz_tests.py (inverted_group_membership): New test case (XFail). Found by: Pavel Goran
r1847922 | brane | 2018-12-01 21:55:11 +0000 (Sat, 01 Dec 2018) Propagate knowledge about inverted access rule selectors (e.g., ~user, ~@group, ~&alias) to the global level of the parsed authz file structure and take that information into account during access resolution. * subversion/libsvn_repos/authz.h (authz_full_t): Add members has_neg_rights and neg_rights. (authz_acl_t): Add members has_neg_access and neg_access. * subversion/libsvn_repos/authz_parse.c (neg_access_token): "User name" for the global inverted access rights. (insert_default_acl): Initialize neg_access and has_neg_access. (create_ctor_baton): Initialize the inverted global rights. (rules_open_section): Initialize the ALC's inverted access. (add_access_entry): Record the inverted rights. (expand_acl_callback): Propagate the inverted rights to global scope. * subversion/libsvn_repos/authz_info.c (svn_authz__get_global_rights): When the user is authenticated but does not have an explicit entry in the authz file, use the available global inverted rights to resolve the user's access. * subversion/tests/cmdline/authz_tests.py (inverted_group_membership): Remove XFail decorator. Delete the reference to the mail archives, it's in the issue tracker. * subversion/tests/cmdline/svnauthz_tests.py (svnauthz_inverted_selector_test): New test case. Fixes: SVN-4793 Suggested by: Pavel Goran <inbox-17{_AT_}pvgoran.name>