access() with a missing repo

when a real repo (i.e., not a groupname or such) doesn't exist, checking
any permission other than ^C will give invalid results unless ^C is ok
for the user in question.

Take a look at this:

    repo    foo/CREATOR/a[0-9][0-9]
        C   =   u2 u3
        RW+ =   CREATOR
        R   =   READERS u1

u1 looking for R access on foo/u1/a11 will otherwise result in
success.
This commit is contained in:
Sitaram Chamarty 2012-03-18 14:57:13 +05:30
parent c79f9d2381
commit 8dcc051e64

View file

@ -65,6 +65,14 @@ sub access {
my ( $repo, $user, $aa, $ref ) = @_;
load($repo);
# when a real repo doesn't exist, ^C is a pre-requisite for any other
# check to give valid results.
if ( $aa ne '^C' and $repo !~ /^\@/ and $repo =~ $REPONAME_PATT and repo_missing($repo) ) {
my $iret = access( $repo, $user, '^C', $ref );
$iret =~ s/\^C/$aa/;
return $iret if $iret =~ /DENIED/;
}
my @rules = rules( $repo, $user );
trace( 2, scalar(@rules) . " rules found" );
for my $r (@rules) {
@ -315,7 +323,7 @@ sub user_roles {
my @roles = ();
if ( -f $f ) {
my $fh = _open( "<", $f );
chomp(@roles = <$fh>);
chomp( @roles = <$fh> );
}
push @roles, "CREATOR = " . creator($repo);
for (@roles) {