Check SVN authz permissions with svn_authz_check_access

[hyugaricdeau@…]

I'm just wondering if there's a good reason not to use the Subversion SWIG bindings to check access in authz files. My motivation here is that I would like to take advantage of certain authz syntax available in currently in Subversion's trunk, such as aliases, and special tokens like "$authorized" and "$anonymous".

The simplest solution, rather than reimplement those features in Python, was just to rewrite RealSubversionAuthorizer in svn_authz.py like so:

import svn.repos

class RealSubversionAuthorizer(Authorizer):

    auth_name = ''
    module_name = ''
    conf_authz = None

    def __init__(self, repos, auth_name, module_name, cfg_file):
        self.repos = repos

        # Because the username 'anonymous' doesn't mean anything
        # special to Subversion, it interprets 'anonymous' as an
        # authenticated user.
        if auth_name == 'anonymous':
            self.auth_name = None
        else:
            self.auth_name = auth_name

        self.module_name = module_name
        self.authz = svn.repos.authz_read(cfg_file, False)
                                
    def has_permission(self, path):
        if path is None:
            return True

        # svn_authz_check_access will crash your machine if the path
        # is not rooted at /, so this is crucial.
        # A trailing slash is also bad, as Subversion doesn't consider
        # that canonical.
        path = '/' + path.strip('/')

        return svn.repos.authz_check_access(self.authz, self.module_name,
                                            path, self.auth_name,
                                            svn.repos.svn_authz_read)

    # has_permission_for_changeset is unchanged

This could probably be improved here or there, but it seems to work well enough. I say 'seems' because the one downside I see is that this implementation anyways breaks the unit tests (svn.repos.read_authz() can't take a file pointer as an argument).

However, there may be more esoteric problems with doing it this way, so that's what I would like to confirm.

Thanks.

[hyugaricdeau@…]

Ah, I was just looking at the libsvn_repos API and noticed that the calls to authz_read and authz_check_access should also be passed pointers to the repository connection's memory pool. This is a simple modification to the code I posted above.

[mgood]

This function was added in SVN 1.3 and we're maintaining compatibility with older versions, so for now we can't use it exclusively. It may be possible to provide a compatibility layer so that it's used if available.

[hyuga <hyugaricdeau@…>]

Sounds reasonable. I did not know that those functions weren't available prior to SVN 1.3 (I hadn't started using it until 1.3).

At any rate, there are some nice new features for authz files waiting for inclusion in a release in their trunk. I've been making use of those features in a patched version 1.3.1, and they've been working well. I don't know when they plan to include them in a release, but I suspect they will eventually.

So, it seems to make sense to just use SVN's built-in authz functions when available, rather than bothering to write in one's own support for those features. And it doesn't make sense to make those new features available to users of older versions of Subversion either.

If you want I could submit a proper patch with such a compatability layer, or should this be held off on for now?

[cboos]

Well, there's unfortunately never been much attention paid to the authz part, so if you can get into it and help improving this part of the code, you're more than welcome!

(PS: also take a look at the existing issues with authz: query:?status=!closed&keywords=~authz)

[eblot]

BTW, what is the policy with Subversion support?

AFAICT, 1.2.x series have officially reached end-of-life, so does Trac really need to support < 1.3 series for an upcoming release?