Uploaded image for project: 'Crowd Data Center'
  1. Crowd Data Center
  2. CWD-923

Apache::CrowdAuthz uses permissions of last group matched in SVN authz file when principal belongs to multiple groups.

    XMLWordPrintable

Details

    Description

      (see also: CWDSUP-700)

      When multiple groups are specified in an svn authz file for a repository path and the principal belongs to more than one of those groups the group that actually gets used for the permission is the one that occurs last in the list of groups returned from Crowd's findGroupMemberships SOAP method.

      This is (obviously) difficult behavior for the user to understand or modify.

      Suggested change: Make the user's effective authz level that of the most permissive group they belong to. For example, if the SVNAuthz file looks like

      [/path]
@group1=r
@group2=rw

      and the principal belongs to both group1 and group2, then their effective permission would be "rw" because that is the most permissive permission.

      Attachments

        Issue Links

          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. CWD-944 CrowdAuthzSVNAccessFile authorization does not select most permissive permissions

          • High - High priority issues
          • Closed

          Activity

            People

              beb930a06022 Andrew Reid
              beb930a06022 Andrew Reid
              Votes:
              1 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - 8h
                  8h
                  Remaining:
                  Remaining Estimate - 8h
                  8h
                  Logged:
                  Time Spent - Not Specified
                  Not Specified