Details
-
Bug
-
Resolution: Fixed
-
Medium
-
None
-
1.3
-
None
-
Crowd standalone 1.3
Crowd-Apache-Connector-1.2.1
httpd-2.0.52-28
perl 5.8.8
Description
Rather than acting as a modifier to determine if a group has read-only access, a group with ':r' appended to the name must be created in Crowd. This means that an existing group cannot be used to assign read-only access to subversion.
Given the following in the apache config:
PerlSetVar CrowdAllowedGroups developers,subversion-readonly:r
There must be two groups, 'developers' and 'subversion-readonly:r' in Crowd, not 'developers' and 'subversion-readonly', as one would expect.
CrowdAuthz.pm does an exact string comparison instead of looking for the substring before the ':r' and using the ':r' strictly as a modifier. (see how groups are split at line 267)