[Fusionforge-general] Only read permission for private projects in svnroot-access

Laurent HUET laurent.huet at gmail.com
Mon Mar 22 17:44:35 CET 2010


Hello Emilien,

I remember this issue on my platform (4.8) and have found a workaround that
apply on my context (only private projects)
It's not a clean hack but it sovle this issue for me.
I think this is a bug but it needs to be confirm by the Fusionforge team.

My workaround is just to comment 5 lines in the file
/usr/share/gforge/plugins/scmsvn/cronjobs/update_users.php :

function add2AccessFile($group_id) {
$result = "";
$project = &group_get_object($group_id);
$result = "[". $project->getUnixName(). ":/]\n";
$users = &$project->getMembers();
foreach($users as $user ) {
* **//$perm = &$project->getPermission($user);*
* **//if ( $perm->isCVSWriter() ) {*
* **$result.= $user->getUnixName() . "= rw\n";*
* **//} else if ( $perm->isCVSReader() ) {*
* **//** **$result.= $user->getUnixName() . "= r\n";*
* **//}*
}
if ( $project->enableAnonSCM() ) {
$result.="anonsvn= r\n";
$result.="* = r\n";

}
$result.="\n";
return $result;
}

Best regards,

Laurent


2010/3/22 emilien F <ef.secliste at gmail.com>

> Hello,
>
> I have an issue on my production environment which is very annoying, I
> found a way to bypass it by writing a query manually but I'm not sure if I'm
> creating some security hole or something so I'm asking the experts here.
>
> I'm running fusionforge 4.8.2 which followed this upgrade path (gforge ->
> fusionforge 4.7 -> 4.8, 4.8.1)
>
> The issue I have is the following, if I run the cronjob in
> /opt/gforge/plugins/scmsvn/cronjobs/create_svn.php all of my private
> projects are created with users having only read only rights.
> I've tried to search in the files until I found the source of the issue (at
> least I think it is) but I don't know how to fix it.
>
> If I comment in the /opt/gforge/common/include/Group.class.php from line
> 241 to 248 the following code:
>
>    if(!$this->isPublic() && !in_array($id, $systemGroups)) {
>                         $perm =& $this->getPermission(session_get_user());
> print_r($perm);
>
> if (!$perm || !is_object($perm) || !$perm->isMember()) {
>                                 $this->setError(_('Permission denied'),
> ERROR__PERMISSION_DENIED_ERROR);
>                                 return false;
>                         }
>
> I have the correct svnroot-access file being created. However since there
> is a specific instructions for private groups I suppose it's used for
> something.
>
> I'm hoping some of you have come accross this issue and have a workaround,
> I'll continue to search but I'm not sure I can find the solution as I'm not
> really good in php.
>
> Thanks for your help,
> Best regards.
>
>
>
>
> _______________________________________________
> Fusionforge-general mailing list
> Fusionforge-general at lists.fusionforge.org
> http://lists.fusionforge.org/cgi-bin/mailman/listinfo/fusionforge-general
>
>


-- 
-----------------
Laurent HUET
e-mail : laurent.huet at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fusionforge.org/pipermail/fusionforge-general/attachments/20100322/51c1faa0/attachment.htm>


More information about the Fusionforge-general mailing list