One of our users stumpled upon this today. The following applies to the plugin scmsvn. I don't know if the same applies to other scm plugins.
Since FusionForge 5.1 and the role-based access control system there are the global groups "Anonymous/not logged in" and "Any user logged in".
If you set read permission in SCM for the global group "Any user logged in", then nothing will change in the access file. From an user point of view "* = r" should be added.
The same happens if you set write permissions. There should be "* = rw", but nothing is added to the access file.
If you set write permissions for the group "Anonymous/not logged in" in SCM, then the user anonsvn and every authenticated user is added with read permissions.
After a quick look in the code from 5.2.2, 5.2.4 and 5.3.1 I assume the behaviour is still the same from before 5.1 with the flag enable_anonscm in the table groups where everone authenticated and the anonsvn user was added with read permissions.
Code from the SVN plugin:
if ($project->enableAnonSCM()) {
$accessdata .= forgegetconfig('anonsvnlogin', 'scmsvn')." = r\n";
$access_data .= "* = r\n";
}
$project->enableAnonSCM() does only check if the global role "Anonymous/not logged in" has read permissions.
If the read permissions are there, then every authenticated user and the anonsvn login get read access to the repository.
|