Skip to content

authz: Allow directory read access for sub repo permissions

Warren Gifford requested to merge rs/sub-repo-dir-match into main

Created by: ryanslade

If a path is allowed by sub repo permissions, we should also allow read access to any directories the lie above that path in the tree.

For example, if we allow access to "foo/bar/data.txt" we should also allow the path "foo/" and "foo/bar/" so that we can navigate down the tree.

This does NOT imply access to all items living under "foo/" or "foo/bar/"

Caveat: The logic above cannot be applied to rules that start with a wildcard because it can lead to allowing read access to any directory.

Test plan

More test cases added Tested manually

Merge request reports

Loading