See the branch for full log messages.
Here's my nutshell summary of the new 'partial read-authz feature':
If a client checks out or updates a tree, a server authz system now
has the ability to selectively deny read-access on arbitrary files and
dirs by supplying a authz_read_func to svn_repos_dir_delta(). In this
situation, dir_delta() will call new absent_file|dir editor
functions instead of the usual [open|add] functions. The DAV layer
now marshals these messages over the network, and libsvn_wc marks the
appropriate wc entries as 'absent'. Entries marked 'absent' are
essentially treated like 'deleted' ones; most client commands can't
see them at all. (But 'svn up' *does* report them to the server, in
case read-access is re-granted.)
(There are still a couple of small wc bugs, specifically triggered by
repeated granting/ungranting of read-access to files. They'll be
fixed RSN.)
Final note: this change upgrades working copies from format 2 to
format 3 'in place'. Format 1 wc's are no longer supported.
