RE: API change to handle incomplete authorization

> From: kfogel@newton.ch.collab.net [mailto:kfogel@newton.ch.collab.net]On
> Behalf Of kfogel@collab.net
> Sent: Tuesday, October 28, 2003 10:13 PM

[...]
> Now, suppose a subrequest reveals that a resource is not authorized --
> what should we do then?

It should be added in the report as 'missing' (or 'unauthorized'),
since it will end up being missing after the full checkout. The reason
for reporting information about the resource at all is simple. If
you have access to the containing directory, you should be able to
list the contents of the directory.

Note that if the resource is a directory, we should not traverse the
directory and omit all contents of the directory in the report.

Also note that having a resource marked 'missing' implicitly
means that the directory needs to be left in the incomplete state.

[...]
> We propose, therefore, to add an 'incomplete' boolean flag to
> svn_delta_editor_t->close_directory() and close_edit(), so we can
> express this state.

[...]

+1

> Note that even with this, there is still a subtle leak: the client
> doesn't know the names of the prohibited objects, but it still knows
> that at least one prohibited object exists. We say, c'est la vie :-).
> It would be nice to have zero knowledge leak,

See above.

Sander

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Wed Oct 29 08:52:14 2003