kfogel@collab.net wrote:
> The code in libsvn_repos/authz.c is asking "Could this section
> *possibly* apply to this path? If not, just return TRUE now, because
> this section cannot cause access to be denied if it doesn't even apply
> to this path. Otherwise, continue on to the real checks."
>
> Is that right?
That is right. Before the recursive lookup routine runs, nonrecursive
access to the base path has been validated; therefore, in the absence of
contradictory rules on paths below, recursive access is also to be
granted. This is what that test checks.
By the way, if any of you have in mind a more efficient internal
representation for authz rules, I'm all ears. I've been digging around
a little for a representation that would avoid the "reparse half the
file even when 90% of rules apply to a different repository and the user
is in none of the 20 defined groups" approach to lookups. So far
haven't been able to isolate one that combines this lookup efficiency
with less than indecent load-time analysis and crunching.
- Dave.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Fri Aug 5 12:09:36 2005