As I mentioned before, I think it's pretty much required that we add
wildcard support to the authz file format before we can reasonably
expect people to make use of authz controls for replay or
checkout/update, which seems to be a requirement before we actually
release 1.4 on the world. I've implemented a first cut at this
support, and would like to get some feedback on both the interface and
the implementation.
The authz file format I've used is as follows. There is a new
[wildcards] section that lists out the wildcards and refers to other
sections that hold their associated rules. So to give all developers
access to the trunk of all projects you'd do something like this:
[wildcards]
/*/trunk = slash-star-slash-trunk
[slash-star-slash-trunk]
@developers = rw
The use of the new section (similar to how we currently use groups)
allows us to avoid the "what if people have a * in one of their paths
now?" question.
There are still a few things to resolve: How should the actual
matching work? Right now it's just implemented as a call to
apr_fnmatch, which implements fnmatch style shell globbing. I'm not
sure that's quite what we want. Also, how should this work with
parent path style specifications? I haven't even tried to figure that
out yet.
Anyway, feedback would be welcome, both on direction and especially on
implementation, I'm not hugely familiar with the authz code, and I'd
hate to introduce a problem there. All our tests pass, but it's not
like we have all that many of them...
I'd love to get this polished up real soon now, so I can get replay
and update authz built on top of it for 1.4.x.
Thanks,
-garrett
[[[
Add support for wildcards to the authz file format. Wildcards are specified
using a new section of the file, like this:
[wildcards]
/*/trunk = slash-star-slash-trunk
[slash-star-slash-trunk]
@developers = rw
Wildcards are referred to only after all literal paths are checked, and
make use of the apr_fnmatch function for their underlying matching.
* subversion/libsvn_repos/authz.c
Include apr_fnmatch.h.
(authz_lookup_baton): Add a wildcards hash.
(authz_validate_baton, svn_authz_t): Add a wildcards array.
(wildcard_matches): New helper function.
(authz_parse_section): Handle wildcards.
(authz_get_wildcard_access): New function.
(authz_get_tree_access, authz_get_global_access): Take an authz pointer,
handle wildcards.
(authz_global_parse_section): Handle wildcards.
(authz_validate_wildcards): New helper function.
(authz_validate_section): Handle the wildcards section.
(svn_repos_authz_read): Handle wildcards.
(svn_repos_authz_check): Handle wildcards, pass authz pointers to
authz_get_global_access and authz_get_tree_access..
* subversion/tests/cmdline/authz_tests.py
(wildcards_test): New test.
(test_list): Run new test.
]]]
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue May 2 00:35:54 2006