[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [PATCH] wildcard authz prototype

From: Daniel Rall <dlr_at_collab.net>
Date: 2006-05-02 01:39:00 CEST

On Mon, 01 May 2006, Greg Hudson wrote:

> On Mon, 2006-05-01 at 16:06 -0700, Garrett Rooney wrote:
> > Seriously, it iterates over all the wildcards applying them, to see if
> > any of them matter. See the modifications to authz_get_tree_access
> > and authz_parse_section for details.
>
> I'm confused as to how this can be correct.
>
> If I have a rule denying read access to */tags, and a caller wants to
> know if the user has recursive read access to /project/foo, doesn't the
> answer depend on whether /project/foo contains a "tags" somewhere? How
> can you know if the */tags wildcard entry is relevant without knowing
> what paths exist inside the tree?

It's certainly not optimal, but you could crawl the entire
/project/foo sub-tree looking for a match.

Alternately, you could accept only trailing wildcards in the
configuration.

-- 
Daniel Rall

  • application/pgp-signature attachment: stored
Received on Tue May 2 01:39:25 2006

This is an archived mail posted to the Subversion Dev mailing list.