[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [PATCH/RFC] Add separate error code for RA Forbidden

From: Jelmer Vernooij <jelmer_at_samba.org>
Date: Thu, 12 Mar 2009 18:39:57 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Daniel,

Thanks for reviewing.

Daniel Rall wrote:
> On Wed, Mar 4, 2009 at 7:41 PM, Jelmer Vernooij <jelmer_at_samba.org> wrote:
>> At the moment a generic error (175002, SVN_ERR_RA_DAV_REQUEST_FAILED) is
>> returned when ra_neon hits a 403 error, and this makes it hard to
>> distinguish it from other RA errors that also return 175002.
>>
>> [[[
>>
>> * subversion/include/svn_error_codes.h: Add error code
>> SVN_ERR_RA_FORBIDDEN.
>> * subversion/libsvn_ra_neon/util.c(generate_error): Return
>> SVN_ERR_RA_FORBIDDEN for 403 HTTP codes.
>>
>> ]]]
>>
>> Is SVN_ERR_RA_FORBIDDEN the right name here and RA the right category,
>> or does it belong in the DAV specific error category?
>
> Jelmer, I too favor a more specific error here (and think that the
> top-level RA_ namespace is appropriate). However, how would this new
> error code be differentiated from:
>
> SVN_ERRDEF(SVN_ERR_RA_NOT_AUTHORIZED,
> SVN_ERR_RA_CATEGORY_START + 1,
> "Authorization failed")
>
> Is this specific to a case where you've already authenticated, and
> your current ACL isn't sufficient to access a resource? Don't we just
> prompt for re-authentication in this case?
We already map 401's to SVN_ERR_RA_NOT_AUTHORIZED, as 401 specifically
means "Not authorized". 403, according to the http spec, is a blanket
"forbidden" error and should not be used when authorization will not help.

Cheers,

Jelmer
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iJwEAQECAAYFAkm5SOoACgkQDLQl4QYPZuVkCwQAm0nm8X2N/mB/8oBONgy3aD8V
elr9zE2FYHJXvLFmYAcBn5CHNEmaWZJ5lMuC/rwJcco6j7ieR3I4a9/zWADPI5+1
tTs5j0ZMMfe5AiyYF5kgOyIx05IzTAZCzPUNfWc+ZRK6Mo3kI2b+N8PM5b/zCxoN
6vrjrBjsB4n6O1/j5sI=
=2N5W
-----END PGP SIGNATURE-----

------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=462&dsMessageId=1313735
Received on 2009-03-12 18:41:12 CET

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.