On Thu, Mar 12, 2009 at 10:39 AM, Jelmer Vernooij <jelmer_at_samba.org> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi Daniel,
>
> Thanks for reviewing.
>
> Daniel Rall wrote:
>> On Wed, Mar 4, 2009 at 7:41 PM, Jelmer Vernooij <jelmer_at_samba.org> wrote:
>>> At the moment a generic error (175002, SVN_ERR_RA_DAV_REQUEST_FAILED) is
>>> returned when ra_neon hits a 403 error, and this makes it hard to
>>> distinguish it from other RA errors that also return 175002.
>>>
>>> [[[
>>>
>>> * subversion/include/svn_error_codes.h: Add error code
>>> SVN_ERR_RA_FORBIDDEN.
>>> * subversion/libsvn_ra_neon/util.c(generate_error): Return
>>> SVN_ERR_RA_FORBIDDEN for 403 HTTP codes.
>>>
>>> ]]]
>>>
>>> Is SVN_ERR_RA_FORBIDDEN the right name here and RA the right category,
>>> or does it belong in the DAV specific error category?
>>
>> Jelmer, I too favor a more specific error here (and think that the
>> top-level RA_ namespace is appropriate). However, how would this new
>> error code be differentiated from:
>>
>> SVN_ERRDEF(SVN_ERR_RA_NOT_AUTHORIZED,
>> SVN_ERR_RA_CATEGORY_START + 1,
>> "Authorization failed")
>>
>> Is this specific to a case where you've already authenticated, and
>> your current ACL isn't sufficient to access a resource? Don't we just
>> prompt for re-authentication in this case?
> We already map 401's to SVN_ERR_RA_NOT_AUTHORIZED, as 401 specifically
> means "Not authorized". 403, according to the http spec, is a blanket
> "forbidden" error and should not be used when authorization will not help.
So the question becomes, do we want to leak this distinction from RFC
2616 into SVN_ERR_RA's or SVN_ERR_RA_DAV's error codes? The latter
seems reasonable, but if we're going to put it there, perhaps it
should be in the top-level.
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=462&dsMessageId=1313841
Received on 2009-03-12 19:06:26 CET