Re: Milestone 2: authentication and authorization

From: Branko Čibej <brane_at_xbc.nu>
Date: 2000-12-14 01:10:10 CET

Greg Hudson wrote:

>> The Subversion filesystem has built-in ACLs; they live as
>> non-versioned properties attached to nodes. They can be modified
>> like any other properties.
>
>
> I forget if I've brought this up before:
>
> What if I want to restrict write access to a particular branch (say,
> if I only want to allow the release engineering group to write to a
> release branch)?
>
> What if I want to restrict read access to old versions of some files
> due to licensing issues which have since been corrected?

There's no way around it, we need both historical and non-historical ACL.

The authorisation check should look at the node's (non-historical) ACL
first, then at the revision's ACL. That's inorder that you can
temporarily lock a piece of the tree by changing only the node's ACL,
leaving the revision's ACL alone.

Maybe branches (not revisions on branches!) should have their own
non-historical ACLs, too.

New revisions of a node should inherit their ACL from the predecessor.

-- 
Brane ďż˝ibej
    home:   <brane_at_xbc.nu>             http://www.xbc.nu/brane/
    work:   <branko.cibej_at_hermes.si>   http://www.hermes-softlab.com/
     ACM:   <brane_at_acm.org>            http://www.acm.org/

Received on Sat Oct 21 14:36:17 2006

This message: [ Message body ]
Next message: Jim Blandy: "Re: Milestone 2: authentication and authorization"
Previous message: Jim Blandy: "Re: Milestone 2: authentication and authorization"
In reply to: Greg Hudson: "Re: Milestone 2: authentication and authorization"
Next in thread: Ben Collins-Sussman: "Re: Milestone 2: authentication and authorization"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]