[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Milestone 2: authentication and authorization

From: Branko Čibej <brane_at_xbc.nu>
Date: 2000-12-14 01:10:10 CET

Greg Hudson wrote:

>> The Subversion filesystem has built-in ACLs; they live as
>> non-versioned properties attached to nodes. They can be modified
>> like any other properties.
> I forget if I've brought this up before:
> What if I want to restrict write access to a particular branch (say,
> if I only want to allow the release engineering group to write to a
> release branch)?
> What if I want to restrict read access to old versions of some files
> due to licensing issues which have since been corrected?

There's no way around it, we need both historical and non-historical ACL.

The authorisation check should look at the node's (non-historical) ACL
first, then at the revision's ACL. That's inorder that you can
temporarily lock a piece of the tree by changing only the node's ACL,
leaving the revision's ACL alone.

Maybe branches (not revisions on branches!) should have their own
non-historical ACLs, too.

New revisions of a node should inherit their ACL from the predecessor.

Brane �ibej
    home:   <brane_at_xbc.nu>             http://www.xbc.nu/brane/
    work:   <branko.cibej_at_hermes.si>   http://www.hermes-softlab.com/
     ACM:   <brane_at_acm.org>            http://www.acm.org/
Received on Sat Oct 21 14:36:17 2006

This is an archived mail posted to the Subversion Dev mailing list.