[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: API change to handle incomplete authorization

From: Sander Striker <striker_at_apache.org>
Date: 2003-10-29 08:51:28 CET

> From: kfogel@newton.ch.collab.net [mailto:kfogel@newton.ch.collab.net]On
> Behalf Of kfogel@collab.net
> Sent: Tuesday, October 28, 2003 10:13 PM

> Now, suppose a subrequest reveals that a resource is not authorized --
> what should we do then?

It should be added in the report as 'missing' (or 'unauthorized'),
since it will end up being missing after the full checkout. The reason
for reporting information about the resource at all is simple. If
you have access to the containing directory, you should be able to
list the contents of the directory.

Note that if the resource is a directory, we should not traverse the
directory and omit all contents of the directory in the report.

Also note that having a resource marked 'missing' implicitly
means that the directory needs to be left in the incomplete state.

> We propose, therefore, to add an 'incomplete' boolean flag to
> svn_delta_editor_t->close_directory() and close_edit(), so we can
> express this state.



> Note that even with this, there is still a subtle leak: the client
> doesn't know the names of the prohibited objects, but it still knows
> that at least one prohibited object exists. We say, c'est la vie :-).
> It would be nice to have zero knowledge leak,

See above.


To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Wed Oct 29 08:52:14 2003

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.