> From: Ben Collins-Sussman [mailto:sussman@collab.net]
> Sent: Thursday, July 15, 2004 11:46 PM
> Sander, I've got some questions about this part of
> mod_authz_svn. I'm not sure I agree with the way you've
> mapped HTTP methods to permissions.
>
> Here's the relevant code block, comments below:
>
>
> switch (r->method_number) {
> /* All methods requiring read access to all subtrees of r->uri */
> case M_COPY:
> authz_svn_type |= AUTHZ_SVN_RECURSIVE;
>
> /* All methods requiring read access to r->uri */
> case M_OPTIONS:
> case M_GET:
> case M_PROPFIND:
> case M_REPORT:
> authz_svn_type |= AUTHZ_SVN_READ;
> break;
>
> /* All methods requiring write access to all subtrees of r->uri */
> case M_MOVE:
> case M_DELETE:
> authz_svn_type |= AUTHZ_SVN_RECURSIVE;
>
> /* All methods requiring write access to r->uri */
> case M_MKCOL:
> case M_PUT:
> case M_PROPPATCH:
> case M_CHECKOUT:
> case M_MERGE:
> case M_MKACTIVITY:
> authz_svn_type |= AUTHZ_SVN_WRITE;
> break;
>
> default:
> /* Require most strict access for unknown methods */
> authz_svn_type |= AUTHZ_SVN_WRITE|AUTHZ_SVN_RECURSIVE;
> break;
> }
>
>
> 1. the COPY request seems to have RECURSIVE set, but not
> READ? I don't understand that.
>
> 2. the MOVE and DELETE requests have RECURSIVE set, but not WRITE?
>
> Am I missing something?
Yes. Notice the missing break's on those case blocks. The code
falls through to the next case and ors the READ/WRITE bit in
as well.
Sander
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Thu Jul 15 23:57:58 2004