Re: Ways to keep users from checking out too much.

Greg Hudson <ghudson@MIT.EDU> writes:
> On Wed, 2006-02-22 at 12:55 -0800, Garrett Rooney wrote:
> > How would people feel about some mechanism for stopping update reports
> > rooted at particular directories?
>
> I think this is a good idea, as a safety measure. We just need to be
> careful to document that it's purely a safety and not an access control;
> a client could circumvent the mechanism by not using a report.

If our authz system worked in a certain way, this could be done
entirely through authz.

Let ROOT be the root of the directory tree that you don't want
checkouts to be rooted at. If you create an object ROOT/FORBIDDEN,
and tell authz that no one is allowed to read or write FORBIDDEN, then
what happens (today) if you check out ROOT? I believe you still get
ROOT/*, with the exception of FORBIDDEN. However, if the authz system
had a flag you could set to say "Don't allow an operation to happen at
all if any part of it is not permitted", then the ROOT/FORBIDDEN thing
would solve Garrett's problem.

The performance costs might be quite high, I haven't thought that
through enough yet. I just wanted to try re-imagining this problem as
a special case of authz, rather than as something special requiring
new hooks or other new mechanism(s).

-Karl

-- 
www.collab.net  <>  CollabNet  |  Distributed Development On Demand
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org