Garrett Rooney wrote:
> To get this kind of behavior we either need to have nonrecursive authz
> permissions, which means each and every path that you want to block
> checkout of needs to be tagged in the authz conf file, which would
> really suck, or we need wildcards of some sort. Adding wildcard
> support without having it devolve into "ok, now we enumerate all
> sections in the file and see if any of them match" seems like it will
> require some thought...
>
> So before I dive into the whole "how should wildcards work" mess any
> further than I already have, has anyone thought about that sort of
> thing yet? Anyone got a design proposal sitting around that they
> haven't sent out yet?
>
> -garrett
Couldn't we just work with an attribute that indicates that the current
setting is nonrecursive. For example use the - to indicate a
non-recursive attribute.
BTW i noticed the use of the 'x' for checkout rights (is this correct?)
but this is a slightly different meaning than the x in a unix/linux
environment indicating whether or not it's allowed to be accessed. And
because in the svnserve-authz code there was a hint about implementing
an 'x' "under water" it might be a better idea to use an 'o' for
check-Out or some other character.
Example where I will indicate that a certain directory is read-only,
because you don't want to disturb this directory structure:
dir-structure:
/
/project/
/project/trunk/
/project/branches/
/project/tags/
authz-file:
('-' means that this attribute is non-recursive and is part of both r and x)
--start--
[/]
* = rwx
[/project]
* = rx-
--end--
First part:
everyone gets read+write access to the repository.
Second part:
indicates that in the project-directory (and only this directory)
everyone gets read-only access.
When someone wants to write to '/project/trunk' the non-recursive will
just be ignored when it's on a parent folder, so:
[/]
* = rwx
will indicate that the user has write-access on the folder.
This could work well together with Garrett's proposition for wildcards
so a user can choose the most efficient method for indicating special
access situations.
Danny
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Sun Apr 30 01:05:23 2006