On 3/13/07, djames@tigris.org <djames@tigris.org> wrote:
> Author: djames
> Date: Tue Mar 13 21:13:30 2007
> New Revision: 23806
>
> Log:
> Really, actually, merge r23802 and r23803 from trunk to the
> artem-soc-work branch.
>
> Branch: artem-soc-work
> (I tried to do this in r23805, but botched the copy. Sorry!)
As I mentioned early on when this proposal was first brought up last
year, I think this is the wrong approach. It hardcodes in too much of
the authz process into mod_dav_svn.
The 'right' approach, I believe, is to add a directive to mod_dav_svn
which enables a short-circuit bypass of the authz process. If this
directive is set (SVNAuthorizationShortCircuit or something similar -
this needs a naughty name to be clear that it bypasses all of httpd's
authz checks *except* for mod_authz_svn), then it can punt over to
mod_authz_svn without doing the full sub-req lookup process. This
can be handled by (say) a custom provider that mod_authz_svn registers
and that mod_dav_svn invokes which basically brings us up to a variant
of the req_check_access function already in mod_authz_svn. Doing this
removes the duplication and complication that this patch has and is
much more in line with keeping mod_authz_svn in control of the
authorization process rather than unnecessarily duplicating code.
HTH. -- justin
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Wed Mar 14 06:35:28 2007