[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: svn commit: r23806 - branches/artem-soc-work/subversion/mod_dav_svn

From: Justin Erenkrantz <justin_at_erenkrantz.com>
Date: 2007-03-14 06:35:14 CET

On 3/13/07, djames@tigris.org <djames@tigris.org> wrote:
> Author: djames
> Date: Tue Mar 13 21:13:30 2007
> New Revision: 23806
> Log:
> Really, actually, merge r23802 and r23803 from trunk to the
> artem-soc-work branch.
> Branch: artem-soc-work
> (I tried to do this in r23805, but botched the copy. Sorry!)

As I mentioned early on when this proposal was first brought up last
year, I think this is the wrong approach. It hardcodes in too much of
the authz process into mod_dav_svn.

The 'right' approach, I believe, is to add a directive to mod_dav_svn
which enables a short-circuit bypass of the authz process. If this
directive is set (SVNAuthorizationShortCircuit or something similar -
this needs a naughty name to be clear that it bypasses all of httpd's
authz checks *except* for mod_authz_svn), then it can punt over to
mod_authz_svn without doing the full sub-req lookup process. This
can be handled by (say) a custom provider that mod_authz_svn registers
and that mod_dav_svn invokes which basically brings us up to a variant
of the req_check_access function already in mod_authz_svn. Doing this
removes the duplication and complication that this patch has and is
much more in line with keeping mod_authz_svn in control of the
authorization process rather than unnecessarily duplicating code.

HTH. -- justin

To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Wed Mar 14 06:35:28 2007

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.