[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [Issue 2662] authz with wildcards - About recursive access.

From: Luis Rodrigo Gallardo Cruz <rodrigo_at_nul-unu.com>
Date: 2007-11-15 19:42:43 CET

On Tue, Nov 13, 2007 at 04:55:55PM -0600, Luis Rodrigo Gallardo Cruz wrote:
> http://subversion.tigris.org/servlets/ReadMsg?listName=dev&msgNo=115400
>
> I saw in that thread that there was a question about recursive use. If
> I understood the objection, the problem is how to resolve a pattern
> such as */tags. My answer to that will be to completely punt the
> issue, and only allow absolute paths to have wildcards.

I see I can't really punt this.

How about the following algorithm for determining tree access:

Given _path_:
 1. Determine normal access for _path_.
 
 2. If access allowed, for each rule in the config:

 2.1. Is _path_ a prefix of something that could match rule?
 2.2. Would rule diminish our access?
 2.3. If 2.1 && 2.2, walk the repo and see if there actually *exists*
 a path inside that matches the rule. If access is now completely
 denied, finish. Else, try next rule.

The idea is to avoid the potentialy expensive repo walk in 2.3

As for 2.1, is the following correct?

 Given _glob_, _path_,

 1. return true if glob matches path
 2. return false if glob = '/' or ''
 3. strip last component from glob, goto 1

-- 
Rodrigo Gallardo
GPG-Fingerprint: 7C81 E60C 442E 8FBC D975  2F49 0199 8318 ADC9 BC28

Received on Thu Nov 15 19:43:00 2007

This is an archived mail posted to the Subversion Dev mailing list.