[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: blame -g and authz

From: Hyrum K. Wright <hyrum_wright_at_mail.utexas.edu>
Date: Thu, 24 Jan 2008 15:41:50 -0600

David Glasser wrote:
> On Jan 24, 2008 10:58 AM, David Glasser <glasser_at_davidglasser.net> wrote:
>> libsvn_repos/rev_hunt.c(get_path_mergeinfo) calls svn_fs_get_mergeinfo
>> directly without using the authz wrapper svn_repos_fs_get_mergeinfo.
>> It is the only place in the code that does. Perhaps in the larger
>> context of the file this is appropriate, because authz has already
>> been checked; perhaps it isn't. Hyrum, can you check to make sure
>> this is valid (I don't understand this code well enough) and if so add
>> a comment saying "we don't need to do an authz check here because we
>> already did in function foo"?

'blame' applies authz as it goes back through revision history. At each
path-rev, it checks to see if it is readable. This happens independent
of svn_fs_get_mergeinfo(), which only supplies revisions to go back
through. I think we're safe on this one.

> The same goes for libsvn_repos/log.c(get_combined_mergeinfo).

'log' features a similar design. svn_fs_get_mergeinfo() gives the
revisions to back through, but fill_log_entry() runs authz on the merged
path-revs and filters them as needed.

In both of these cases, using svn_repos_fs_get_mergeinfo() may prune the
revision tree quicker, but I don't know if the performance gains are
offset by any overhead associated with svn_repos_fs_get_mergeinfo() (vs.


Received on 2008-01-24 22:42:03 CET

This is an archived mail posted to the Subversion Dev mailing list.