David Glasser wrote:
> On Jan 24, 2008 10:58 AM, David Glasser <glasser_at_davidglasser.net> wrote:
>> libsvn_repos/rev_hunt.c(get_path_mergeinfo) calls svn_fs_get_mergeinfo
>> directly without using the authz wrapper svn_repos_fs_get_mergeinfo.
>> It is the only place in the code that does. Perhaps in the larger
>> context of the file this is appropriate, because authz has already
>> been checked; perhaps it isn't. Hyrum, can you check to make sure
>> this is valid (I don't understand this code well enough) and if so add
>> a comment saying "we don't need to do an authz check here because we
>> already did in function foo"?
'blame' applies authz as it goes back through revision history. At each
path-rev, it checks to see if it is readable. This happens independent
of svn_fs_get_mergeinfo(), which only supplies revisions to go back
through. I think we're safe on this one.
> The same goes for libsvn_repos/log.c(get_combined_mergeinfo).
'log' features a similar design. svn_fs_get_mergeinfo() gives the
revisions to back through, but fill_log_entry() runs authz on the merged
path-revs and filters them as needed.
In both of these cases, using svn_repos_fs_get_mergeinfo() may prune the
revision tree quicker, but I don't know if the performance gains are
offset by any overhead associated with svn_repos_fs_get_mergeinfo() (vs.
Received on 2008-01-24 22:42:03 CET