[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [PATCH/RFC] Add separate error code for RA Forbidden

From: Jelmer Vernooij <jelmer_at_samba.org>
Date: Thu, 12 Mar 2009 20:18:21 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Daniel Rall wrote:
> On Thu, Mar 12, 2009 at 10:39 AM, Jelmer Vernooij <jelmer_at_samba.org> wrote:
>> Thanks for reviewing.
>>
>> Daniel Rall wrote:
>>> On Wed, Mar 4, 2009 at 7:41 PM, Jelmer Vernooij <jelmer_at_samba.org> wrote:
>>>> At the moment a generic error (175002, SVN_ERR_RA_DAV_REQUEST_FAILED) is
>>>> returned when ra_neon hits a 403 error, and this makes it hard to
>>>> distinguish it from other RA errors that also return 175002.
>>>>
>>>> [[[
>>>>
>>>> * subversion/include/svn_error_codes.h: Add error code
>>>> SVN_ERR_RA_FORBIDDEN.
>>>> * subversion/libsvn_ra_neon/util.c(generate_error): Return
>>>> SVN_ERR_RA_FORBIDDEN for 403 HTTP codes.
>>>>
>>>> ]]]
>>>>
>>>> Is SVN_ERR_RA_FORBIDDEN the right name here and RA the right category,
>>>> or does it belong in the DAV specific error category?
>>> Jelmer, I too favor a more specific error here (and think that the
>>> top-level RA_ namespace is appropriate). However, how would this new
>>> error code be differentiated from:
>>>
>>> SVN_ERRDEF(SVN_ERR_RA_NOT_AUTHORIZED,
>>> SVN_ERR_RA_CATEGORY_START + 1,
>>> "Authorization failed")
>>>
>>> Is this specific to a case where you've already authenticated, and
>>> your current ACL isn't sufficient to access a resource? Don't we just
>>> prompt for re-authentication in this case?
>> We already map 401's to SVN_ERR_RA_NOT_AUTHORIZED, as 401 specifically
>> means "Not authorized". 403, according to the http spec, is a blanket
>> "forbidden" error and should not be used when authorization will not help.
>
> So the question becomes, do we want to leak this distinction from RFC
> 2616 into SVN_ERR_RA's or SVN_ERR_RA_DAV's error codes? The latter
> seems reasonable, but if we're going to put it there, perhaps it
> should be in the top-level.
What do you mean by top-level here exactly?

Putting it in SVN_ERR_RA or SVN_ERR_RA_DAV both seems reasonable to me.
I would think it's not very likely that svn_ra_file or svn_ra_svn would
return this error, so perhaps that is a good reason to put it in
SVN_ERR_RA_DAV.

Cheers,

Jelmer
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iJwEAQECAAYFAkm5X/sACgkQDLQl4QYPZuVyBAP+NLApZN07X7Av8c+eOwXMtN/O
v8sX8lKeKjZWSqhQ5zom0LhaKm9qxYzj65f/ILUh56o/Kh+2xiUUyPtMs0VdABos
ciFUAC3NJwwFH0IswTzI6NObQ68JziCTstjx9s80okIf5++JIIJeuP/xbpKiQxAv
nRpH66BrAxTbl2pRZLk=
=1ur2
-----END PGP SIGNATURE-----

------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=462&dsMessageId=1314091
Received on 2009-03-12 20:19:00 CET

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.