[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [PATCH] introduce AuthzSVNRepoRelativeAccessFile configuration item for mod_authz_svn

From: C. Michael Pilato <cmpilato_at_collab.net>
Date: Mon, 01 Nov 2010 11:49:24 -0400

On 11/01/2010 09:24 AM, Nick Piper wrote:
> [[[
> Implement AuthzSVNRepoRelativeAccessFile to allow SVNParentPath to use
> a different authz configuration file for each repository.
>
> * subversion/mod_authz_svn/mod_authz_svn.c
> (get_access_conf) Check if AuthzSVNRepoRelativeAccessFile is on, and
> if so, load the conf/authz file from inside the repository being
> accessed rather than one which is statically configured in the
> Apache configuration.
> (subreq_bypass, access_checker, check_user_id, auth_checker)
> Recognise that it's valid not to have a AuthzSVNAccessFile if
> AuthzSVNRepoRelativeAccessFile is used.
> ]]]

What is the current behavior of a configuration file specified as relative
path? I don't see any notations in the code or docs which indicate how
mod_authz_svn will interpret a relative pathspec. If there's no clear
meaning today, perhaps we should consider defining that behavior as "find
the named access file relative to the repository's conf/ subdirectory".
This allows us to avoid adding another configuration option.

In other words, if today "AuthzSVNAccessFile FOO", where FOO is a relative
path, has a not-well-defined meaning, then let's change it to mean "Read
from ${REPO}/conf/FOO".

SVNPath-using <Location>'s could use "AuthzSVNAccessFile authz" to get the
behavior you want.

SVNParentPath-using <Location>'s could use "AuthzSVNAccessFile authz" to do
the same. Or, they could use "AuthzSVNAccessFile ../../authz" to read the
rules from a single file in the parent-path directory shared across the
repositories in that parent-path. (That have that ability today when using
an absolute path, but this would allow for a more template-izable
SVNParentPath block.)

Thoughts?

-- 
C. Michael Pilato <cmpilato_at_collab.net>
CollabNet   <>   www.collab.net   <>   Distributed Development On Demand

Received on 2010-11-01 16:50:11 CET

This is an archived mail posted to the Subversion Dev mailing list.