On 11/01/2010 09:24 AM, Nick Piper wrote:
> [[[
> Implement AuthzSVNRepoRelativeAccessFile to allow SVNParentPath to use
> a different authz configuration file for each repository.
>
> * subversion/mod_authz_svn/mod_authz_svn.c
> (get_access_conf) Check if AuthzSVNRepoRelativeAccessFile is on, and
> if so, load the conf/authz file from inside the repository being
> accessed rather than one which is statically configured in the
> Apache configuration.
> (subreq_bypass, access_checker, check_user_id, auth_checker)
> Recognise that it's valid not to have a AuthzSVNAccessFile if
> AuthzSVNRepoRelativeAccessFile is used.
> ]]]
What is the current behavior of a configuration file specified as relative
path? I don't see any notations in the code or docs which indicate how
mod_authz_svn will interpret a relative pathspec. If there's no clear
meaning today, perhaps we should consider defining that behavior as "find
the named access file relative to the repository's conf/ subdirectory".
This allows us to avoid adding another configuration option.
In other words, if today "AuthzSVNAccessFile FOO", where FOO is a relative
path, has a not-well-defined meaning, then let's change it to mean "Read
from ${REPO}/conf/FOO".
SVNPath-using <Location>'s could use "AuthzSVNAccessFile authz" to get the
behavior you want.
SVNParentPath-using <Location>'s could use "AuthzSVNAccessFile authz" to do
the same. Or, they could use "AuthzSVNAccessFile ../../authz" to read the
rules from a single file in the parent-path directory shared across the
repositories in that parent-path. (That have that ability today when using
an absolute path, but this would allow for a more template-izable
SVNParentPath block.)
Thoughts?
--
C. Michael Pilato <cmpilato_at_collab.net>
CollabNet <> www.collab.net <> Distributed Development On Demand
Received on 2010-11-01 16:50:11 CET