Re: Ev2 and Authz

Thomas Åkesson wrote:

> C. Michael Pilato wrote:
>> CollabNet's modified ViewVC in its Enterprise Edition product implemented
>> this sort of functionality, and the result was that users could always see
>> the root directory, and any paths inside it necessary to navigate down to a
>> path to which they had explicit read permission.  Very, very handy.
>
> Agree, very handy. We produce a CMS based on Svn and this is exactly what we
> wish for. If a user has the URL to /A/B/C/D, he basically already knows about
> the parents.

Yes, that behaviour sounds sensible to me (just from the peanut gallery), whereas ...

> I have not had time to follow the Inherited Properties thread completely, but
> this is kind of related. One could argue that if a user knows about the URL to
> /A/B/C/D, then what is the harm in letting him read the properties of the parent
> directories? A significant simplification at the cost of not being able to store
> secret stuff in directory properties (file properties would still be safe).

We should be very cautious about proposing an apparently "simple" special case like that.  A file has properties and text content; a directory has properties and children; that's how it is in Subversion.  Saying that a user should be able to read part of a directory (its properties) and not the other part (its children) is breaking that relatively simple abstraction, and breaking abstractions in that way makes complications for all other software layers that try to build on top of the foundation, not to mention for the users' mental models.  At first hearing, it doesn't sound like there could be any major repercussions, but after a while I suspect we might regret it.

- Julian
Received on 2012-04-17 11:47:48 CEST