On 07.08.2014 10:30, Ivan Zhakov wrote:
> On 2 August 2014 18:45, Branko Čibej <brane_at_wandisco.com> wrote:
>> On 02.08.2014 15:20, Alan Barrett wrote:
>>
>> On Tue, 29 Jul 2014, C. Michael Pilato wrote:
>>
>> This leaves open the possibility of a future additional match mode for
>> regular expressions (using the '^:' magic prefix) should we seek to "go
>> there".
>>
>> # Match the trunk and branches subdirs and their children.
>> [repos:^:^/(trunk|branches)(/.*|$)$]
>>
>>
>> As a user, I'd prefer to see keywords rather than unusual characters to
>> designate special syntax. For example, I would prefer
>> [glob:/tags/*/private] and [regex:/tags/.*/private] to [*:/tags/*/private]
>> and [^:/tags/.*/private].
>>
>>
>> Quite understood. Unfortunately, the syntax you propose above cannot work;
>> [thing:/path] is already a valid syntax, and if we did what you propose,
>> we'd no longer be able to create rules for repositories named "glob" and
>> "regex". Worse, this could change the meaning of existing authz files.
>>
>> We could do something like this, though:
>>
>> [:glob:/path]
>> [:glob:repos:/path]
>>
>> In the old authz files, these rules would be invalid, because the repository
>> name part (the substring up to the first colon) cannot be empty.
>>
>> Thoughts?
>>
> I don't like the proposed syntax, but I don't why. Probably because
> many ':' is very confusing.
I agree, but I have trouble finding another syntax that is guaranteed to
not collide with any existing valid rules. I can't think of another
character other than ":" after the opening "[" that's guaranteed to make
the rule invalid by current syntax.
We could use
[:{tag1, tag2}repos:/path]
but I think that's even worse ...
> My thoughts on this topic:
> 1. Do we really need 'regex' pattern matching? Would not be this
> overkill and performance killer?
Using "regex" instead of "glob" is not the only potential use of the
rule tag. One that we've discussed on list, for example, is rules that
must match the whole path, not just a path prefix.
> 2. Could be we make regex/glob/simple pattern matching per-file option?
That would not be a very good idea. It would require authz admins to
either not use patterns, or sacrifice the performance of///all/ lookups
by treating them as patterns, even when they're not.
And of course, it would remove the option of per-rule properties, such
as the whole-path match mentioned above.
> I'd like to avoid complexities in authz files if possible.
I think it's 10 years too late for that. :)
-- Brane
--
Branko Čibej | Director of Subversion
WANdisco | Realising the impossibilities of Big Data
e. brane_at_wandisco.com
Received on 2014-08-07 14:41:16 CEST