On Mon, Aug 11, 2014 at 8:02 PM, Branko Čibej <brane_at_wandisco.com> wrote:
> On 11.08.2014 18:37, Stefan Fuhrmann wrote:
>
> On Sun, Aug 10, 2014 at 7:05 PM, Branko Čibej <brane_at_wandisco.com> wrote:
>
>> On 10.08.2014 18:57, Branko Čibej wrote:
>>
>>
>>> FWIW, you should even have the get_memberships function any more.
>>>
>>>
>>> To clarify: I plan to get rid of svn_authz_tng_t::groups at some point.
>>> That hash is completely redundant.
>>>
>>
>> Careful! This might get us into scalability troubles. But I reserve
>> judgement until you actually came forth with an implementation.
>>
>>
>> The authz_ace_t::members contains exactly the same info, except that you
> don't have to look up the group name in svn_authz_tng_t::groups. Since it
> both your and my way require one hash lookup to determine if a (group) ACE
> pertains to a user, reversing the current groups hash to get memberships is
> just a waste of cycles. The groups hash in the authz structure actually
> only costs a bit of memory for the hash structure in the result pool, but
> otherwise it doesn't give any benefit and I don't believe there's any use
> for it. Note that I'm of course not copying hashes around; the group
> hashes, user and group names are all singletons.
>
So, basically, you intend to change the ACE struct from
"(user name)->rights" to "(hash of user names)->rights"
with the hash actually being either the current per-group
instance or an equally singleton per-user instance.
That makes perfect sense. I had gotten the impression
that you would expand each group right into multiple ACEs,
one per user or so.
-- Stefan^2.
Received on 2014-08-13 10:52:31 CEST