You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@subversion.apache.org by Ben Collins-Sussman <su...@collab.net> on 2004/07/15 21:46:22 UTC

mod_authz_svn questions

Sander, I've got some questions about this part of mod_authz_svn.  I'm
not sure I agree with the way you've mapped HTTP methods to permissions.

Here's the relevant code block, comments below:


    switch (r->method_number) {
    /* All methods requiring read access to all subtrees of r->uri */
    case M_COPY:
        authz_svn_type |= AUTHZ_SVN_RECURSIVE;

    /* All methods requiring read access to r->uri */
    case M_OPTIONS:
    case M_GET:
    case M_PROPFIND:
    case M_REPORT:
        authz_svn_type |= AUTHZ_SVN_READ;
        break;

    /* All methods requiring write access to all subtrees of r->uri */
    case M_MOVE:
    case M_DELETE:
        authz_svn_type |= AUTHZ_SVN_RECURSIVE;

    /* All methods requiring write access to r->uri */
    case M_MKCOL:
    case M_PUT:
    case M_PROPPATCH:
    case M_CHECKOUT:
    case M_MERGE:
    case M_MKACTIVITY:
        authz_svn_type |= AUTHZ_SVN_WRITE;
        break;

    default:
        /* Require most strict access for unknown methods */
        authz_svn_type |= AUTHZ_SVN_WRITE|AUTHZ_SVN_RECURSIVE;
        break;
    }


1. the COPY request seems to have RECURSIVE set, but not READ?  I don't
understand that.

2. the MOVE and DELETE requests have RECURSIVE set, but not WRITE?

Am I missing something?



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

RE: mod_authz_svn questions

Posted by Sander Striker <st...@apache.org>.

> From: cmpilato@localhost.localdomain 
> [mailto:cmpilato@localhost.localdomain] On Behalf Of C. Michael Pilato
> Sent: Friday, July 16, 2004 2:33 AM
> To: Sander Striker
> Cc: 'Ben Collins-Sussman'; 'svn-dev-list'
> Subject: Re: mod_authz_svn questions
> 
> "Sander Striker" <st...@apache.org> writes:
> 
> > Yes.  Notice the missing break's on those case blocks.  The 
> code falls 
> > through to the next case and ors the READ/WRITE bit in as well.
> 
> I do notice the missing comments that would read something 
> like "/* fall thru */", yes.  :-)

heh heh, point taken.  Will fix.

Sander

Re: mod_authz_svn questions

Posted by "C. Michael Pilato" <cm...@collab.net>.

"Sander Striker" <st...@apache.org> writes:

> Yes.  Notice the missing break's on those case blocks.  The code
> falls through to the next case and ors the READ/WRITE bit in
> as well.

I do notice the missing comments that would read something like "/*
fall thru */", yes.  :-)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

RE: mod_authz_svn questions

Posted by Sander Striker <st...@apache.org>.

> From: Ben Collins-Sussman [mailto:sussman@collab.net] 
> Sent: Thursday, July 15, 2004 11:46 PM

> Sander, I've got some questions about this part of 
> mod_authz_svn.  I'm not sure I agree with the way you've 
> mapped HTTP methods to permissions.
> 
> Here's the relevant code block, comments below:
> 
> 
>     switch (r->method_number) {
>     /* All methods requiring read access to all subtrees of r->uri */
>     case M_COPY:
>         authz_svn_type |= AUTHZ_SVN_RECURSIVE;
> 
>     /* All methods requiring read access to r->uri */
>     case M_OPTIONS:
>     case M_GET:
>     case M_PROPFIND:
>     case M_REPORT:
>         authz_svn_type |= AUTHZ_SVN_READ;
>         break;
> 
>     /* All methods requiring write access to all subtrees of r->uri */
>     case M_MOVE:
>     case M_DELETE:
>         authz_svn_type |= AUTHZ_SVN_RECURSIVE;
> 
>     /* All methods requiring write access to r->uri */
>     case M_MKCOL:
>     case M_PUT:
>     case M_PROPPATCH:
>     case M_CHECKOUT:
>     case M_MERGE:
>     case M_MKACTIVITY:
>         authz_svn_type |= AUTHZ_SVN_WRITE;
>         break;
> 
>     default:
>         /* Require most strict access for unknown methods */
>         authz_svn_type |= AUTHZ_SVN_WRITE|AUTHZ_SVN_RECURSIVE;
>         break;
>     }
> 
> 
> 1. the COPY request seems to have RECURSIVE set, but not 
> READ?  I don't understand that.
> 
> 2. the MOVE and DELETE requests have RECURSIVE set, but not WRITE?
> 
> Am I missing something?

Yes.  Notice the missing break's on those case blocks.  The code
falls through to the next case and ors the READ/WRITE bit in
as well.

Sander


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org