You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@subversion.apache.org by Ben Collins-Sussman <su...@collab.net> on 2004/07/15 21:46:22 UTC
mod_authz_svn questions
Sander, I've got some questions about this part of mod_authz_svn. I'm
not sure I agree with the way you've mapped HTTP methods to permissions.
Here's the relevant code block, comments below:
switch (r->method_number) {
/* All methods requiring read access to all subtrees of r->uri */
case M_COPY:
authz_svn_type |= AUTHZ_SVN_RECURSIVE;
/* All methods requiring read access to r->uri */
case M_OPTIONS:
case M_GET:
case M_PROPFIND:
case M_REPORT:
authz_svn_type |= AUTHZ_SVN_READ;
break;
/* All methods requiring write access to all subtrees of r->uri */
case M_MOVE:
case M_DELETE:
authz_svn_type |= AUTHZ_SVN_RECURSIVE;
/* All methods requiring write access to r->uri */
case M_MKCOL:
case M_PUT:
case M_PROPPATCH:
case M_CHECKOUT:
case M_MERGE:
case M_MKACTIVITY:
authz_svn_type |= AUTHZ_SVN_WRITE;
break;
default:
/* Require most strict access for unknown methods */
authz_svn_type |= AUTHZ_SVN_WRITE|AUTHZ_SVN_RECURSIVE;
break;
}
1. the COPY request seems to have RECURSIVE set, but not READ? I don't
understand that.
2. the MOVE and DELETE requests have RECURSIVE set, but not WRITE?
Am I missing something?
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
RE: mod_authz_svn questions
Posted by Sander Striker <st...@apache.org>.
> From: cmpilato@localhost.localdomain
> [mailto:cmpilato@localhost.localdomain] On Behalf Of C. Michael Pilato
> Sent: Friday, July 16, 2004 2:33 AM
> To: Sander Striker
> Cc: 'Ben Collins-Sussman'; 'svn-dev-list'
> Subject: Re: mod_authz_svn questions
>
> "Sander Striker" <st...@apache.org> writes:
>
> > Yes. Notice the missing break's on those case blocks. The
> code falls
> > through to the next case and ors the READ/WRITE bit in as well.
>
> I do notice the missing comments that would read something
> like "/* fall thru */", yes. :-)
heh heh, point taken. Will fix.
Sander
Re: mod_authz_svn questions
Posted by "C. Michael Pilato" <cm...@collab.net>.
"Sander Striker" <st...@apache.org> writes:
> Yes. Notice the missing break's on those case blocks. The code
> falls through to the next case and ors the READ/WRITE bit in
> as well.
I do notice the missing comments that would read something like "/*
fall thru */", yes. :-)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
RE: mod_authz_svn questions
Posted by Sander Striker <st...@apache.org>.
> From: Ben Collins-Sussman [mailto:sussman@collab.net]
> Sent: Thursday, July 15, 2004 11:46 PM
> Sander, I've got some questions about this part of
> mod_authz_svn. I'm not sure I agree with the way you've
> mapped HTTP methods to permissions.
>
> Here's the relevant code block, comments below:
>
>
> switch (r->method_number) {
> /* All methods requiring read access to all subtrees of r->uri */
> case M_COPY:
> authz_svn_type |= AUTHZ_SVN_RECURSIVE;
>
> /* All methods requiring read access to r->uri */
> case M_OPTIONS:
> case M_GET:
> case M_PROPFIND:
> case M_REPORT:
> authz_svn_type |= AUTHZ_SVN_READ;
> break;
>
> /* All methods requiring write access to all subtrees of r->uri */
> case M_MOVE:
> case M_DELETE:
> authz_svn_type |= AUTHZ_SVN_RECURSIVE;
>
> /* All methods requiring write access to r->uri */
> case M_MKCOL:
> case M_PUT:
> case M_PROPPATCH:
> case M_CHECKOUT:
> case M_MERGE:
> case M_MKACTIVITY:
> authz_svn_type |= AUTHZ_SVN_WRITE;
> break;
>
> default:
> /* Require most strict access for unknown methods */
> authz_svn_type |= AUTHZ_SVN_WRITE|AUTHZ_SVN_RECURSIVE;
> break;
> }
>
>
> 1. the COPY request seems to have RECURSIVE set, but not
> READ? I don't understand that.
>
> 2. the MOVE and DELETE requests have RECURSIVE set, but not WRITE?
>
> Am I missing something?
Yes. Notice the missing break's on those case blocks. The code
falls through to the next case and ors the READ/WRITE bit in
as well.
Sander
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org