You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@subversion.apache.org by Paul Hammant <pa...@hammant.org> on 2017/12/10 09:28:15 UTC

Authz suggestion

Consider:

[/]
harry=rw

[dataset:/A]
sally=rw

[dataset:/Z]
sally=rw


If I had directories B through Y, I am pretty sure Sally cannot see them
let along change anything in them. Cool that's what I want.

What I don't have though is the ability for Sally to checkout from root and
recieve A/* and B/* in one operation.  I could grant 'r' for the root for
sally, but I'd have to do this for all of B through Y which would be overly
verbose:

[dataset:/B]
sally=


So I think I'm asking for a feature, but I'm not sure what would be best
for it.

Choice 1:

[/]
harry=rw
sally=dironly


Choice 2:

<Location /svn>
    DAV svn
    AuthzSVNParentDirsIfChildrenPermitted
</Location>

Thoughts?


- Paul

Re: Authz suggestion

Posted by Paul Hammant <pa...@hammant.org>.

Filed - https://issues.apache.org/jira/browse/SVN-4710

Re: Authz suggestion

Posted by Johan Corveleyn <jc...@gmail.com>.

On Mon, Dec 11, 2017 at 10:21 AM, Paul Hammant <pa...@hammant.org> wrote:
> Jira feature request needed to capture anything from this thread?  Maybe
> not, if plans were already in action anyway...

I'd say yes, please put something in JIRA, because (it seems to me)
those plans are quite "soft" at the moment. It might be good to
explicitify them a bit more :-). Though Branko might have a different
opinion ...

-- 
Johan

Re: Authz suggestion

Posted by Paul Hammant <pa...@hammant.org>.

Jira feature request needed to capture anything from this thread?  Maybe
not, if plans were already in action anyway...

Re: Authz suggestion

Posted by Paul Hammant <pa...@hammant.org>.

>
>
> Specifically, by "currently" I mean that this is the state on trunk. :)
> I don't believe anyone is working on adding explicit traversal
> permission on trunk in time for 1.10. It would require some rework of
> the way the authz info is used within the core libraries, it's not just
> a question of teaching the authz parser a new trick.
>

I myself am never for holding up releases in order to add an extra feature,
if everything else about the work to date says 'release it' :)

This stuff is a corner case for me, and only topical as I've a very naive
parser for Authz files in Java. Test driven of course.

- Paul

Re: Authz suggestion

Posted by Branko Čibej <br...@apache.org>.

On 10.12.2017 14:46, Paul Hammant wrote:
> > Currently it's implied in 'r' and 'rw' modes. 
>
> Great news. Specifically by currently you mean in 1.9.7 right?  And
> that further enhancements are Coming in 1.10.
>
> You also said you’ve a plan for further enhancements :)

Specifically, by "currently" I mean that this is the state on trunk. :)
I don't believe anyone is working on adding explicit traversal
permission on trunk in time for 1.10. It would require some rework of
the way the authz info is used within the core libraries, it's not just
a question of teaching the authz parser a new trick.

-- Brane

Re: Authz suggestion

Posted by Paul Hammant <pa...@hammant.org>.

> Currently it's implied in 'r' and 'rw' modes.

Great news. Specifically by currently you mean in 1.9.7 right?  And that further enhancements are Coming in 1.10.

You also said you’ve a plan for further enhancements :)

Re: Authz suggestion

Posted by Branko Čibej <br...@apache.org>.

On 10.12.2017 10:28, Paul Hammant wrote:
> Consider:
>
>     [/]
>     harry=rw
>
>     [dataset:/A]
>     sally=rw
>
>     [dataset:/Z]
>     sally=rw
>
>
> If I had directories B through Y, I am pretty sure Sally cannot see
> them let along change anything in them. Cool that's what I want.
>
> What I don't have though is the ability for Sally to checkout from
> root and recieve A/* and B/* in one operation.  I could grant 'r' for
> the root for sally, but I'd have to do this for all of B through Y
> which would be overly verbose:
>
>     [dataset:/B]
>     sally=
>
>
> So I think I'm asking for a feature, but I'm not sure what would be
> best for it.
>
> Choice 1:  
>
>     [/]
>     harry=rw
>     sally=dironly
>

This is called "directory traversal permission" and it means that the
user can use the directory for path lookup but isn't allowed to see its
contents. Currently it's implied in 'r' and 'rw' modes. I have a rather
long-standing todo wish to add this as an explicit flag.

The authz parser and storage model rework that's landing in 1.10 (see:
http://subversion.apache.org/docs/release-notes/1.10.html#authzperf) was
a prerequisite to being able to implement additions such as the one you
propose.

-- Brane