[prev in list] [next in list] [prev in thread] [next in thread]
List: subversion-commits
Subject: =?utf-8?q?=5BSubversion_Wiki=5D_Update_of_=22AuthzImprovements=22_by_bran?= =?utf-8?q?e?=
From: Apache subversion Wiki <commits () subversion ! apache ! org>
Date: 2014-07-31 2:59:50
Message-ID: 20140731025950.94780.1138 () eos ! apache ! org
[Download RAW message or body]
Dear Wiki user,
You have subscribed to a wiki page or wiki category on "Subversion Wiki" for change \
notification.
The "AuthzImprovements" page has been changed by brane:
https://wiki.apache.org/subversion/AuthzImprovements?action=diff&rev1=2&rev2=3
never matches a '/' except for the case of "/**/" where it matches
one to many full segments.
+ {{{#!wiki caution
+ '''Missing definitions:'''
+
+ This doc does not provide an unambiguous definition of the pattern syntax.
+ * Does `foo*` match "foo"? If it does, does a single `*` match 0-or-1 segment, or \
is it an exception? + * Is `/**/foo` hungry (i.e., does it match the longest subpath \
that ends in "foo", or the first path segment that starts with "foo")? + * Does `**` \
match 0-or-more or 1-or-more segments? + * What about wildcard escaping in patterns? \
Our current authz rules allow matching literal "*". +
+ — Brane}}}
+
== Terminology ==
@@ -77, +88 @@
* Parsing an authz file (from file system or repository)
yields a consolidated hash (additive sections being combined
automatically) of it contents in svn_config_t.
+
+ {{{#!wiki caution
+ This is the current behaviour of the authz files, but only because we happen to use \
an `svn_config_t` to represent a parsed authz files. I suggest we should constrain \
the semantics for authz rules: + * No rule may appear more than once in the authz \
file. + * Value placeholders (`%(name)s`) are not expanded.
+
+ This implies writing a different constructor for the in-memory authz structure, but \
is consistent with the intent, if not the current semantics, of the authz files. +
+ — Brane}}}
* Filtered path rule tree
* prefix tree with one node per segment
@@ -136, +156 @@
rights : none | r | w | rw
}}}
+ {{{#!wiki caution
+ '''Correction:'''
+
+ There is no such thing as write-only access in our authz model. Access rights can \
be only `none`, `r` or `rw`. This needs to be fixed throughout this doc. +
+ — Brane}}}
+
==== Lookup state ====
{{{
lookup-state :=
@@ -150, +177 @@
== Algorithms ==
=== Normalization ===
+
+ {{{#!wiki caution
+ '''Wildcard semantics?'''
+
+ These normalisations are only valid if one assumes a certain set of semantics for \
wildcards, but we do not define these semantics anywhere; see initial comment in this \
doc. +
+ — Brane}}}
Wildcard sequences in paths in rule sets shall be normalized.
This is merely done to reduce matching costs later on.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic