Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id EFB32200C7D for ; Mon, 1 May 2017 16:20:33 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id EE590160BAE; Mon, 1 May 2017 14:20:33 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id E9C63160BAB for ; Mon, 1 May 2017 16:20:32 +0200 (CEST) Received: (qmail 85181 invoked by uid 500); 1 May 2017 14:20:32 -0000 Mailing-List: contact dev-help@subversion.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Delivered-To: mailing list dev@subversion.apache.org Received: (qmail 85171 invoked by uid 99); 1 May 2017 14:20:31 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 01 May 2017 14:20:31 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id 732181809D6 for ; Mon, 1 May 2017 14:20:31 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 2.379 X-Spam-Level: ** X-Spam-Status: No, score=2.379 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=2, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001] autolearn=disabled Authentication-Results: spamd3-us-west.apache.org (amavisd-new); dkim=pass (1024-bit key) header.d=wandisco.com Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id UcNIW6upCZvL for ; Mon, 1 May 2017 14:20:28 +0000 (UTC) Received: from mail-it0-f46.google.com (mail-it0-f46.google.com [209.85.214.46]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTPS id 5D86C5FDAA for ; Mon, 1 May 2017 14:20:28 +0000 (UTC) Received: by mail-it0-f46.google.com with SMTP id z71so2067722itc.0 for ; Mon, 01 May 2017 07:20:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wandisco.com; s=gapps; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=hZAD9Kug3xSXhL2ByBdidKy0HB3nJk22mKnjICnOsCQ=; b=TC2f1LzZks7XuABBNAn8zMRgbNxOscDyYDoIDrmyvyY5I0txia/6u61i+APyhlf7ZW QxDT8wMh8s0x02fu6/7N4n4ZcU5GI7nEuBoJXxyKnMyFyFZmlbn74Qh2gsw3GdYknC3m NEQXnz0uoG6GvDCZVsC0LqO22HTTRmXAwd9AY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=hZAD9Kug3xSXhL2ByBdidKy0HB3nJk22mKnjICnOsCQ=; b=WgHc5T3Qv4/Sd+veWvIaPgCgPG3BMPs3wt5qeLLfPzs1A1qrKfe672KmmrEw8UWMvA VQurH86BptQf6aG7r/8WnSypZ0449kwGH/+9YKwYxHkqZh2lQt/Djt5ZiY7HFIc4mqJo uZ6TeDkrAQ7r7cXB+bgrc6geNz7QT9XPFTZfiVaSngo0DUCu5AOZWN95ZD4DCmKkhU4V ipJfFzj09FbBrlxyDgKmPADnQo5vVvavz71JG5GbRQXC8G+xCvsMkikTVLACoFH5cmww G5hzjcrcHFuo8NqRCrdHTjsITVu1RR1QqlgQlkStxmYS6AHkgS5jkVle+H0STFHR//1+ EyVg== X-Gm-Message-State: AN3rC/5lFAQcVim0R0KPgQ/LSCCezZRc90mo3HW2eZhjMqKpqyE7FHNP VLJ18SsOKP3VOjptz7MtLskqQCZLIaKM1mHzHWFXnvXMdcboB9MAFDf5c8Or/nMYHeV92o/0nKv r6CvZNT6XwBSbDfYEAgCvcA== X-Received: by 10.36.76.21 with SMTP id a21mr9477927itb.2.1493648427734; Mon, 01 May 2017 07:20:27 -0700 (PDT) MIME-Version: 1.0 References: <20170315095557.GA4388@fujitsu.shahaf.local2> <4d11690a-7429-f707-44f6-d09a65328658@apache.org> <20170418010823.GB6124@fujitsu.shahaf.local2> In-Reply-To: <20170418010823.GB6124@fujitsu.shahaf.local2> From: Doug Robinson Date: Mon, 01 May 2017 14:20:16 +0000 Message-ID: Subject: Re: wildcard authz docs question To: Daniel Shahaf , dev@subversion.apache.org Content-Type: multipart/alternative; boundary=001a1143dc02f488a6054e771f48 archived-at: Mon, 01 May 2017 14:20:34 -0000 --001a1143dc02f488a6054e771f48 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Daniel: On Mon, Apr 17, 2017 at 21:13 Daniel Shahaf wrote: > Stefan Fuhrmann wrote on Mon, Apr 17, 2017 at 22:22:33 +0200: > > On 15.03.2017 10:55, Daniel Shahaf wrote: > > >>From the 1.10 draft release notes: > > > > > >>All wildcards apply to full path segments only, i.e. * never matches > > >>/, except for the case where /**/ matches zero or more path segments. > > >>For example, /*/**/* will match any path which contains at least > > >>2 segments and is equivalent to /**/*/* as well as /*/*/**. > > >Are =C2=AB/*/**/*=C2=BB =C2=AB/**/*/*=C2=BB =C2=AB/*/*/**=C2=BB really= equivalent? I would have > > >expected the first two to match any node except / and /'s immediate > > >children, but I wouldn't expect the third form to match /trunk/iota > > >where iota is a file, since the pattern has a trailing slash after the > > >non-optional second component. > > How do you know that /trunk/iota is a file? > > I was reviewing the API docs as a black box, i.e., from a user > (repository admin) perspective, not from an implementation perspective. > > From that perspective, I would say that having a [/trunk/iota/**] > stanza to apply to a /trunk/iota file violates the principle of least > surprise. From a very critical point of view I agree. However, the point of wildcards is to easily reserve a complete namespace. If we do not apply that stanza apply to the file means requiring 2 stanzas to cover the space entirely. That's both expensive and brittle (2X stanzas and requires remembering to treat them in pairs - both when adding and when removing). And I think the "surprise" will be very short-lived if at all. From a cost/benefit standpoint I think it is extremely positive. Doug > > > The problem is that the authz callback does not provide > > enough context information to make that distinction. > > We might extend the interface in the future - allowing > > to restrict rules to exclusively match files or dirs only. > > Are you referring to svn_repos_authz_check_access()? [which doesn't > have an svn_fs_t handle or the information to open one] > > > But making that backward compatible adds quite a bit > > of complexity that I don't want to pile on there in 1.10. > > I don't understand this sentence at all. Why do we need to be backwards > compatible (this is a new feature), and why is being back compat in > this case necessarily expensive? > > Moreover, implementation considerations aside, there is still the > question of what the documentation should say about this situation. > > Cheers, > > Daniel > --=20 *DOUGLAS B ROBINSON* SENIOR PRODUCT MANAGER T +1 925 396 1125 *E* doug.robinson@wandisco.com --=20 World Leader in Active Data Replication=E2=84=A2 *Find out more wandisco.com * THIS MESSAGE AND ANY ATTACHMENTS ARE CONFIDENTIAL, PROPRIETARY AND MAY BE= =20 PRIVILEGED If this message was misdirected, WANdisco, Inc. and its subsidiaries,=20 ("WANdisco") does not waive any confidentiality or privilege. If you are=20 not the intended recipient, please notify us immediately and destroy the=20 message without disclosing its contents to anyone. Any distribution, use or= =20 copying of this email or the information it contains by other than an=20 intended recipient is unauthorized. The views and opinions expressed in=20 this email message are the author's own and may not reflect the views and= =20 opinions of WANdisco, unless the author is authorized by WANdisco to=20 express such views or opinions on its behalf. All email sent to or from=20 this address is subject to electronic storage and review by WANdisco.=20 Although WANdisco operates anti-virus programs, it does not accept=20 responsibility for any damage whatsoever caused by viruses being passed. --001a1143dc02f488a6054e771f48 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Daniel:

On Mon, Apr 17, = 2017 at 21:13 Daniel Shahaf <d= .s@daniel.shahaf.name> wrote:


> The problem is that the authz callback does not provide
> enough context information to make that distinction.
> We might extend the interface in the future - allowing
> to restrict rules to exclusively match files or dirs only.

Are you referring to svn_repos_authz_check_access()?=C2=A0 [which doesn'= ;t
have an svn_fs_t handle or the information to open one]

> But making that backward compatible adds quite a bit
> of complexity that I don't want to pile on there in 1.10.

I don't understand this sentence at all.=C2=A0 Why do we need to be bac= kwards
compatible (this is a new feature), and why is being back compat in
this case necessarily expensive?

Moreover, implementation considerations aside, there is still the
question of what the documentation should say about this situation.

Cheers,

Daniel
--
DOUGLAS B ROBINSON=C2=A0SENIOR PRODUCT MANAGER

World Leader in=C2=A0Active Data Replication=E2=84=A2
Find ou= t more=C2=A0wandisco.com

THIS MESSAG= E AND ANY ATTACHMENTS ARE CONFIDENTIAL, PROPRIETARY AND MAY BE PRIVILEGED

If this message was misdirected, WANdisco, Inc. and its subsidiaries, (&qu= ot;WANdisco") does not waive any confidentiality or privilege. If you = are not the intended recipient, please notify us immediately and destroy th= e message without disclosing its contents to anyone. Any distribution, use = or copying of this email or the information it contains by other than an in= tended recipient is unauthorized. The views and opinions expressed in this = email message are the author's own and may not reflect the views and op= inions of WANdisco, unless the author is authorized by WANdisco to express = such views or opinions on its behalf. All email sent to or from this addres= s is subject to electronic storage and review by WANdisco. Although WANdisc= o operates anti-virus programs, it does not accept responsibility for any d= amage whatsoever caused by viruses being passed.

--001a1143dc02f488a6054e771f48--