subversion-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Osipov, Michael" <michael.osi...@siemens.com>
Subject RE: Mimicking mvn_authz_svn with svnauthz(1)
Date Tue, 05 Apr 2016 08:28:35 GMT
> Osipov, Michael wrote on Fri, Apr 01, 2016 at 08:00:56 +0000:
> > Hi folks,
> >
> > I am trying to figure out how I can effectively mimic the behavior of
> > mod_authz_svn with svnauth(1). I do have a small, read-only PHP
> > application which shall browse a  repo just like mod_dav_svn does with
> > the same authz.  While calling svnauthz(1) works well, I am not
> > certain when I should use '--recursive' or not. Looking at
> > mod_authz_svn.c for the switch case with r->method_number, I do see
> > that it is only necessary for COPY, MOVE, DELETE and default.
> > In terms of read-only access, I don't need recursive checks.
> >
> > Is that correct?
> >
> 
> That depends on what your app does.  For example, if you provide an interface to
> 'ls -R' and the authz file has
> 
>     [/foo]
>     * = r
>     [/foo/secret]
>     * =
>     @secret = r
> 
> , then children of /foo/secret should be excluded from the listing, but a non-
> recursive 'r' answer on '/foo' doesn't convey that information.

It traverses only immediate children only. The only usecase for recursive traversal is
that my script offers to create a tarball from a tree which means it needs to check
recursively of course.

I still would like to have a statement about the behavior in mod_authz_svn.c

Michael
Mime
View raw message