 |
Subversion
|
|
Subversion
|
Typedefs | |
| typedef svn_error_t *(* | svn_repos_authz_func_t) (svn_boolean_t *allowed, svn_fs_root_t *root, const char *path, void *baton, apr_pool_t *pool) |
| Callback type for checking authorization on a path. More... | |
| typedef enum svn_repos_authz_access_t | svn_repos_authz_access_t |
| An enum defining the kinds of access authz looks up. More... | |
| typedef svn_error_t *(* | svn_repos_authz_callback_t) (svn_repos_authz_access_t required, svn_boolean_t *allowed, svn_fs_root_t *root, const char *path, void *baton, apr_pool_t *pool) |
| Callback type for checking authorization on paths produced by the repository commit editor. More... | |
Enumerations | |
| enum | svn_repos_authz_access_t { svn_authz_none = 0, svn_authz_read = 1, svn_authz_write = 2, svn_authz_recursive = 4 } |
| An enum defining the kinds of access authz looks up. More... | |
| typedef enum svn_repos_authz_access_t svn_repos_authz_access_t |
An enum defining the kinds of access authz looks up.
| typedef svn_error_t*(* svn_repos_authz_callback_t) (svn_repos_authz_access_t required, svn_boolean_t *allowed, svn_fs_root_t *root, const char *path, void *baton, apr_pool_t *pool) |
Callback type for checking authorization on paths produced by the repository commit editor.
Set *allowed to TRUE to indicate that the required access on path in root is authorized, or set it to FALSE to indicate unauthorized (presumable according to state stored in baton).
If path is NULL, the callback should perform a global authz lookup for the required access. That is, the lookup should check if the required access is granted for at least one path of the repository, and set *allowed to TRUE if so. root may also be NULL if path is NULL.
This callback is very similar to svn_repos_authz_func_t, with the exception of the addition of the required parameter. This is due to historical reasons: when authz was first implemented for svn_repos_dir_delta2(), it seemed there would need only checks for read and write operations, hence the svn_repos_authz_func_t callback prototype and usage scenario. But it was then realized that lookups due to copying needed to be recursive, and that brute-force recursive lookups didn't square with the O(1) performances a copy operation should have.
So a special way to ask for a recursive lookup was introduced. The commit editor needs this capability to retain acceptable performance. Instead of revving the existing callback, causing unnecessary revving of functions that don't actually need the extended functionality, this second, more complete callback was introduced, for use by the commit editor.
Some day, it would be nice to reunite these two callbacks and do the necessary revving anyway, but for the time being, this dual callback mechanism will do.
Definition at line 155 of file svn_repos.h.
| typedef svn_error_t*(* svn_repos_authz_func_t) (svn_boolean_t *allowed, svn_fs_root_t *root, const char *path, void *baton, apr_pool_t *pool) |
Callback type for checking authorization on a path.
Set *allowed to TRUE to indicate that some operation is authorized for path in root, or set it to FALSE to indicate unauthorized (presumably according to state stored in baton).
Do not assume pool has any lifetime beyond this call.
The exact operation being authorized depends on the callback implementation. For read authorization, for example, the caller would implement an instance that does read checking, and pass it as a parameter named [perhaps] 'authz_read_func'. The receiver of that parameter might also take another parameter named 'authz_write_func', which although sharing this type, would be a different implementation.
Definition at line 93 of file svn_repos.h.
An enum defining the kinds of access authz looks up.
| Enumerator | |
|---|---|
| svn_authz_none | No access. |
| svn_authz_read | Path can be read. |
| svn_authz_write | Path can be altered. |
| svn_authz_recursive | The other access credentials are recursive. |
Definition at line 104 of file svn_repos.h.
1.8.17