Subversion
Typedefs | Enumerations
Repository authorization callbacks

Typedefs

typedef svn_error_t *(* svn_repos_authz_func_t) (svn_boolean_t *allowed, svn_fs_root_t *root, const char *path, void *baton, apr_pool_t *pool)
 Callback type for checking authorization on a path. More...
 
typedef enum svn_repos_authz_access_t svn_repos_authz_access_t
 An enum defining the kinds of access authz looks up. More...
 
typedef svn_error_t *(* svn_repos_authz_callback_t) (svn_repos_authz_access_t required, svn_boolean_t *allowed, svn_fs_root_t *root, const char *path, void *baton, apr_pool_t *pool)
 Callback type for checking authorization on paths produced by the repository commit editor. More...
 

Enumerations

enum  svn_repos_authz_access_t {
  svn_authz_none = 0,
  svn_authz_read = 1,
  svn_authz_write = 2,
  svn_authz_recursive = 4
}
 An enum defining the kinds of access authz looks up. More...
 

Detailed Description

Typedef Documentation

An enum defining the kinds of access authz looks up.

Since
New in 1.3.
typedef svn_error_t*(* svn_repos_authz_callback_t) (svn_repos_authz_access_t required, svn_boolean_t *allowed, svn_fs_root_t *root, const char *path, void *baton, apr_pool_t *pool)

Callback type for checking authorization on paths produced by the repository commit editor.

Set *allowed to TRUE to indicate that the required access on path in root is authorized, or set it to FALSE to indicate unauthorized (presumable according to state stored in baton).

If path is NULL, the callback should perform a global authz lookup for the required access. That is, the lookup should check if the required access is granted for at least one path of the repository, and set *allowed to TRUE if so. root may also be NULL if path is NULL.

This callback is very similar to svn_repos_authz_func_t, with the exception of the addition of the required parameter. This is due to historical reasons: when authz was first implemented for svn_repos_dir_delta2(), it seemed there would need only checks for read and write operations, hence the svn_repos_authz_func_t callback prototype and usage scenario. But it was then realized that lookups due to copying needed to be recursive, and that brute-force recursive lookups didn't square with the O(1) performances a copy operation should have.

So a special way to ask for a recursive lookup was introduced. The commit editor needs this capability to retain acceptable performance. Instead of revving the existing callback, causing unnecessary revving of functions that don't actually need the extended functionality, this second, more complete callback was introduced, for use by the commit editor.

Some day, it would be nice to reunite these two callbacks and do the necessary revving anyway, but for the time being, this dual callback mechanism will do.

Definition at line 155 of file svn_repos.h.

typedef svn_error_t*(* svn_repos_authz_func_t) (svn_boolean_t *allowed, svn_fs_root_t *root, const char *path, void *baton, apr_pool_t *pool)

Callback type for checking authorization on a path.

Set *allowed to TRUE to indicate that some operation is authorized for path in root, or set it to FALSE to indicate unauthorized (presumably according to state stored in baton).

Do not assume pool has any lifetime beyond this call.

The exact operation being authorized depends on the callback implementation. For read authorization, for example, the caller would implement an instance that does read checking, and pass it as a parameter named [perhaps] 'authz_read_func'. The receiver of that parameter might also take another parameter named 'authz_write_func', which although sharing this type, would be a different implementation.

Note
If someday we want more sophisticated authorization states than just yes/no, allowed can become an enum type.

Definition at line 93 of file svn_repos.h.

Enumeration Type Documentation

An enum defining the kinds of access authz looks up.

Since
New in 1.3.
Enumerator
svn_authz_none 

No access.

svn_authz_read 

Path can be read.

svn_authz_write 

Path can be altered.

svn_authz_recursive 

The other access credentials are recursive.

Definition at line 104 of file svn_repos.h.