On 11/01/2010 09:24 AM, Nick Piper wrote: > [[[ > Implement AuthzSVNRepoRelativeAccessFile to allow SVNParentPath to use > a different authz configuration file for each repository. > > * subversion/mod_authz_svn/mod_authz_svn.c > (get_access_conf) Check if AuthzSVNRepoRelativeAccessFile is on, and > if so, load the conf/authz file from inside the repository being > accessed rather than one which is statically configured in the > Apache configuration. > (subreq_bypass, access_checker, check_user_id, auth_checker) > Recognise that it's valid not to have a AuthzSVNAccessFile if > AuthzSVNRepoRelativeAccessFile is used. > ]]]
What is the current behavior of a configuration file specified as relative
path? I don't see any notations in the code or docs which indicate how
mod_authz_svn will interpret a relative pathspec. If there's no clear
meaning today, perhaps we should consider defining that behavior as "find
the named access file relative to the repository's conf/ subdirectory".
This allows us to avoid adding another configuration option.
In other words, if today "AuthzSVNAccessFile FOO", where FOO is a relative
path, has a not-well-defined meaning, then let's change it to mean "Read
from ${REPO}/conf/FOO".
SVNPath-using <Location>'s could use "AuthzSVNAccessFile authz" to get the
behavior you want.
SVNParentPath-using <Location>'s could use "AuthzSVNAccessFile authz" to do
the same. Or, they could use "AuthzSVNAccessFile ../../authz" to read the
rules from a single file in the parent-path directory shared across the
repositories in that parent-path. (That have that ability today when using
an absolute path, but this would allow for a more template-izable
SVNParentPath block.)
Thoughts?
--
C. Michael Pilato <[email protected]>
CollabNet <> www.collab.net <> Distributed Development On Demand
signature.asc
Description: OpenPGP digital signature
