Thanks, Toby! I applied your patch, [3440], and I have the following comments or requests about it:
1. Please add doc to http://allmydata.org/trac/tahoe/browser/docs/ configuration.txt about this option. Possibly in http:// allmydata.org/trac/tahoe/browser/docs/frontends/webapi.txt as well. 2. Do I understand correctly that this prevents people from doing any PUTs or POSTs to URLs that begin with "uri/"? That seems just about right -- it prevents adding new files or changing the contents of files even if you know the write-cap to a file or a directory. But what about the check, verify, repair, manifest, and stats commands listed at the end of webapi.txt. I'm not 100% sure why we made these available through POST instead of through GET -- perhaps because they have the "side effect" of causing a potentially large amount of CPU, network, and disk work even though they don't have any "side effects" on the filesystem graph of directories and files. Currently, if web.ambient_upload_authority is false then you can't do those check, repair, etc. operations. Is that what you intend? 3. Maybe for the test we could use du() from fileutil (http:// allmydata.org/trac/tahoe/browser/src/allmydata/util/fileutil.py , also known as http://allmydata.org/trac/pyutil/browser/pyutil/pyutil/ fileutil.py ) to assert that the filesystem usage on the server isn't greater after the client attempted to upload something. Regards, Zooko patches mentioned in this e-mail: http://allmydata.org/trac/tahoe/changeset/3440 _______________________________________________ tahoe-dev mailing list [email protected] http://allmydata.org/cgi-bin/mailman/listinfo/tahoe-dev
