50 /*** Access rights. ***/
52 /* This structure describes the access rights given to a specific user by
68   /* Access rights of the respective user as defined by the rule set. */
69   authz_access_t rights;
76 /* Convenience structure combining the node-local access rights with the
77  * min and max rights granted within the sub-tree. */
86   /* Minimal access rights that the user has on this or any other node in
87    * the sub-tree.  This does not take inherited rights into account. */
90   /* Maximal access rights that the user has on this or any other node in
91    * the sub-tree.  This does not take inherited rights into account. */
96 /* Return TRUE, if RIGHTS has local rights defined in the ACCESS member. */
98 has_local_rule(const limited_rights_t *rights)
100   return rights->access.sequence_number != NO_SEQUENCE_NUMBER;
107                const limited_rights_t *rights)
109   /* This implies the check for NO_SEQUENCE_NUMBER, i.e no rights being
111   if (target->access.sequence_number < rights->access.sequence_number)
112     target->access = rights->access;
115 /* Aggregate the min / max access rights of TARGET and RIGHTS into TARGET. */
118                      const limited_rights_t *rights)
120   target->max_rights |= rights->max_rights;
121   target->min_rights &= rights->min_rights;
276   /* Immediate access rights granted by rules on this node and the min /
277    * max rights on any path in this sub-tree. */
278   limited_rights_t rights;
304   result->rights.access.sequence_number = NO_SEQUENCE_NUMBER;
428  * node's access rights spec to PATH_ACCESS.  Update the context info in CTX.
445       /* Set access rights.  Note that there might be multiple rules for
449       limited_rights_t rights;
450       rights.access = *path_access;
451       rights.max_rights = path_access->rights;
452       rights.min_rights = path_access->rights;
453       combine_access(&node->rights, &rights);
551   if (!svn_authz__get_acl_access(&path_access.rights, acl, user, repository))
699       &&   node->pattern_sub_nodes->any_var->rights.access.sequence_number
703         = node->pattern_sub_nodes->any_var->rights.access.sequence_number;
707   if (has_local_rule(&node->rights))
711       if (node->rights.access.sequence_number >= latest_any_var)
714          node->rights.access.sequence_number = NO_SEQUENCE_NUMBER;
828  * (of NODE's parent) by combining it with the recursive access rights info
836   limited_rights_t *local_sum = &node->rights;
842   /* Sum of rights at NODE - so far. */
845       local_sum->max_rights = local_sum->access.rights;
846       local_sum->min_rights = local_sum->access.rights;
953   if (!has_local_rule(&root->rights))
955       root->rights.access.sequence_number = 0;
956       root->rights.access.rights = authz_access_none;
973   /* Calculate recursive rights.
975    * This is a bottom-up calculation of the range of access rights
983   finalize_tree(root, &root->rights, subpool);
998   /* Rights immediately applying to this node and limits to the rights to
1000   limited_rights_t rights;
1062        * and we only have to set the correct rights info. */
1063       state->rights = state->parent_rights;
1070   state->rights = root->rights;
1071   state->parent_rights = root->rights;
1083       combine_access(&state->rights, &node->rights);
1084       combine_right_limits(&state->rights, &node->rights);
1095  * case this is a no-op.  Also update and aggregate the access rights data
1109       combine_access(&state->rights, &node->rights);
1113        * max possible access rights are a combination of all these sub-trees.
1115       combine_right_limits(&state->rights, &node->rights);
1127           combine_access(&state->rights, &node->rights);
1128           combine_right_limits(&state->rights, &node->rights);
1290       /* Shortcut 1: We could nowhere find enough rights in this sub-tree. */
1291       if ((state->rights.max_rights & required) != required)
1294       /* Shortcut 2: We will find enough rights everywhere in this sub-tree. */
1295       if ((state->rights.min_rights & required) == required)
1303       state->rights.access.sequence_number = NO_SEQUENCE_NUMBER;
1304       state->rights.access.rights = authz_access_none;
1309        * the parent's (i.e. inherited) access rights. */
1310       state->rights.min_rights = authz_access_write;
1311       state->rights.max_rights = authz_access_none;
1362       /* If no rule applied to this SEGMENT directly, the parent rights
1365       if (!has_local_rule(&state->rights))
1367           state->rights.access = state->parent_rights.access;
1368           state->rights.min_rights &= state->parent_rights.access.rights;
1369           state->rights.max_rights |= state->parent_rights.access.rights;
1375        * If this is the end of the path, keep the parent path and rights in
1385           state->parent_rights = state->rights;
1390    * less than the REQUIRED access rights.  "Potential" because we don't
1394     return (state->rights.min_rights & required) == required;
1396   /* Return whether the access rights on PATH fully include REQUIRED. */
1397   return (state->rights.access.rights & required) == required;
1419   /* The combined min/max rights USER has on REPOSITORY. */

Indexes created Wed Jun 26 11:41:58 MDT 2024