Branko Čibej wrote:
On 05.10.2017 16:19, Paul Hammant wrote:
Not that my vote counts for much, but I'd prefer w/o props, obeying
read permissions.
"Obeying read permissions" means that the directory hashes would have to
be computed dynamically for each user.
Correct, but let's not imply that's a showstopper.
Calculation of a directory's hash would have to happen for each
directory where the user has mixed access to the immediate children, and
for all parents of such a directory up to the root. For any subtree
where the user has full access, we can use a stored value.
That means in typical authz patterns (a few subtrees excluded) there is
very little calculation required, as long as the authz subsystem can
efficiently tell us whether the user has full or mixed or no access to a
given subtree.
- Julian
