Hiding some directories

Jonathan Noack noackjr at alumni.rice.edu
Thu Jan 12 16:59:32 PST 2006 

Ville Skyttä wrote:
> On Wed, 2006-01-11 at 23:33 -0500, Jonathan Noack wrote:
>>> BTW, I am not familiar enough with Perl. Although I was able to 
>>> configure that array to forbid all directories that I did not want, I 
>>> wonder if is there a way to specify in that array just a few top level 
>>> directories that I want.
>> How about an @AllowedFiles list that only displays files and directories 
>> that match?  See attached patches for cvsweb.cgi and cvsweb.conf.
> 
> No strong opinions nor objections if this is really needed, but couldn't
> some extended patterns be used for that, and some commented out examples
> of those be added to cvsweb.conf?  Maybe negative look-behind (see "man
> perlre")?  It could get somewhat hairy though.

It probably could be done with some extended patterns but few of our 
users would understand them (I certainly wouldn't!).  Having 
@AllowedFiles means that we can give our users 2 options:
1) Allow all with @ForbiddenFiles override (This is the default).
2) Forbid all with @AllowedFiles override (which in turn is overridden 
by @ForbiddenFiles).

This is quite powerful AND easy to configure.  Consider a repository 
with this directory structure:

$ pwd
/usr/home/cvsroot
$ find . -type d
./CVSROOT
./dir1
./dir2
./dir3
./dir3/sub1
./dir3/sub2
./dir3/sub3
./dir4
...
./dir9

If I only wanted to allow dir3 and dir4 but forbid dir3/sub2, the 
configuration is simple:

@ForbiddenFiles = (
     qr|^dir3/sub2|o,
);
@AllowedFiles = (
     qr|^dir[34]/|o,
);

This is much easier than the way it would be done currently (and what if 
we added more directories that needed to be forbidden?):
@ForbiddenFiles = (
     qr|^CVSROOT|o,
     qr|^dir1|o,
     qr|^dir2|o,
     qr|^dir3/sub2|o,
     qr|^dir5|o,
     qr|^dir6|o,
     qr|^dir7|o,
     qr|^dir8|o,
     qr|^dir9|o,
);

As we don't want to allow more than we intend, we must be more careful 
with @AllowedFiles then with @ForbiddenFiles.  Here are some best 
practices for @AllowedFiles:
1) Patterns should begin with '^' to match the beginning of the relative 
path in the repository and should contain as much path information as 
possible.  For example: Use 'qr|^dir/sub/|o' instead of 'qr|sub|o'.  The 
latter could erroneously match 'yellow_submarine.mp3' or 'folder/sub'.
2) Patterns for specific directories should have a trailing slash.  For 
example: Use 'qr|^dir/|o' instead of 'qr|^dir|o'.  The latter could 
erroneously match 'dir.txt' or 'dirty'.
3) Patterns for specific files should end with '$' to match the end of 
filename.  For example: Use 'qr|^dir/file.txt$|o' instead of 
'qr|^dir/file.txt|o'.  The latter could erroneously match 
dir/file.txt.old or dir/file.txt/real_file.txt.

Why did I write that much?!?  Off to dinner,
-Jonathan

More information about the freebsd-cvsweb mailing list