Browse files

Change <RequireAll><RequireOne> to <SatisfyAll><SatisfyOne>. The keyw…

…ord 'Satisfy' seems to fit a little better since the blocks can contain both 'Require' and 'Reject' directives

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/authz-dev@367678 13f79535-47bb-0310-9956-ffa450edef68
  • Loading branch information...
1 parent a875347 commit 6916c104d247f68cac1b2cde0f99f52b30a21b8b Bradley Nicholes committed Jan 10, 2006
Showing with 33 additions and 33 deletions.
  1. +10 −10 docs/manual/howto/auth.xml
  2. +17 −17 docs/manual/mod/mod_authz_core.xml
  3. +6 −6 modules/aaa/mod_authz_core.c
View
20 docs/manual/howto/auth.xml
@@ -380,24 +380,24 @@ do?</title>
you can specify just part of an address or domain name:</p>
<example>
- &lt;RequireAll&gt;<br />
+ &lt;SatisfyAll&gt;<br />
&nbsp; Reject ip <var>192.101.205</var><br />
&nbsp; Reject host <var>cyberthugs.com</var> <var>moreidiots.com</var><br />
&nbsp; Reject host ke<br />
- &lt;/RequireAll&gt;
+ &lt;/SatisfyAll&gt;
</example>
<p>Using the <directive module="mod_authz_host">Reject</directive> directive
- inside of a <directive module="mod_authz_core">&lt;RequireAll&gt;</directive>
+ inside of a <directive module="mod_authz_core">&lt;SatisfyAll&gt;</directive>
block, will let you be sure that you are actually restricting things to
only the group that you want to let in.</p>
<p>The above example uses the <directive module="mod_authz_core">
- &lt;RequireAll&gt;</directive> block to make sure that all of the
+ &lt;SatisfyAll&gt;</directive> block to make sure that all of the
<directive module="mod_authz_host">Reject</directive> directives are
satisfied before granting access. The <directive module="mod_authz_core">
- &lt;RequireAll&gt;</directive> block as well as the
- <directive module="mod_authz_core">&lt;RequireOne&gt;</directive> block
+ &lt;SatisfyAll&gt;</directive> block as well as the
+ <directive module="mod_authz_core">&lt;SatisfyOne&gt;</directive> block
allow you to apply "AND" and "OR" logic to the authorization processing.
For example the following authorization block would apply the logic:</p>
@@ -418,14 +418,14 @@ do?</title>
&nbsp; AuthBasicProvider ...<br />
&nbsp; ...<br />
&nbsp; Require user John<br />
- &nbsp; &lt;RequireAll&gt;<br />
+ &nbsp; &lt;SatisfyAll&gt;<br />
&nbsp;&nbsp; Require Group admins<br />
&nbsp;&nbsp; Require ldap-group cn=mygroup,o=foo<br />
- &nbsp;&nbsp; &lt;RequireOne&gt;<br />
+ &nbsp;&nbsp; &lt;SatisfyOne&gt;<br />
&nbsp;&nbsp;&nbsp; Require ldap-attribute dept="sales"<br />
&nbsp;&nbsp;&nbsp; Require file-group<br />
- &nbsp;&nbsp; &lt;/RequireOne&gt;<br />
- &nbsp; &lt;/RequireAll&gt;<br />
+ &nbsp;&nbsp; &lt;/SatisfyOne&gt;<br />
+ &nbsp; &lt;/SatisfyAll&gt;<br />
&lt;/Directory&gt;<br />
</example>
View
34 docs/manual/mod/mod_authz_core.xml
@@ -134,25 +134,25 @@ a resource</description>
</directivesynopsis>
<directivesynopsis type="section">
-<name>RequireAll</name>
+<name>SatisfyAll</name>
<description>Enclose a group of authorization directives that must all
be satisfied in order to grant access to a resource. This block allows
for 'AND' logic to be applied to various authorization providers.</description>
-<syntax>&lt;RequireAll&gt;
-... &lt;/RequireAll&gt;</syntax>
+<syntax>&lt;SatisfyAll&gt;
+... &lt;/SatisfyAll&gt;</syntax>
<contextlist><context>directory</context><context>.htaccess</context>
</contextlist>
<override>AuthConfig</override>
<usage>
- <p><directive type="section">RequireAll</directive> and
- <code>&lt;/RequireAll&gt;</code> are used to enclose a group of
+ <p><directive type="section">SatisfyAll</directive> and
+ <code>&lt;/SatisfyAll&gt;</code> are used to enclose a group of
authorization directives that must all be satisfied in order to
grant access to a resource.</p>
<p>The <directive module="mod_authz_core">
- &lt;RequireAll&gt;</directive> block as well as the
- <directive module="mod_authz_core">&lt;RequireOne&gt;</directive> block
+ &lt;SatisfyAll&gt;</directive> block as well as the
+ <directive module="mod_authz_core">&lt;SatisfyOne&gt;</directive> block
allow you to apply "AND" and "OR" logic to the authorization processing.
For example the following authorization block would apply the logic:</p>
@@ -173,14 +173,14 @@ for 'AND' logic to be applied to various authorization providers.</description>
&nbsp; AuthBasicProvider ...<br />
&nbsp; ...<br />
&nbsp; Require user John<br />
- &nbsp; &lt;RequireAll&gt;<br />
+ &nbsp; &lt;SatisfyAll&gt;<br />
&nbsp;&nbsp; Require Group admins<br />
&nbsp;&nbsp; Require ldap-group cn=mygroup,o=foo<br />
- &nbsp;&nbsp; &lt;RequireOne&gt;<br />
+ &nbsp;&nbsp; &lt;SatisfyOne&gt;<br />
&nbsp;&nbsp;&nbsp; Require ldap-attribute dept="sales"<br />
&nbsp;&nbsp;&nbsp; Require file-group<br />
- &nbsp;&nbsp; &lt;/RequireOne&gt;<br />
- &nbsp; &lt;/RequireAll&gt;<br />
+ &nbsp;&nbsp; &lt;/SatisfyOne&gt;<br />
+ &nbsp; &lt;/SatisfyAll&gt;<br />
&lt;/Directory&gt;<br />
</example>
@@ -192,25 +192,25 @@ for 'AND' logic to be applied to various authorization providers.</description>
</directivesynopsis>
<directivesynopsis type="section">
-<name>RequireOne</name>
+<name>SatisfyOne</name>
<description>Enclose a group of authorization directives that must
satisfy at least one in order to grant access to a resource. This
block allows for 'OR' logic to be applied to various authorization
providers.</description>
-<syntax>&lt;RequireOne&gt;
-... &lt;/RequireOne&gt;</syntax>
+<syntax>&lt;SatisfyOne&gt;
+... &lt;/SatisfyOne&gt;</syntax>
<contextlist><context>directory</context><context>.htaccess</context>
</contextlist>
<override>AuthConfig</override>
<usage>
- <p><directive type="section">RequireOne</directive> and
- <code>&lt;/RequireOne&gt;</code> are used to enclose a group of
+ <p><directive type="section">SatisfyOne</directive> and
+ <code>&lt;/SatisfyOne&gt;</code> are used to enclose a group of
authorization directives that must satisfy at least one in order to
grant access to a resource.</p>
<p>See the <directive module="mod_authz_core">
- &lt;RequireAll&gt;</directive> directive for a usage example.</p>
+ &lt;SatisfyAll&gt;</directive> directive for a usage example.</p>
</usage>
View
12 modules/aaa/mod_authz_core.c
@@ -70,15 +70,15 @@ X- Change the status code to AUTHZ_DENIED, AUTHZ_GRANTED
is even necessary. This was used in authn to support
authn_alias. Is there a need for an authz_alias?
X- Remove the Satisfy directive functionality and replace it with the
- <RequireAll>, <RequireOne> directives
+ <SatisfyAll>, <SatisfyOne> directives
X- Remove the Satisfy directive
-X- Implement the <RequireAll> <RequireOne> block directives
+X- Implement the <SatisfyAll> <SatisfyOne> block directives
to handle the 'and' and 'or' logic for authorization.
X- Remove the AuthzXXXAuthoritative directives from all of
the authz providers
X- Implement the Reject directive that will deny authorization
if the argument is true
-X- Fold the Reject directive into the <RequireAll> <RequireOne>
+X- Fold the Reject directive into the <SatisfyAll> <SatisfyOne>
logic
X- Reimplement the host based authorization 'allow', 'deny'
and 'order' as authz providers
@@ -414,7 +414,7 @@ static const char *authz_require_section(cmd_parms *cmd, void *mconfig, const ch
the req_state and the level will allow it to traverse the list to find
the last element in the provider calling list. */
old_reqstate = conf->req_state;
- if (strcasecmp (cmd->directive->directive, "<RequireAll") == 0) {
+ if (strcasecmp (cmd->directive->directive, "<SatisfyAll") == 0) {
conf->req_state = AUTHZ_REQSTATE_ALL;
}
else {
@@ -445,10 +445,10 @@ static const command_rec authz_cmds[] =
AP_INIT_RAW_ARGS("<RequireAlias", authz_require_alias_section, NULL, RSRC_CONF,
"Container for authorization directives grouped under "
"an authz provider alias"),
- AP_INIT_RAW_ARGS("<RequireAll", authz_require_section, NULL, OR_AUTHCFG,
+ AP_INIT_RAW_ARGS("<SatisfyAll", authz_require_section, NULL, OR_AUTHCFG,
"Container for grouping require statements that must all "
"succeed for authorization to be granted"),
- AP_INIT_RAW_ARGS("<RequireOne", authz_require_section, NULL, OR_AUTHCFG,
+ AP_INIT_RAW_ARGS("<SatisfyOne", authz_require_section, NULL, OR_AUTHCFG,
"Container for grouping require statements of which one "
"must succeed for authorization to be granted"),
{NULL}

0 comments on commit 6916c10

Please sign in to comment.