Re: [PATCH] AND and OR ACLs

From: Tsantilas Christos <chtsanti_at_users.sourceforge.net>
Date: Fri, 21 Dec 2012 23:21:50 +0200

On 12/21/2012 08:58 PM, Alex Rousskov wrote:
> Christos,
>
> I wonder if we can avoid code duplication by moving existing AND and
> OR logic from Checklist into a new ACL node type and then _always_ using
> that node type to wrap _all_ ACL rules? It would be kind of the opposite
> of what you have done: You are wrapping existing nodes into Checklist
> rule when an AND/OR ACL is found. This solution would wrap ALL rules
> into an AND or OR ACL node while Checklist will always check just _one_
> ACL node (usually AND or OR).
>
> In other words, this solution would automatically transfer
>
> http_access allow a1 a2 a3
> http_access allow b1 b2 b3
>
> into
>
> acl autoA all-of a1 a2 a3
> acl autoB all-of b1 b2 b3
> acl autoAB any-of autoA autoB
> http_access allow autoAB
>
> We would need to store the allow/deny keyword with the and/or node to
> make this work, but I did not show that detail in the above example in
> hope to avoid further confusion.
>
> Do you see what I am getting at?

I think yes...
I don't now how easy is to implement it but it may worth it if we decide
that the any-of and all-of needed (Personally I am seeing many advantages).

The only concerns I have is that I prefer a one-to-one interpretation of
squid.conf acls and acls related C++ structure. Interpreting the
http_access rules to an other scheme may confuse development, more bugs,
more difficult to solve problems etc...

>
>
> Thank you,
>
> Alex.
>
>
Received on Fri Dec 21 2012 - 21:22:06 MST

This archive was generated by hypermail 2.2.0 : Sat Dec 22 2012 - 12:00:37 MST