[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#3780) val.regex with attributes doesn't honor searches


it is unclear to me what access privilege should be granted if the value 
of the attribute does not match the indicated regex pattern.  In any 
case, to allow substring filtering, one needs to allow search access to 
any value of a given type.  This definitely makes sense, I think, 
because when filtering takes place, the entry is not available yet, 
while the value of a substrings filter is supposed to be incomplete.  So 

access to attrs=type val.regex=pattern
    by someone read
access to attrs=type
    by someone search

seems to be the required approach.

In principle, we could allow more granularity to the "search" privilege, 
to allow addressing presence, exact, substring(, approx?, ordering?) and 
so on.  But this would need discussing it on -devel.


    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497