[ https://issues.apache.org/jira/browse/JCRVLT-683?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17719721#comment-17719721 ]
Konrad Windszus edited comment on JCRVLT-683 at 5/5/23 7:59 AM: ---------------------------------------------------------------- bq. https://github.com/apache/jackrabbit-filevault/pull/272 doesn't have reviewers. In general I always add reviewer but they rarely react, therefore after some time I go ahead and merge. But everyone is involved to review, that includes you of course as well [~thomasm]. This is superseded by https://github.com/apache/jackrabbit-filevault/pull/294 bq. Is it true that https://github.com/apache/jackrabbit-filevault/pull/294/files doesn't have any test case? No, lots of ITs have been added (https://github.com/apache/jackrabbit-filevault/pull/294/files#diff-038077103e482e4a69670d008bbd1c150aab6edb9c6cb2d8e531940b094170e9) bq. In general, I think that most bugfixes should come with "circuit breakers" Well in this case I don't think it is necessary but if you want to add a toggle please enrich the PR. was (Author: kwin): bq. https://github.com/apache/jackrabbit-filevault/pull/272 doesn't have reviewers This is superseded by https://github.com/apache/jackrabbit-filevault/pull/294 bq. Is it true that https://github.com/apache/jackrabbit-filevault/pull/294/files doesn't have any test case? No, lots of ITs have been added (https://github.com/apache/jackrabbit-filevault/pull/294/files#diff-038077103e482e4a69670d008bbd1c150aab6edb9c6cb2d8e531940b094170e9) bq. In general, I think that most bugfixes should come with "circuit breakers" Well in this case I don't think it is necessary but if you want to add a toggle please enrich the PR. > Import of Authorizable node with acHandling=IGNORE should preserve existing > rep:principalPolicy child node > ---------------------------------------------------------------------------------------------------------- > > Key: JCRVLT-683 > URL: https://issues.apache.org/jira/browse/JCRVLT-683 > Project: Jackrabbit FileVault > Issue Type: Bug > Components: Packaging > Affects Versions: 3.6.6 > Reporter: Mark Adamcin > Assignee: Konrad Windszus > Priority: Major > Fix For: 3.6.10 > > > For situations where an authorizable node may be distributed from another > environment where a different rep:principalPolicy for the user is defined > than exists for that user in the target environment, it is important that the > existing rep:principalPolicy be preserved when acHandling is unset, > acHandling=IGNORE, or acHandling=MERGE_PRESERVE. > Currently, the effective behavior of such a package install, as [it appears > to be implemented in > DocViewImporter|https://github.com/apache/jackrabbit-filevault/blob/5f9657374bd6c2d3dd1f6e9e2be0b9f5b25ddc26/vault-core/src/main/java/org/apache/jackrabbit/vault/fs/impl/io/DocViewImporter.java#L782-L787], > results in the following: > * If the package specifies acHandling=IGNORE, the existing > rep:principalPolicy is deleted without replacement, regardless of whether the > package contains its own rep:principalPolicy, which is equivalent to > *acHandling=CLEAR* > * If the package specifies acHandling=MERGE_PRESERVE or MERGE, the existing > rep:principalPolicy is replaced with whatever rep:principalPolicy is > contained in the package, or deletes the policy if a replacement is not > present, which is equivalent to *acHandling=OVERWRITE* > Unexpectedly, the least destructive (and most default) acHandling mode > (IGNORE) turns out to be as destructive to packaged system user permissions > as choosing any other mode. -- This message was sent by Atlassian Jira (v8.20.10#820010)