[
https://issues.apache.org/jira/browse/JCRVLT-683?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17733820#comment-17733820
]
Mark Adamcin commented on JCRVLT-683:
-------------------------------------
[~kwin] I've created an amended commit with the feature flag support and raised
a new PR for because I lack permission to push to the apache upstream
[https://github.com/apache/jackrabbit-filevault/pull/297]
Optionally restore principal ACLs after import
Introduced feature flag: {{vault.feature.stashPrincipalPolicies}}
[@kwin|https://github.com/kwin] this branch has an amended commit that I don't
have permission to force-push to the existing upstream PR branch.
The diff of the amended commit is essentially:
# to add the feature flag support to the Importer class
# to fork the original PrincipalBasedIT into a parallel
PrincipalBasedStashingIT, instead of changing its assertions in-place, so that
the before and after behavior can be tested simultaneously.
I defined the feature flag above to work as a system property for setting a
global default value, as well as supporting a package property of the same name
for switching the behavior on individual packages. This should allow us to test
the new behavior in different contexts and different downstream tools without
having to expose the flag as part of the filevault java API. I left all of your
stashing and policy enhancement implementation unmodified after determining
that the feature flag could be evaluated at a single point in the Importer,
just prior to the calling the {{restorePrincipalAcls}} method, and could be
leveraged when disabled to add diagnostic messages to the progress tracker log.
> Import of Authorizable node with acHandling=IGNORE should preserve existing
> rep:principalPolicy child node
> ----------------------------------------------------------------------------------------------------------
>
> Key: JCRVLT-683
> URL: https://issues.apache.org/jira/browse/JCRVLT-683
> Project: Jackrabbit FileVault
> Issue Type: Bug
> Components: Packaging
> Affects Versions: 3.6.6
> Reporter: Mark Adamcin
> Assignee: Konrad Windszus
> Priority: Major
> Fix For: 3.6.10
>
>
> For situations where an authorizable node may be distributed from another
> environment where a different rep:principalPolicy for the user is defined
> than exists for that user in the target environment, it is important that the
> existing rep:principalPolicy be preserved when acHandling is unset,
> acHandling=IGNORE, or acHandling=MERGE_PRESERVE.
> Currently, the effective behavior of such a package install, as [it appears
> to be implemented in
> DocViewImporter|https://github.com/apache/jackrabbit-filevault/blob/5f9657374bd6c2d3dd1f6e9e2be0b9f5b25ddc26/vault-core/src/main/java/org/apache/jackrabbit/vault/fs/impl/io/DocViewImporter.java#L782-L787],
> results in the following:
> * If the package specifies acHandling=IGNORE, the existing
> rep:principalPolicy is deleted without replacement, regardless of whether the
> package contains its own rep:principalPolicy, which is equivalent to
> *acHandling=CLEAR*
> * If the package specifies acHandling=MERGE_PRESERVE or MERGE, the existing
> rep:principalPolicy is replaced with whatever rep:principalPolicy is
> contained in the package, or deletes the policy if a replacement is not
> present, which is equivalent to *acHandling=OVERWRITE*
> Unexpectedly, the least destructive (and most default) acHandling mode
> (IGNORE) turns out to be as destructive to packaged system user permissions
> as choosing any other mode.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
