[jira] Updated: (SLING-1411) Add replaceAccessControlEntry method to AccessControlUtil

Mon, 09 Aug 2010 00:25:44 -0700 

     [ 
https://issues.apache.org/jira/browse/SLING-1411?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Felix Meschberger updated SLING-1411:
-------------------------------------

    Fix Version/s: Launchpad Content 2.0.6

> Add replaceAccessControlEntry method to AccessControlUtil
> ---------------------------------------------------------
>
>                 Key: SLING-1411
>                 URL: https://issues.apache.org/jira/browse/SLING-1411
>             Project: Sling
>          Issue Type: Improvement
>          Components: JCR
>    Affects Versions:  JCR Jackrabbit Access Manager 2.0.4
>            Reporter: Ray Davis
>            Assignee: Eric Norman
>            Priority: Minor
>             Fix For: Launchpad Testing 6, Launchpad Content 2.0.6, JCR 
> ContentLoader 2.0.8, JCR Jackrabbit Access Manager 2.0.6
>
>         Attachments: SLING-1411.patch
>
>
> ModifyAceServlet and DefaultContentCreator both have a need to merge new 
> privileges for a given principal to an existing resource ACL. Doing so 
> involves some rather complex logic which is easy to get wrong, and in the 
> Sakai 3 project, we found that quite a few service developers needed the same 
> functionality. This patch moves the functionality to a shared utility method 
> to eliminate any tempatations to copy-and-paste (or worse, rewrite 
> incorrectly).
> Besides consolidating the logic (and removing it from ModifyAceServlet and 
> DefaultContentCreator), this patch introduces a couple of other changes:
> * The ACE merge is more conservative. SLING-997 broke apart specified and 
> existing aggregated privileges and then tried to recombine them into possibly 
> new combinations. This patch instead maintains exactly what the client 
> specified and (when possible) what was already there, but does not create any 
> new aggregates of its own. This better matches Jackrabbit's default behavior, 
> should minimize client surprises, and eliminates a subtle bug: any candidate 
> aggregate privilege needs to be checked for "isAbstract()".
> * The ModifyAceServlet JavaDoc is corrected and expanded.
> * Some bad logging format is fixed.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to