[
https://issues.apache.org/jira/browse/SLING-9953?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Angela Schreiber updated SLING-9953:
------------------------------------
Description:
I had a look at the cp-feature-model-converter in the light of SLING-9692 and
found a surprising comment pointing to SLING-8561:
{code}
// clean the unneeded ACLs, see SLING-8561
{code}
code here:
https://github.com/apache/sling-org-apache-sling-feature-cpconverter/blob/master/src/main/java/org/apache/sling/feature/cpconverter/acl/DefaultAclManager.java#L146-L153
what it does in fact is omit any kind of permission setup that is defined for
the service users home node. that's quite a serious bug IMHO.... and on top of
that unnecessary because Sling repo-init allows to define those kind of ACEs
using the {{home(userid)}} notation (see
https://sling.apache.org/documentation/bundles/repository-initialization.html)
and btw: what does _unneeded ACLs_ mean? they are for sure not 'unneeded' and
omitting them will essentially result in an invalid permission setup (and thus
break the feature using the service login).
cc: [~cziegeler], [~karlpauls], [~dsuess]
was:
I had a look at the cp-feature-model-converter in the light of SLING-9692 and
found a surprising comment pointing to SLING-8561:
{code}
// clean the unneeded ACLs, see SLING-8561
{code}
code here:
https://github.com/apache/sling-org-apache-sling-feature-cpconverter/blob/master/src/main/java/org/apache/sling/feature/cpconverter/acl/DefaultAclManager.java#L146-L153
what it does in fact is omit any kind of permission setup that is defined for
the service users home node. that's quite a serious bug IMHO.... and on top of
that unnecessary because Sling repo-init allows to define those kind of ACEs
using the home(userid) notation (see
https://sling.apache.org/documentation/bundles/repository-initialization.html)
and btw: what does _unneeded ACLs_ mean? they are for sure not 'unneeded' and
omitting them will essentially result in an invalid permission setup (and thus
break the feature using the service login).
cc: [~cziegeler], [~karlpauls], [~dsuess]
> ACEs on/below user nodes are ignored upon conversion
> ----------------------------------------------------
>
> Key: SLING-9953
> URL: https://issues.apache.org/jira/browse/SLING-9953
> Project: Sling
> Issue Type: Bug
> Components: Content-Package to Feature Model Converter
> Reporter: Angela Schreiber
> Priority: Critical
> Fix For: Content-Package to Feature Model Converter 1.0.26
>
>
> I had a look at the cp-feature-model-converter in the light of SLING-9692 and
> found a surprising comment pointing to SLING-8561:
> {code}
> // clean the unneeded ACLs, see SLING-8561
> {code}
> code here:
> https://github.com/apache/sling-org-apache-sling-feature-cpconverter/blob/master/src/main/java/org/apache/sling/feature/cpconverter/acl/DefaultAclManager.java#L146-L153
> what it does in fact is omit any kind of permission setup that is defined for
> the service users home node. that's quite a serious bug IMHO.... and on top
> of that unnecessary because Sling repo-init allows to define those kind of
> ACEs using the {{home(userid)}} notation (see
> https://sling.apache.org/documentation/bundles/repository-initialization.html)
> and btw: what does _unneeded ACLs_ mean? they are for sure not 'unneeded' and
> omitting them will essentially result in an invalid permission setup (and
> thus break the feature using the service login).
> cc: [~cziegeler], [~karlpauls], [~dsuess]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
