[ https://issues.apache.org/jira/browse/SLING-9871?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17298643#comment-17298643 ]
Bertrand Delacretaz commented on SLING-9871: -------------------------------------------- bq. the order in which set ACL statements declared across feature models are applied isn't defined (currently, it seems to be based on feature-model-name, alphabetically ascending). I think this is not a repoinit concern but an issue for whatever component does that aggregation. If the order of aggregation of features is not defined, dependencies between them might be used to get the right order, or maybe it's better to make sure each repoinit block stands alone and avoid dependencies between them. Or, worst case, define the ordering in the features to get the expected aggregated model - but that sounds brittle to me. In any case I don't think changes to the repoinit modules are needed, I suggest handling this at the level where feature models are aggregated. FWIW, the order of execution of JCR-related repoinit statements is defined by the [JcrRepoInitOpsProcessorImpl class|https://github.com/apache/sling-org-apache-sling-jcr-repoinit/blob/master/src/main/java/org/apache/sling/jcr/repoinit/impl/JcrRepoInitOpsProcessorImpl.java]. > Specifying order of ACEs through repoinit directives > ---------------------------------------------------- > > Key: SLING-9871 > URL: https://issues.apache.org/jira/browse/SLING-9871 > Project: Sling > Issue Type: Improvement > Components: Repoinit > Reporter: Ashish Chopra > Priority: Major > > As of writing this, repoinit processor (among other things not relevant to > this JIRA) collects {{create path}} statements and {{set ACL}} statements > declared in all the feature-models applicable to feature-aggregate under > consideration. > Upon repository initialization, it applies all the {{create path}} > statements, followed by all the {{set ACL}} statements. However, the order in > which {{set ACL}} statements declared across feature models are applied isn't > defined (currently, it seems to be based on feature-model-name, > alphabetically ascending). > This causes issues at times because we want the order of the ACEs to be > maintained (e.g., "deny"s for everyone at a given path must be the first ACE, > followed by "allow"s for specific, non-system-user principals) > Repoinit should be able to support this requirement. -- This message was sent by Atlassian Jira (v8.3.4#803005)