[jira] [Commented] (SLING-9871) Specifying order of ACEs through repoinit directives

Wed, 10 Mar 2021 00:47:05 -0800 


    [ 
https://issues.apache.org/jira/browse/SLING-9871?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17298643#comment-17298643
 ] 

Bertrand Delacretaz commented on SLING-9871:
--------------------------------------------

bq. the order in which set ACL statements declared across feature models are 
applied isn't defined (currently, it seems to be based on feature-model-name, 
alphabetically ascending).

I think this is not a repoinit concern but an issue for whatever component does 
that aggregation.

If the order of aggregation of features is not defined, dependencies between 
them might be used to get the right order, or maybe it's better to make sure 
each repoinit block stands alone and avoid dependencies between them.

Or, worst case, define the ordering in the features to get the expected 
aggregated model - but that sounds brittle to me.

In any case I don't think changes to the repoinit modules are needed, I suggest 
handling this at the level where feature models are aggregated.

FWIW, the order of execution of JCR-related repoinit statements is defined by 
the  [JcrRepoInitOpsProcessorImpl 
class|https://github.com/apache/sling-org-apache-sling-jcr-repoinit/blob/master/src/main/java/org/apache/sling/jcr/repoinit/impl/JcrRepoInitOpsProcessorImpl.java].

> Specifying order of ACEs through repoinit directives
> ----------------------------------------------------
>
>                 Key: SLING-9871
>                 URL: https://issues.apache.org/jira/browse/SLING-9871
>             Project: Sling
>          Issue Type: Improvement
>          Components: Repoinit
>            Reporter: Ashish Chopra
>            Priority: Major
>
> As of writing this, repoinit processor (among other things not relevant to 
> this JIRA) collects {{create path}} statements and {{set ACL}} statements 
> declared in all the feature-models applicable to feature-aggregate under 
> consideration.
> Upon repository initialization, it applies all the {{create path}} 
> statements, followed by all the {{set ACL}} statements. However, the order in 
> which {{set ACL}} statements declared across feature models are applied isn't 
> defined (currently, it seems to be based on feature-model-name, 
> alphabetically ascending).
> This causes issues at times because we want the order of the ACEs to be 
> maintained (e.g., "deny"s for everyone at a given path must be the first ACE, 
> followed by "allow"s for specific, non-system-user principals)
> Repoinit should be able to support this requirement.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to