[
https://issues.apache.org/jira/browse/SLING-9871?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17299018#comment-17299018
]
Eric Norman commented on SLING-9871:
------------------------------------
[~bdelacretaz] That may be workable for a simple flat set of features that you
have full control over, but I don't see it as a workable solution when you
start considering more complex aggregation. Once you start aggregating other
aggregate feature together or including references to 3rd-party features that
you have no direct control over then you could quickly lose control of the
order of the "set ACL" statements.
Also, it seems that every order of the ACEs may be the expected order and there
is no well defined "correct" order so I am not sure how we would be able to
rank and order those statements (or the features containing them) in a reliable
way.
So maybe the best we can do is document the order in which they get processed.
Did you also object to adding the proposed "order ACL" statement in the
repoinit language that explicitly declares what order you want the ACEs to be
in?
> Specifying order of ACEs through repoinit directives
> ----------------------------------------------------
>
> Key: SLING-9871
> URL: https://issues.apache.org/jira/browse/SLING-9871
> Project: Sling
> Issue Type: Improvement
> Components: Repoinit
> Reporter: Ashish Chopra
> Priority: Major
>
> As of writing this, repoinit processor (among other things not relevant to
> this JIRA) collects {{create path}} statements and {{set ACL}} statements
> declared in all the feature-models applicable to feature-aggregate under
> consideration.
> Upon repository initialization, it applies all the {{create path}}
> statements, followed by all the {{set ACL}} statements. However, the order in
> which {{set ACL}} statements declared across feature models are applied isn't
> defined (currently, it seems to be based on feature-model-name,
> alphabetically ascending).
> This causes issues at times because we want the order of the ACEs to be
> maintained (e.g., "deny"s for everyone at a given path must be the first ACE,
> followed by "allow"s for specific, non-system-user principals)
> Repoinit should be able to support this requirement.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
