[jira] [Commented] (SLING-10219) Expand enforcing principal-based authorization option to repo-init

Thu, 18 Mar 2021 10:57:11 -0700 


    [ 
https://issues.apache.org/jira/browse/SLING-10219?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17304318#comment-17304318
 ] 

Angela Schreiber commented on SLING-10219:
------------------------------------------

[~karlpauls], initial draft at 
https://github.com/apache/sling-org-apache-sling-feature-cpconverter/pull/67
it's really just a first poc and there are likely subtle issues with special 
cases.

one of them (already know):
- if repo-init contains ac-setup for a service user without creating it, the is 
no possibility for the converter to actually know that the given principal is a 
service user and therefore will not touch it.

maybe it would also be better to delegate the un-modified conversion to 
something like outlined in SLING-10236. it feels a bit hacky to include 
repo-init knowledge here.... but since that's already the case for the 
content-package conversion i didn't feel too bad ;)
however, if this issue gets addressed it might make sense to get rid of the 
duplications from the repoinit package and the code in "DefaultAclManager". 
that looks really ugly now..... a true POC.

> Expand enforcing principal-based authorization option to repo-init
> ------------------------------------------------------------------
>
>                 Key: SLING-10219
>                 URL: https://issues.apache.org/jira/browse/SLING-10219
>             Project: Sling
>          Issue Type: Improvement
>          Components: Content-Package to Feature Model Converter
>    Affects Versions: Content-Package to Feature Model Converter 1.0.24
>            Reporter: Angela Schreiber
>            Priority: Major
>             Fix For: Content-Package to Feature Model Converter 1.0.26
>
>
> [~kpauls], the configuration option defined in SLING-10070 allows to 
> automatically convert access control setup for service users from 
> resource-based to principal-based.
> however, it only covers content packages and will today not convert any 
> access control setup defined with repo-init.
> This improvement aims to investigate if the 
> content-package-to-feature-model-converter could be adjusted with limited 
> effort to also convert repo-init statements.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to