Angela Schreiber created SLING-10277:
----------------------------------------
Summary: Privilege aggregates cannot have namespaced name but
AC-Lines require namespaced privilege names
Key: SLING-10277
URL: https://issues.apache.org/jira/browse/SLING-10277
Project: Sling
Issue Type: Bug
Components: Repoinit
Reporter: Angela Schreiber
[~bdelacretaz], while working on SLING-10274 [~kpauls] noticed that repo-init
parser doesn't support aggregated privilege names with namespace prefix.
Looking at the parser I found that the handling of privileges seems to be
inconsistent:
h3. 1. register privileges
the parser defines this as follows:
{code}
<REGISTER> ((<ABSTRACT>) {isAbstract = true;})? <PRIVILEGE> (privilege =
<STRING> | privilege = <NAMESPACED_ITEM>) (<WITH> aggregates =
principalsList())?
{code}
-> privilege name can be a STRING or a NAMESPACED_ITEM (that's correct ((/))
-> aggregates is a principalList??? that's quite odd and obviously not
correct.... aggregates can again be a list of NAMESPACED_ITEM and/or
NAMESPACED_ITEM ((x))
h3. using registered privileges in AC-lines
{{line.setProperty(AclLine.PROP_PRIVILEGES}} is always populated with the
result of {{namespacedItemsList()}}
-> if my reading is correct that means that only NAMESPACED_ITEM can be used as
privilege names, which is not correct because a privilege name can be any valid
JCR name, with or without namespace prefix. ((x))
this can easily be illustrated by slightly adjusting the test-*.txt (see
attachment).
the fix should IMHO be 2-fold:
- allow aggregated privilege names to be STRING or NAMESPACED_ITEM
- allow privilege names in AC-line to be STRING or NAMESPACED_ITEM in
accordance to the register privilege call.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
