[jira] [Updated] (SLING-10277) Privilege aggregates cannot have namespaced name but AC-Lines require namespaced privilege names

Angela Schreiber (Jira) Wed, 07 Apr 2021 05:52:18 -0700


     [ 
https://issues.apache.org/jira/browse/SLING-10277?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Angela Schreiber updated SLING-10277:
-------------------------------------
    Description: 
[~bdelacretaz], while working on SLING-10274 [~kpauls] noticed that repo-init 
parser doesn't support aggregated privilege names with namespace prefix.

Looking at the parser I found that the handling of privileges seems to be 
inconsistent:

h3. 1. register privileges
the parser defines this as follows:
{code}
    <REGISTER> ((<ABSTRACT>) {isAbstract = true;})? <PRIVILEGE> (privilege = 
<STRING> | privilege = <NAMESPACED_ITEM>) (<WITH> aggregates = 
principalsList())?
{code}

-> privilege name can be a STRING or a NAMESPACED_ITEM (that's correct ((/))
-> aggregates is a principalList??? that's quite odd and obviously not 
correct.... aggregates can again be a list of NAMESPACED_ITEM and/or 
NAMESPACED_ITEM ((x))

h3. 2. Using Registered Privileges in AC-lines
{{line.setProperty(AclLine.PROP_PRIVILEGES}} is always  populated with the 
result of {{namespacedItemsList()}}

-> if my reading is correct that means that only NAMESPACED_ITEM can be used as 
privilege names, which is not correct because a privilege name can be any valid 
JCR name, with or without namespace prefix. ((x))

h3. 3. Summary and Suggested Fix
this can easily be illustrated by slightly adjusting the test-*.txt (see 
attachment).
the fix should IMHO be 2-fold:
- allow aggregated privilege names to be STRING or NAMESPACED_ITEM
- allow privilege names in AC-line to be STRING or NAMESPACED_ITEM in 
accordance to the register privilege call.

  was:
[~bdelacretaz], while working on SLING-10274 [~kpauls] noticed that repo-init 
parser doesn't support aggregated privilege names with namespace prefix.

Looking at the parser I found that the handling of privileges seems to be 
inconsistent:

h3. 1. register privileges
the parser defines this as follows:
{code}
    <REGISTER> ((<ABSTRACT>) {isAbstract = true;})? <PRIVILEGE> (privilege = 
<STRING> | privilege = <NAMESPACED_ITEM>) (<WITH> aggregates = 
principalsList())?
{code}

-> privilege name can be a STRING or a NAMESPACED_ITEM (that's correct ((/))
-> aggregates is a principalList??? that's quite odd and obviously not 
correct.... aggregates can again be a list of NAMESPACED_ITEM and/or 
NAMESPACED_ITEM ((x))

h3. 2. Using Registered Privileges in AC-lines
{{line.setProperty(AclLine.PROP_PRIVILEGES}} is always  populated with the 
result of {{namespacedItemsList()}}

-> if my reading is correct that means that only NAMESPACED_ITEM can be used as 
privilege names, which is not correct because a privilege name can be any valid 
JCR name, with or without namespace prefix. ((x))

h3. Summary and Suggested Fix
this can easily be illustrated by slightly adjusting the test-*.txt (see 
attachment).
the fix should IMHO be 2-fold:
- allow aggregated privilege names to be STRING or NAMESPACED_ITEM
- allow privilege names in AC-line to be STRING or NAMESPACED_ITEM in 
accordance to the register privilege call.


> Privilege aggregates cannot have namespaced name but AC-Lines require 
> namespaced privilege names
> ------------------------------------------------------------------------------------------------
>
>                 Key: SLING-10277
>                 URL: https://issues.apache.org/jira/browse/SLING-10277
>             Project: Sling
>          Issue Type: Bug
>          Components: Repoinit
>            Reporter: Angela Schreiber
>            Priority: Critical
>         Attachments: SLING-10277.patch
>
>
> [~bdelacretaz], while working on SLING-10274 [~kpauls] noticed that repo-init 
> parser doesn't support aggregated privilege names with namespace prefix.
> Looking at the parser I found that the handling of privileges seems to be 
> inconsistent:
> h3. 1. register privileges
> the parser defines this as follows:
> {code}
>     <REGISTER> ((<ABSTRACT>) {isAbstract = true;})? <PRIVILEGE> (privilege = 
> <STRING> | privilege = <NAMESPACED_ITEM>) (<WITH> aggregates = 
> principalsList())?
> {code}
> -> privilege name can be a STRING or a NAMESPACED_ITEM (that's correct ((/))
> -> aggregates is a principalList??? that's quite odd and obviously not 
> correct.... aggregates can again be a list of NAMESPACED_ITEM and/or 
> NAMESPACED_ITEM ((x))
> h3. 2. Using Registered Privileges in AC-lines
> {{line.setProperty(AclLine.PROP_PRIVILEGES}} is always  populated with the 
> result of {{namespacedItemsList()}}
> -> if my reading is correct that means that only NAMESPACED_ITEM can be used 
> as privilege names, which is not correct because a privilege name can be any 
> valid JCR name, with or without namespace prefix. ((x))
> h3. 3. Summary and Suggested Fix
> this can easily be illustrated by slightly adjusting the test-*.txt (see 
> attachment).
> the fix should IMHO be 2-fold:
> - allow aggregated privilege names to be STRING or NAMESPACED_ITEM
> - allow privilege names in AC-line to be STRING or NAMESPACED_ITEM in 
> accordance to the register privilege call.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Updated] (SLING-10277) Privilege aggregates cannot have namespaced name but AC-Lines require namespaced privilege names

Reply via email to