[
https://issues.apache.org/jira/browse/SLING-10277?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17334699#comment-17334699
]
Angela Schreiber edited comment on SLING-10277 at 4/28/21, 12:33 PM:
---------------------------------------------------------------------
[~bdelacretaz], unfortunately that's not all..... the first bug is that it's
not possible to register privileges with aggregates that are again privilege
names. see section 1. of the bug report.
see cp-featuremodel converter for a test scenario. [~kpauls] had to work around
this bug here by altering the names of the declared aggregates.
was (Author: anchela):
[~bdelacretaz], unfortunately that's not all..... the first bug is that it's
not possible to register privileges with aggregates that are again privilege
names. see section 1. of the bug report.
> Privilege aggregates cannot have namespaced name but AC-Lines require
> namespaced privilege names
> ------------------------------------------------------------------------------------------------
>
> Key: SLING-10277
> URL: https://issues.apache.org/jira/browse/SLING-10277
> Project: Sling
> Issue Type: Bug
> Components: Repoinit
> Reporter: Angela Schreiber
> Priority: Critical
> Attachments: SLING-10277.patch
>
>
> [~bdelacretaz], while working on SLING-10274 [~kpauls] noticed that repo-init
> parser doesn't support aggregated privilege names with namespace prefix.
> Looking at the parser I found that the handling of privileges seems to be
> inconsistent:
> h3. 1. Register Privileges
> the parser defines this as follows:
> {code}
> <REGISTER> ((<ABSTRACT>) {isAbstract = true;})? <PRIVILEGE> (privilege =
> <STRING> | privilege = <NAMESPACED_ITEM>) (<WITH> aggregates =
> principalsList())?
> {code}
> -> privilege name can be a STRING or a NAMESPACED_ITEM (that's correct ((/))
> -> aggregates is a principalList??? that's quite odd and obviously not
> correct.... aggregates can again be a list of STRING and/or NAMESPACED_ITEM
> ((x))
> h3. 2. Using Registered Privileges in AC-lines
> {{line.setProperty(AclLine.PROP_PRIVILEGES}} is always populated with the
> result of {{namespacedItemsList()}}
> -> if my reading is correct that means that only NAMESPACED_ITEM can be used
> as privilege names, which is not correct because a privilege name can be any
> valid JCR name, with or without namespace prefix. ((x))
> h3. 3. Summary and Suggested Fix
> this can easily be illustrated by slightly adjusting the test-*.txt (see
> attachment).
> the fix should IMHO be 2-fold:
> - allow aggregated privilege names to be STRING or NAMESPACED_ITEM
> - allow privilege names in AC-line to be STRING or NAMESPACED_ITEM in
> accordance to the register privilege call.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
