[
https://issues.apache.org/jira/browse/SLING-10277?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17351791#comment-17351791
]
Angela Schreiber commented on SLING-10277:
------------------------------------------
[~bdelacretaz], the attached patch is not good to go otherwise i would have
created a PR.... as i stated before
{quote}
most probably that's not the correct final solution because a privilege name is
essentially a JCR name which cannot be arbitrary string..... maybe it would
therefore be better to fix the namespacedItemsList such that it actually
reflects an namedItemsList that allows for valid JCR names that may or may not
come with a namespace prefix.
while looking at the usage of namespacedItemsList i also noticed that the repo
init parse seems to mandate that nodetype names are 'namespaced-items' which
would also not be correct IMHO as the same applies as for privilege names. so,
you might want to take a closer look at that as well.
{quote}
> Privilege aggregates cannot have namespaced name but AC-Lines require
> namespaced privilege names
> ------------------------------------------------------------------------------------------------
>
> Key: SLING-10277
> URL: https://issues.apache.org/jira/browse/SLING-10277
> Project: Sling
> Issue Type: Bug
> Components: Repoinit
> Reporter: Angela Schreiber
> Priority: Critical
> Attachments: SLING-10277.patch
>
>
> [~bdelacretaz], while working on SLING-10274 [~kpauls] noticed that repo-init
> parser doesn't support aggregated privilege names with namespace prefix.
> Looking at the parser I found that the handling of privileges seems to be
> inconsistent:
> h3. 1. Register Privileges
> the parser defines this as follows:
> {code}
> <REGISTER> ((<ABSTRACT>) {isAbstract = true;})? <PRIVILEGE> (privilege =
> <STRING> | privilege = <NAMESPACED_ITEM>) (<WITH> aggregates =
> principalsList())?
> {code}
> -> privilege name can be a STRING or a NAMESPACED_ITEM (that's correct ((/))
> -> aggregates is a principalList??? that's quite odd and obviously not
> correct.... aggregates can again be a list of STRING and/or NAMESPACED_ITEM
> ((x))
> h3. 2. Using Registered Privileges in AC-lines
> {{line.setProperty(AclLine.PROP_PRIVILEGES}} is always populated with the
> result of {{namespacedItemsList()}}
> -> if my reading is correct that means that only NAMESPACED_ITEM can be used
> as privilege names, which is not correct because a privilege name can be any
> valid JCR name, with or without namespace prefix. ((x))
> h3. 3. Summary and Suggested Fix
> this can easily be illustrated by slightly adjusting the test-*.txt (see
> attachment).
> the fix should IMHO be 2-fold:
> - allow aggregated privilege names to be STRING or NAMESPACED_ITEM
> - allow privilege names in AC-line to be STRING or NAMESPACED_ITEM in
> accordance to the register privilege call.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
