[jira] [Commented] (SLING-10277) REGISTER PRIVILEGE and SET ACL should support lists of STRING and NAMESPACED_ITEM

Thu, 27 May 2021 07:35:05 -0700 


    [ 
https://issues.apache.org/jira/browse/SLING-10277?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17352528#comment-17352528
 ] 

Bertrand Delacretaz commented on SLING-10277:
---------------------------------------------

I have implemented a fix in PR#12, please review.

It's a grammar change only, both the {{userPrivilegesLine}} and 
{{registerPrivilegeStatement}} productions now use this for the list of 
privileges, I think that's what we want:

{code}
List<String> privilegesList() :
{
    Token t = null;
    List<String> priv = new ArrayList<String>();
}
{
    ( t=<NAMESPACED_ITEM> | t=<STRING> ) { priv.add(t.image); }
    ( <COMMA> ( t=<NAMESPACED_ITEM> | t=<STRING> ) { priv.add(t.image); } )*
    { return priv; }
}
{code}

> REGISTER PRIVILEGE and SET ACL should support lists of STRING and 
> NAMESPACED_ITEM
> ---------------------------------------------------------------------------------
>
>                 Key: SLING-10277
>                 URL: https://issues.apache.org/jira/browse/SLING-10277
>             Project: Sling
>          Issue Type: Bug
>          Components: Repoinit
>            Reporter: Angela Schreiber
>            Assignee: Bertrand Delacretaz
>            Priority: Critical
>         Attachments: SLING-10277.patch
>
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> [~bdelacretaz], while working on SLING-10274 [~kpauls] noticed that repo-init 
> parser doesn't support aggregated privilege names with namespace prefix.
> Looking at the parser I found that the handling of privileges seems to be 
> inconsistent:
> h3. 1. Register Privileges
> the parser defines this as follows:
> {code}
>     <REGISTER> ((<ABSTRACT>) {isAbstract = true;})? <PRIVILEGE> (privilege = 
> <STRING> | privilege = <NAMESPACED_ITEM>) (<WITH> aggregates = 
> principalsList())?
> {code}
> -> privilege name can be a STRING or a NAMESPACED_ITEM (that's correct ((/))
> -> aggregates is a principalList??? that's quite odd and obviously not 
> correct.... aggregates can again be a list of STRING and/or NAMESPACED_ITEM 
> ((x))
> h3. 2. Using Registered Privileges in AC-lines
> {{line.setProperty(AclLine.PROP_PRIVILEGES}} is always  populated with the 
> result of {{namespacedItemsList()}}
> -> if my reading is correct that means that only NAMESPACED_ITEM can be used 
> as privilege names, which is not correct because a privilege name can be any 
> valid JCR name, with or without namespace prefix. ((x))
> h3. 3. Summary and Suggested Fix
> this can easily be illustrated by slightly adjusting the test-*.txt (see 
> attachment).
> the fix should IMHO be 2-fold:
> - allow aggregated privilege names to be STRING or NAMESPACED_ITEM
> - allow privilege names in AC-line to be STRING or NAMESPACED_ITEM in 
> accordance to the register privilege call.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to