Hi, On Thu, Aug 5, 2021 at 8:00 PM Daniel Klco <[email protected]> wrote: > ...I've been working on a web console plugin for users to test and validate > their RepoInit scripts on an instance of Sling. It would not be expected to > be installed in production, but something for developers to install in a > local instance....
Any code that gets written is bound to end up in production some day ;-) More seriously, I think nowadays we'd rather create command-line utilities for such things, but I don't think we have a good framework for doing that at this point. Jbang scripts [1] for example might be a nice way to do that if someone has good ideas. This is just a general comment, I'm not opposed to a webconsole plugin in this case. > ...Please review the project in the Sling Whiteboard: > https://github.com/apache/sling-whiteboard/tree/master/org.apache.sling.repoinit.webconsole > ... I was going to say that you should use the incoming request's identity instead of calling loginAdministrative [2] but I forgot if that's possible in a web console plugin. The current code causes a privilege escalation, which might be ok for a console plugin but that IMHO we should avoid if possible. -Bertrand [1] https://www.jbang.dev/ [2] https://github.com/apache/sling-whiteboard/blob/c369b1bbba2c990cfe05d706efdb1ba5050f5fa6/org.apache.sling.repoinit.webconsole/src/main/java/org/apache/sling/repoinit/webconsole/RepoInitWebConsole.java#L152
