[jira] [Resolved] (SLING-12107) JCR Repoinit executes operations out of order

Mon, 06 Nov 2023 01:16:06 -0800 


     [ 
https://issues.apache.org/jira/browse/SLING-12107?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Julian Sedding resolved SLING-12107.
------------------------------------
    Resolution: Fixed

> JCR Repoinit executes operations out of order
> ---------------------------------------------
>
>                 Key: SLING-12107
>                 URL: https://issues.apache.org/jira/browse/SLING-12107
>             Project: Sling
>          Issue Type: Bug
>          Components: Repoinit
>    Affects Versions: Repoinit JCR 1.1.44
>            Reporter: Julian Sedding
>            Assignee: Julian Sedding
>            Priority: Major
>             Fix For: Repoinit JCR 1.1.46
>
>
> When applying ACLs, repoinit checks if the referenced authorizable exists, 
> and it fails if it doesn't.
> However, my goal was to set up ACLs with my deployment for a group that was 
> to be sync'ed from an {{ExternalIdentityProvider}} once the first member of 
> that group logs in.
> To work around this limitation, I tried running the following repoinit script:
> {noformat}
> create group testGroup
> set ACL for testGroup
>   allow jcr:read on /content/foo
>   deny jcr:write on /content/foo
> end
> delete group testGroup
> {noformat}
> It turned out that the statements were executed in the following order:
> {noformat}
> create group testGroup
> delete group testGroup
> set ACL for testGroup
>   allow jcr:read on /content/foo
>   deny jcr:write on /content/foo
> end
> {noformat}
> Of course that caused the script to fail just as if no group was created.
> The incorrect ordering may also cause other scenarios to fail.
> The {{ExecutionOrderTest}} suggests that some re-ordering is done on purpose. 
> E.g. namespaces and nodetypes should be created before e.g. paths are created.
> I would expect that registration of custom privileges should also be executed 
> before other operations. I don't see how that could be harmful.
> But for all other statements, I would expect the execution order to match the 
> order of the statements within the repoinit script.
> cc [~bdelacretaz], [~cziegeler], [~angela]



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to