[
https://issues.apache.org/jira/browse/SLING-6130?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15568714#comment-15568714
]
Bertrand Delacretaz commented on SLING-6130:
--------------------------------------------
[~olli] I'm sorry but I have to revert your revision 1764259 ( in revision
1764462, by running svn merge -c -1764259 . ) as it breaks the launchpad as the
sling:Folder nodetype is not registered yet when you use it.
I needed to be able to update the launchpad to the oak-server snapshot for
SLING-5135 which is otherwise finished, we can always revisit later.
I suppose best is to do these access control changes in repoinit statements as
well if that works for you, we might move namespace and node type definitions
to repoinit statements as well so that everything happens in the right order.
> Restrict access for principal everyone and move configuration to repoinit
> -------------------------------------------------------------------------
>
> Key: SLING-6130
> URL: https://issues.apache.org/jira/browse/SLING-6130
> Project: Sling
> Issue Type: Improvement
> Components: JCR, Oak
> Affects Versions: JCR Oak Server 1.1.0
> Reporter: Oliver Lietz
> Assignee: Oliver Lietz
> Labels: security
> Fix For: JCR Oak Server 1.1.2
>
>
> Currently {{everyone}} can {{read}} from {{/}} (configured in
> {{OakSlingRepositoryManager}}).
> Access for {{everyone}} should be restricted:
> * {{read}} should be restricted to {{/content}}
> * configuration of principals and ACLs should be done with _repoinit_
> # Change path from {{/}} to {{/content}} in {{OakSlingRepositoryManager}} (/)
> ([r1764259|https://svn.apache.org/r1764259])
> # Fix modules (samples) relying on _unrestricted_ {{read}} access
> # Move configuration of ACLs to _repoinit_
> discussion on
> [dev@|https://lists.apache.org/thread.html/36908ed62ac93c63cad594a897f8abceb93f08da5bcea30dbce98e58@%3Cdev.sling.apache.org%3E]
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
