Oliver Lietz commented on SLING-6130:

[~bdelacretaz], the ultimate goal is to have all configurations for the 
repository done by _repoinit_, so I'm fine with merging step 1. and 3. into one 
(I did step 1. only to easily revert if something would break).

bq. as it breaks the launchpad as the sling:Folder nodetype is not registered 
yet when you use it.

That is strange, as all ITs passed. Not sure if it's worth to investigate 
further when setting up everything with _repoinit_ anyway. WDYT?

> Restrict access for principal everyone and move configuration to repoinit
> -------------------------------------------------------------------------
>                 Key: SLING-6130
>                 URL: https://issues.apache.org/jira/browse/SLING-6130
>             Project: Sling
>          Issue Type: Improvement
>          Components: JCR, Oak
>    Affects Versions: JCR Oak Server 1.1.0
>            Reporter: Oliver Lietz
>            Assignee: Oliver Lietz
>              Labels: security
>             Fix For: JCR Oak Server 1.1.2
> Currently {{everyone}} can {{read}} from {{/}} (configured in 
> {{OakSlingRepositoryManager}}).
> Access for {{everyone}} should be restricted:
> * {{read}} should be restricted to {{/content}}
> * configuration of principals and ACLs should be done with _repoinit_
> # Change path from {{/}} to {{/content}} in {{OakSlingRepositoryManager}} (/) 
> ([r1764259|https://svn.apache.org/r1764259])
> # Fix modules (samples) relying on _unrestricted_ {{read}} access
> # Move configuration of ACLs to _repoinit_
> discussion on 
> [dev@|https://lists.apache.org/thread.html/36908ed62ac93c63cad594a897f8abceb93f08da5bcea30dbce98e58@%3Cdev.sling.apache.org%3E]

This message was sent by Atlassian JIRA

Reply via email to