[
https://issues.apache.org/jira/browse/SLING-6398?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15748463#comment-15748463
]
Bertrand Delacretaz commented on SLING-6398:
--------------------------------------------
That works for me but in principle I don't know if recreating an ACL might make
a difference if one already exists.
I don't have deep knowledge of Oak ACLs but AFAIK the order in which they are
created is relevant. So if you have 3 ACLs (A, B,C) and you recreate A the new
order might be (B, C, A) and behave differently than if you don't recreate it.
For now i suppose clear logs of what happens, at the INFO level, should be good
enough for now.
> Repoinit should not attempt to create access control entries when no changes
> are needed
> ---------------------------------------------------------------------------------------
>
> Key: SLING-6398
> URL: https://issues.apache.org/jira/browse/SLING-6398
> Project: Sling
> Issue Type: Improvement
> Components: Repoinit
> Reporter: Robert Munteanu
> Assignee: Robert Munteanu
> Fix For: Repoinit JCR 1.1.2
>
>
> I have a more complex Sling setup based on the recent Oak multiplexing
> additions.
> The repository is split bewteen
> - /libs and /apps, read-only
> - the rest of the repository, read-write
> When the provisioning model contains ACL definitions, they are processed
> directly without checking if they exist. In turn, Oak updates the
> definitions, even if equivalent ones exist. This causes the repoinit part to
> fail if it refers to ACLs for the read-only part of the repository.
> I would propose that the repoinit statements check if the ACL really needs to
> be replaced or if it can be skipped. This also has the advantage of making it
> symmetric with the checks for service users and paths and also should
> slightly reduce provisioning time.
> [~bdelacretaz] - would that work for you?
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
