[
https://issues.apache.org/jira/browse/SLING-6398?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15750810#comment-15750810
]
Robert Munteanu commented on SLING-6398:
----------------------------------------
Coming back to this, I think that I can't support this scenario with perfect
equality since the ACEs on some paths are created from many sources. So you can
end up with 5 ACEs on /libs, added from 3 blocks. Each of the 3 blocks would
cause the ACL to be regenerated, which defeats the purpose of my patch. I will
revert to checking individual entries (for now).
> Repoinit should not attempt to create access control entries when no changes
> are needed
> ---------------------------------------------------------------------------------------
>
> Key: SLING-6398
> URL: https://issues.apache.org/jira/browse/SLING-6398
> Project: Sling
> Issue Type: Improvement
> Components: Repoinit
> Reporter: Robert Munteanu
> Assignee: Robert Munteanu
> Fix For: Repoinit JCR 1.1.2
>
>
> I have a more complex Sling setup based on the recent Oak multiplexing
> additions.
> The repository is split bewteen
> - /libs and /apps, read-only
> - the rest of the repository, read-write
> When the provisioning model contains ACL definitions, they are processed
> directly without checking if they exist. In turn, Oak updates the
> definitions, even if equivalent ones exist. This causes the repoinit part to
> fail if it refers to ACLs for the read-only part of the repository.
> I would propose that the repoinit statements check if the ACL really needs to
> be replaced or if it can be skipped. This also has the advantage of making it
> symmetric with the checks for service users and paths and also should
> slightly reduce provisioning time.
> [~bdelacretaz] - would that work for you?
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
