[
https://issues.apache.org/jira/browse/SLING-6423?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15768903#comment-15768903
]
Nitin Nizhawan commented on SLING-6423:
---------------------------------------
It seems current repoinit implementation just adds ACEs to ACLs if those ACEs
didn't already exist. Whereas behaviour of merge and merge_preserve is based on
principals \[0\]. For example given existing ACLs as
{code}
ALLOW bob rep:write
ALLOW alice jcr:read
{code}
New ACL
{code}
ALLOW bob rep:write
ALLOW bob cq:replicate
ALLOW alice jcr:read
{code}
When merged will have following resutls
1. Using repoinit
{code}
ALLOW bob rep:write
ALLOW alice jcr:read
ALLOW bob cq:replicate
{code}
2. Using merge ACHandling
{code}
ALLOW bob rep:write
ALLOW bob cq:replicate
ALLOW alice jcr:read
{code}
3. Using merge_preserve ACHandling
{code}
ALLOW bob rep:write
ALLOW alice jcr:read
{code}
\[0\]
https://github.com/apache/jackrabbit-filevault/blob/4528e3ebb851377e37f46fc7cac411d12520ace6/vault-core/src/main/java/org/apache/jackrabbit/vault/fs/impl/io/JackrabbitACLImporter.java#L277
Thanks
Nitin
> Allow for specifying ACL merge mode (ACHandling) in repoinit
> ------------------------------------------------------------
>
> Key: SLING-6423
> URL: https://issues.apache.org/jira/browse/SLING-6423
> Project: Sling
> Issue Type: New Feature
> Components: Repoinit
> Reporter: Nitin Nizhawan
>
> Repoinit by default just add new ACLs if they are not already present.
> By contract package manager provides various strategies for ACL merging
> Extend repoinit to allow specifying these strategies
> https://jackrabbit.apache.org/filevault/apidocs/org/apache/jackrabbit/vault/fs/io/AccessControlHandling.html#MERGE
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
