[ https://issues.apache.org/jira/browse/SLING-6423?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15768903#comment-15768903 ]
Nitin Nizhawan edited comment on SLING-6423 at 1/2/17 11:23 AM: ---------------------------------------------------------------- It seems current repoinit implementation just adds ACEs to ACLs if those ACEs didn't already exist. Whereas behaviour of merge and merge_preserve is based on principals \[0\]. For example given existing ACLs as {code} ALLOW bob rep:write ALLOW alice jcr:read {code} New ACL {code} ALLOW bob rep:write ALLOW bob crx:replicate ALLOW alice jcr:read {code} When merged will have following resutls 1. Using repoinit {code} ALLOW bob rep:write ALLOW alice jcr:read ALLOW bob crx:replicate {code} 2. Using merge ACHandling {code} ALLOW bob rep:write,crx:replicate ALLOW alice jcr:read {code} 3. Using merge_preserve ACHandling {code} ALLOW bob rep:write ALLOW alice jcr:read {code} \[0\] https://github.com/apache/jackrabbit-filevault/blob/4528e3ebb851377e37f46fc7cac411d12520ace6/vault-core/src/main/java/org/apache/jackrabbit/vault/fs/impl/io/JackrabbitACLImporter.java#L277 Thanks Nitin was (Author: nitin.nizhawan): It seems current repoinit implementation just adds ACEs to ACLs if those ACEs didn't already exist. Whereas behaviour of merge and merge_preserve is based on principals \[0\]. For example given existing ACLs as {code} ALLOW bob rep:write ALLOW alice jcr:read {code} New ACL {code} ALLOW bob rep:write ALLOW bob crx:replicate ALLOW alice jcr:read {code} When merged will have following resutls 1. Using repoinit {code} ALLOW bob rep:write ALLOW alice jcr:read ALLOW bob crx:replicate {code} 2. Using merge ACHandling {code} ALLOW bob rep:write ALLOW bob crx:replicate ALLOW alice jcr:read {code} 3. Using merge_preserve ACHandling {code} ALLOW bob rep:write ALLOW alice jcr:read {code} \[0\] https://github.com/apache/jackrabbit-filevault/blob/4528e3ebb851377e37f46fc7cac411d12520ace6/vault-core/src/main/java/org/apache/jackrabbit/vault/fs/impl/io/JackrabbitACLImporter.java#L277 Thanks Nitin > Allow for specifying ACL merge mode (ACHandling) in repoinit > ------------------------------------------------------------ > > Key: SLING-6423 > URL: https://issues.apache.org/jira/browse/SLING-6423 > Project: Sling > Issue Type: New Feature > Components: Repoinit > Reporter: Nitin Nizhawan > > Repoinit by default just add new ACLs if they are not already present. > By contract package manager provides various strategies for ACL merging > Extend repoinit to allow specifying these strategies > https://jackrabbit.apache.org/filevault/apidocs/org/apache/jackrabbit/vault/fs/io/AccessControlHandling.html#MERGE -- This message was sent by Atlassian JIRA (v6.3.4#6332)