angela created SLING-8607:
-----------------------------
Summary: AclUtil.setAcl ignores return value of
JackrabbitAccessControlList.addEntry
Key: SLING-8607
URL: https://issues.apache.org/jira/browse/SLING-8607
Project: Sling
Issue Type: Bug
Components: Repoinit
Reporter: angela
[~rombert], {{AclUtil.setAcl}} attempts to avoid adding redundant entries (and
writing an unmodified policy back to the repository).
however, it ignores the return value of
{{JackrabbitAccessControlList.addEntry}}, which as far as i remember indicates
if the given policy has been modified by the given call. i would recommend to
take the return value into consideration instead of always setting 'changed =
true'.
in addition: i am not totally convinced that it is wise to 'manually' compare
the existing entries with the ones to add and it might well lead to subtle
inconsistencies. also, depending on the exact implementation of the
{{JackrabbitAccessControlList}}, adding an entry (even if already contained)
may effectively alter the policy (e.g. by appending the entry and thus
affecting the overall outcome of the evaluation). in other words: IMO it would
be better to rely on the capability of the {{JackrabbitAccessControlList}} to
determine if an entry was added or not (also the {{expandPrivileges}} may be
achieved in an optimized fashion with the acl-implementation).
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)
