[jira] [Commented] (SLING-9090) AclLine.Action.REMOVE and AclLine.Action.REMOVE_ALL not handled in jcr implementation

Mon, 02 Mar 2020 06:57:29 -0800 


    [ 
https://issues.apache.org/jira/browse/SLING-9090?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17049273#comment-17049273
 ] 

Angela Schreiber commented on SLING-9090:
-----------------------------------------

[~bdelacretaz], just had a quick look at the {{AclLine.Action.REMOVE_ALL}} and 
{{AclLine.Action.REMOVE}}. while {{AclLine.Action.REMOVE_ALL}} seems straight 
forward (remove all access control entries for a given list of principals at a 
given list of paths or for a given list of paths at a given principal based 
policy), I have a hard time understanding what was your intention behind 
{{AclLine.Action.REMOVE}}... would it remove entries that have a matching set 
of privileges? irrespective of allow/deny status? what about restrictions? 
could those be ignored? what about entries that in fact do contain the given 
privileges but not exclusively? 

[~mohiaror], as long as we don't have answers to these questions I would not 
use the remove statements.... depending on what was the original intention 
behind the remove, it might be that it's not even possible to provide a 
compatible solution.

> AclLine.Action.REMOVE and AclLine.Action.REMOVE_ALL not handled in jcr 
> implementation
> -------------------------------------------------------------------------------------
>
>                 Key: SLING-9090
>                 URL: https://issues.apache.org/jira/browse/SLING-9090
>             Project: Sling
>          Issue Type: Bug
>          Components: Repoinit
>            Reporter: Angela Schreiber
>            Priority: Major
>
> [~bdelacretaz], while the documentation and the parser code provides the 
> ability to remove an individual or all access control entries, it seems the 
> JCR implementation doesn't actually support it.
> using it may lead to odd side effects or failures.... so, i think either the 
> parser should remove the support for Action.REMOVE and Action.REMOVE_ALL or 
> the jcr implementation part should respect it... at the very minimum it 
> should spot any usage of it and fail the repo-init if there is no way to 
> implement it properly. 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to