Julian Sedding created SLING-12107:
--------------------------------------
Summary: JCR Repoinit executes operations out of order.
Key: SLING-12107
URL: https://issues.apache.org/jira/browse/SLING-12107
Project: Sling
Issue Type: Task
Components: Repoinit
Affects Versions: Repoinit JCR 1.1.44
Reporter: Julian Sedding
Assignee: Julian Sedding
When applying ACLs, repoinit checks if the referenced authorizable exists, and
it fails if it doesn't.
However, my goal was to set up ACLs with my deployment for a group that was to
be sync'ed from an {{ExternalIdentityProvider}} once the first member of that
group logs in.
To work around this limitation, I tried running the following repoinit script:
{noformat}
create group testGroup
set ACL for testGroup
allow jcr:read on /content/foo
deny jcr:write on /content/foo
end
delete group testGroup
{noformat}
It turned out that the statements were executed in the following order:
{noformat}
create group testGroup
delete group testGroup
set ACL for testGroup
allow jcr:read on /content/foo
deny jcr:write on /content/foo
end
{noformat}
Of course that caused the script to fail just as if no group was created.
The incorrect ordering may also cause other scenarios to fail.
The {{ExecutionOrderTest}} suggests that some re-ordering is done on purpose.
E.g. namespaces and nodetypes should be created before e.g. paths are created.
I would expect that registration of custom privileges should also be executed
before other operations. I don't see how that could be harmful.
But for all other statements, I would expect the execution order to match the
order of the statements within the repoinit script.
cc [~bdelacretaz], [~cziegeler], [~angela]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
