Hi Guillaume AFAIK Jackrabbit FileVault uses a similar approach. I'm not super familiar with the code, but you may find interesting details if you look at the classes JackrabbitACLImporter[0] and/or JcrACLManagement[1].
The order of ACEs is significant. IIRC later entries "override" earlier ones (provided the principal matches). However, an ACE for a principal representing a user always is "stronger" than one representing a group (not really your concern when importing though). Further reading regarding access control[2] can be found on the Jackrabbit Oak website. Regards Julian [0] https://github.com/apache/jackrabbit-filevault/blob/trunk/vault-core/src/main/java/org/apache/jackrabbit/vault/fs/impl/io/JackrabbitACLImporter.java [1] https://github.com/apache/jackrabbit-filevault/blob/trunk/vault-core/src/main/java/org/apache/jackrabbit/vault/fs/spi/impl/jcr20/JcrACLManagement.java [2] http://jackrabbit.apache.org/oak/docs/security/accesscontrol.html On Tue, Mar 28, 2017 at 4:32 PM, Guillaume Lucazeau <glucaz...@gmail.com> wrote: > Hello Bertrand, > > Thank you for your reply. I have created SLING-6738 for the ACLs import. > > Before adding unit tests and sending a PR, I would like to know if I'm > going in the right direction. > > I've seen that in JsonReader there are already createAce and createAcl > methods, but they are used to create ACLs from the acl.json servlet. > > So, I've modified the handleSecurity method, and if the node is named > "rep:policy", I call my own method "createAceFromPolicy". This method just > loops on the subnodes of a "rep:policy" node (i.e. keys starting with > "allow" or "deny", gather all information and calls > contentCreator.createAce. > > It works fine for my case, but I would be curious to have some feedback and > make sure I didn't forget anything. At the beginning of the discussion > Robert was talking about editing the content importer, but I couldn't find > how I was suppose to do that. > > Also, I would like to know if the order of the ACE is important. As there > is no order property on the JSON returned by the content servlet, and has > JSON is not ordered, I'm not able so far to keep the original order. > > Thank you for your help, > > Guillaume > > 2017-03-28 11:56 GMT+02:00 Bertrand Delacretaz <bdelacre...@apache.org>: > >> Hi, >> >> On Tue, Mar 28, 2017 at 11:25 AM, Guillaume Lucazeau >> <glucaz...@gmail.com> wrote: >> > ...Considering the lack of responses, Re-importing exported JSON, >> including >> > the priviliges, doesn't seem to be a feature that lots of people need, >> so I >> > will try to patch the importer on my own :).. >> >> I actually have a use case for this on my list, but that's a long list >> so I'm not sure when I'll start working on it. >> >> > ...I was wondering if pull requests on Github are the best way to submit >> > patches to Sling, or if you prefer diff files attached to a ticket... >> >> We need a jira ticket in any case, but submitting patches as pull >> requests works. >> >> Looking forward to your contributions! >> >> (and don't forget the tests ;-) >> >> -Bertrand >>