[ https://issues.apache.org/jira/browse/JCRVLT-427?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17074477#comment-17074477 ]
Konrad Windszus commented on JCRVLT-427: ---------------------------------------- For the composite node store it becomes rather unlikely that someone sets ACLs for apps and libs as those are ready-only at run time anyways so I am not sure using this permission is a good idea here. Also I am not sure what to do with the check related to the flag "requiresRoot". Maybe using [https://jackrabbit.apache.org/oak/docs/apidocs/org/apache/jackrabbit/api/security/user/User.html#isAdmin--] is good (although it is implementation specific) > Allow installation of packages with hook for users without admin privileges > --------------------------------------------------------------------------- > > Key: JCRVLT-427 > URL: https://issues.apache.org/jira/browse/JCRVLT-427 > Project: Jackrabbit FileVault > Issue Type: Improvement > Components: vlt > Reporter: Konrad Windszus > Assignee: Konrad Windszus > Priority: Major > Fix For: 3.4.6 > > > Currently due to the check in > https://github.com/apache/jackrabbit-filevault/blob/e257001ec22ea06bcc987cbf79f0cc9b15c4e186/vault-core/src/main/java/org/apache/jackrabbit/vault/packaging/impl/ZipVaultPackage.java#L184 > packages containing a hook can only be installed by admins. > Although I do understand the intent of that I think this is not flexible > enough as currently that only gives the rights to users "admin", "system" or > members of group "administrators". Instead there should be an OSGi > configuration which allows to configure to grant the right to install > packages with hooks to other groups as well! -- This message was sent by Atlassian Jira (v8.3.4#803005)