[
https://issues.apache.org/jira/browse/JCRVLT-427?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17074477#comment-17074477
]
Konrad Windszus commented on JCRVLT-427:
----------------------------------------
For the composite node store it becomes rather unlikely that someone sets ACLs
for apps and libs as those are ready-only at run time anyways so I am not sure
using this permission is a good idea here.
Also I am not sure what to do with the check related to the flag
"requiresRoot". Maybe using
[https://jackrabbit.apache.org/oak/docs/apidocs/org/apache/jackrabbit/api/security/user/User.html#isAdmin--]
is good (although it is implementation specific)
> Allow installation of packages with hook for users without admin privileges
> ---------------------------------------------------------------------------
>
> Key: JCRVLT-427
> URL: https://issues.apache.org/jira/browse/JCRVLT-427
> Project: Jackrabbit FileVault
> Issue Type: Improvement
> Components: vlt
> Reporter: Konrad Windszus
> Assignee: Konrad Windszus
> Priority: Major
> Fix For: 3.4.6
>
>
> Currently due to the check in
> https://github.com/apache/jackrabbit-filevault/blob/e257001ec22ea06bcc987cbf79f0cc9b15c4e186/vault-core/src/main/java/org/apache/jackrabbit/vault/packaging/impl/ZipVaultPackage.java#L184
> packages containing a hook can only be installed by admins.
> Although I do understand the intent of that I think this is not flexible
> enough as currently that only gives the rights to users "admin", "system" or
> members of group "administrators". Instead there should be an OSGi
> configuration which allows to configure to grant the right to install
> packages with hooks to other groups as well!
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
