[jira] [Commented] (JCRVLT-683) Import of Authorizable node with acHandling=IGNORE should preserve existing rep:principalPolicy child node

Fri, 05 May 2023 00:54:08 -0700 


    [ 
https://issues.apache.org/jira/browse/JCRVLT-683?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17719721#comment-17719721
 ] 

Konrad Windszus commented on JCRVLT-683:
----------------------------------------

bq. https://github.com/apache/jackrabbit-filevault/pull/272 doesn't have 
reviewers

This is superseded by https://github.com/apache/jackrabbit-filevault/pull/294

bq. Is it true that 
https://github.com/apache/jackrabbit-filevault/pull/294/files doesn't have any 
test case?

No, lots of ITs have been added 
(https://github.com/apache/jackrabbit-filevault/pull/294/files#diff-038077103e482e4a69670d008bbd1c150aab6edb9c6cb2d8e531940b094170e9)

bq. In general, I think that most bugfixes should come with "circuit breakers"

Well in this case I don't think it is necessary but if you want to add a toggle 
please enrich the PR.


> Import of Authorizable node with acHandling=IGNORE should preserve existing 
> rep:principalPolicy child node
> ----------------------------------------------------------------------------------------------------------
>
>                 Key: JCRVLT-683
>                 URL: https://issues.apache.org/jira/browse/JCRVLT-683
>             Project: Jackrabbit FileVault
>          Issue Type: Bug
>          Components: Packaging
>    Affects Versions: 3.6.6
>            Reporter: Mark Adamcin
>            Assignee: Konrad Windszus
>            Priority: Major
>             Fix For: 3.6.10
>
>
> For situations where an authorizable node may be distributed from another 
> environment where a different rep:principalPolicy for the user is defined 
> than exists for that user in the target environment, it is important that the 
> existing rep:principalPolicy be preserved when acHandling is unset, 
> acHandling=IGNORE, or acHandling=MERGE_PRESERVE.
> Currently, the effective behavior of such a package install, as [it appears 
> to be implemented in 
> DocViewImporter|https://github.com/apache/jackrabbit-filevault/blob/5f9657374bd6c2d3dd1f6e9e2be0b9f5b25ddc26/vault-core/src/main/java/org/apache/jackrabbit/vault/fs/impl/io/DocViewImporter.java#L782-L787],
>  results in the following:
>  * If the package specifies acHandling=IGNORE, the existing 
> rep:principalPolicy is deleted without replacement, regardless of whether the 
> package contains its own rep:principalPolicy, which is equivalent to 
> *acHandling=CLEAR*
>  * If the package specifies acHandling=MERGE_PRESERVE or MERGE, the existing 
> rep:principalPolicy is replaced with whatever rep:principalPolicy is 
> contained in the package, or deletes the policy if a replacement is not 
> present, which is equivalent to *acHandling=OVERWRITE*
> Unexpectedly, the least destructive (and most default) acHandling mode 
> (IGNORE) turns out to be as destructive to packaged system user permissions 
> as choosing any other mode. 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to