Add replaceAccessControlEntry method to AccessControlUtil
---------------------------------------------------------
Key: SLING-1411
URL: https://issues.apache.org/jira/browse/SLING-1411
Project: Sling
Issue Type: Improvement
Components: JCR
Affects Versions: JCR Jackrabbit Access Manager 2.0.4
Reporter: Ray Davis
ModifyAceServlet and DefaultContentCreator both have a need to merge new
privileges for a given principal to an existing resource ACL. Doing so involves
some rather complex logic which is easy to get wrong, and in the Sakai 3
project, we found that quite a few service developers needed the same
functionality. This patch moves the functionality to a shared utility method to
eliminate any tempatations to copy-and-paste (or worse, rewrite incorrectly).
Besides consolidating the logic (and removing it from ModifyAceServlet and
DefaultContentCreator), this patch introduces a couple of other changes:
* The ACE merge is more conservative. SLING-997 broke apart specified and
existing aggregated privileges and then tried to recombine them into possibly
new combinations. This patch instead maintains exactly what the client
specified and (when possible) what was already there, but does not create any
new aggregates of its own. This better matches Jackrabbit's default behavior,
should minimize client surprises, and eliminates a subtle bug: any candidate
aggregate privilege needs to be checked for "isAbstract()".
* The ModifyAceServlet JavaDoc is corrected and expanded.
* Some bad logging format is fixed.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
