[jira] [Commented] (SLING-9871) Specifying order of ACEs through repoinit directives

Wed, 24 Mar 2021 02:35:06 -0700 


    [ 
https://issues.apache.org/jira/browse/SLING-9871?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17307708#comment-17307708
 ] 

Bertrand Delacretaz commented on SLING-9871:
--------------------------------------------

bq. From a tooling point of view, do you expect them to be part of the main 
repoinit tooling or something that must be applied separately?

In terms of API I think it's just a {{java.io.FilterReader}} that we can use to 
preprocess the input for the {{RepoInitParserService}} input, so I would 
implement it directly in the repoinit parser module, and ideally write it so 
that it does nothing if the input doesn't contain a {{#FRAGMENT}} preprocessor 
instruction.

This makes me think that the syntax should be based on repoinit comments, to 
avoid interference with the parser:

{code}
#FRAGMENT two DEPENDS ON three
set ACL for assets-users
allow jcr:read on /conf
end
#END FRAGMENT
{code}

> Specifying order of ACEs through repoinit directives
> ----------------------------------------------------
>
>                 Key: SLING-9871
>                 URL: https://issues.apache.org/jira/browse/SLING-9871
>             Project: Sling
>          Issue Type: Improvement
>          Components: Repoinit
>            Reporter: Ashish Chopra
>            Priority: Major
>
> As of writing this, repoinit processor (among other things not relevant to 
> this JIRA) collects {{create path}} statements and {{set ACL}} statements 
> declared in all the feature-models applicable to feature-aggregate under 
> consideration.
> Upon repository initialization, it applies all the {{create path}} 
> statements, followed by all the {{set ACL}} statements. However, the order in 
> which {{set ACL}} statements declared across feature models are applied isn't 
> defined (currently, it seems to be based on feature-model-name, 
> alphabetically ascending).
> This causes issues at times because we want the order of the ACEs to be 
> maintained (e.g., "deny"s for everyone at a given path must be the first ACE, 
> followed by "allow"s for specific, non-system-user principals)
> Repoinit should be able to support this requirement.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to