[jira] [Assigned] (SLING-10277) Privilege aggregates cannot have namespaced name but AC-Lines require namespaced privilege names

Thu, 27 May 2021 06:58:38 -0700 


     [ 
https://issues.apache.org/jira/browse/SLING-10277?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Bertrand Delacretaz reassigned SLING-10277:
-------------------------------------------

    Assignee: Bertrand Delacretaz

> Privilege aggregates cannot have namespaced name but AC-Lines require 
> namespaced privilege names
> ------------------------------------------------------------------------------------------------
>
>                 Key: SLING-10277
>                 URL: https://issues.apache.org/jira/browse/SLING-10277
>             Project: Sling
>          Issue Type: Bug
>          Components: Repoinit
>            Reporter: Angela Schreiber
>            Assignee: Bertrand Delacretaz
>            Priority: Critical
>         Attachments: SLING-10277.patch
>
>
> [~bdelacretaz], while working on SLING-10274 [~kpauls] noticed that repo-init 
> parser doesn't support aggregated privilege names with namespace prefix.
> Looking at the parser I found that the handling of privileges seems to be 
> inconsistent:
> h3. 1. Register Privileges
> the parser defines this as follows:
> {code}
>     <REGISTER> ((<ABSTRACT>) {isAbstract = true;})? <PRIVILEGE> (privilege = 
> <STRING> | privilege = <NAMESPACED_ITEM>) (<WITH> aggregates = 
> principalsList())?
> {code}
> -> privilege name can be a STRING or a NAMESPACED_ITEM (that's correct ((/))
> -> aggregates is a principalList??? that's quite odd and obviously not 
> correct.... aggregates can again be a list of STRING and/or NAMESPACED_ITEM 
> ((x))
> h3. 2. Using Registered Privileges in AC-lines
> {{line.setProperty(AclLine.PROP_PRIVILEGES}} is always  populated with the 
> result of {{namespacedItemsList()}}
> -> if my reading is correct that means that only NAMESPACED_ITEM can be used 
> as privilege names, which is not correct because a privilege name can be any 
> valid JCR name, with or without namespace prefix. ((x))
> h3. 3. Summary and Suggested Fix
> this can easily be illustrated by slightly adjusting the test-*.txt (see 
> attachment).
> the fix should IMHO be 2-fold:
> - allow aggregated privilege names to be STRING or NAMESPACED_ITEM
> - allow privilege names in AC-line to be STRING or NAMESPACED_ITEM in 
> accordance to the register privilege call.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to