[
https://issues.apache.org/jira/browse/SLING-5355?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15083209#comment-15083209
]
Rob Ryan commented on SLING-5355:
---------------------------------
Anyone who can change a config can make any or all users 'admin' anyway... Oak
has an OSGI configuration listing which users are admin.
> Create service users and ACLs from the provisioning model
> ---------------------------------------------------------
>
> Key: SLING-5355
> URL: https://issues.apache.org/jira/browse/SLING-5355
> Project: Sling
> Issue Type: New Feature
> Components: Service User Mapper
> Reporter: Bertrand Delacretaz
> Assignee: Bertrand Delacretaz
>
> As discussed in the "Removing loginAdministrative, how to test that, and
> service username conventions" thread on our dev list [1] we need to be able
> to create service users and set the corresponding ACLs from our provisioning
> model.
> This should be implemented using distinct utility classes, one for the users
> and one for the ACLs, that take simple mini-languages as input. This will
> allow for reusing these utilities in test code for example.
> I have made a suggestion for those mini languages in that thread, will copy
> them here once we agree.
> [1] http://markmail.org/message/kcvuhwfdald2dyuz
> *Edit: additional contraints*
> * Waiting for content paths: not all ACLs can be applied immediately when the
> SlingRepository service starts: for this we'd need to create paths that don't
> exist yet, and the nodetypes of those paths might not have been defined yet,
> as any bundle can supply additional node types. This means waiting for the
> path creation to succeed before proceeding, so we might as well wait for the
> paths to be created by content installations
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
