[
https://issues.apache.org/jira/browse/SLING-6398?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15750834#comment-15750834
]
Bertrand Delacretaz commented on SLING-6398:
--------------------------------------------
In general I think it would be better for repoinit to describe a desired state
rather the procedural operations on the ACLs, for example "I want user foo to
be able to read /xyz" instead of "Add read ACL on /xyz for user foo".
If you have ideas for getting closer to this declarative behavior let's discuss
them on our dev list.
> Repoinit should not attempt to create access control entries when no changes
> are needed
> ---------------------------------------------------------------------------------------
>
> Key: SLING-6398
> URL: https://issues.apache.org/jira/browse/SLING-6398
> Project: Sling
> Issue Type: Improvement
> Components: Repoinit
> Reporter: Robert Munteanu
> Assignee: Robert Munteanu
> Fix For: Repoinit JCR 1.1.2
>
>
> I have a more complex Sling setup based on the recent Oak multiplexing
> additions.
> The repository is split bewteen
> - /libs and /apps, read-only
> - the rest of the repository, read-write
> When the provisioning model contains ACL definitions, they are processed
> directly without checking if they exist. In turn, Oak updates the
> definitions, even if equivalent ones exist. This causes the repoinit part to
> fail if it refers to ACLs for the read-only part of the repository.
> I would propose that the repoinit statements check if the ACL really needs to
> be replaced or if it can be skipped. This also has the advantage of making it
> symmetric with the checks for service users and paths and also should
> slightly reduce provisioning time.
> [~bdelacretaz] - would that work for you?
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
