[ https://issues.apache.org/jira/browse/SLING-9556?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17172258#comment-17172258 ]
Bertrand Delacretaz commented on SLING-9556: -------------------------------------------- bq. what about just checking current resolver can read a configured path in the repository? I like this idea, I think we discussed it already in other similar cases but don't remember if we ended up using it. I like it because it allows using existing access control tools for setup, validation etc. instead of inventing new mechanisms. If you decide to use this I would suggest creating a (simple) standard, maybe just define that such "permission resources" have paths like {{/system/sling/permissions/sling/pipes/execution/http}}. On the other hand I agree that if pipes are executed with the identity of the incoming POST request, there's no privilege escalation so an additional permission might not be required. > add pipes execution through a simple text POST > ---------------------------------------------- > > Key: SLING-9556 > URL: https://issues.apache.org/jira/browse/SLING-9556 > Project: Sling > Issue Type: Improvement > Components: Extensions > Affects Versions: Pipes 4.0.0 > Reporter: Nicolas Peltier > Assignee: Nicolas Peltier > Priority: Major > Fix For: Pipes 4.0.0 > > > problem with configuration of most pipes is JCR serialization is difficult to > read/maintain (basic XML maintenance issue). > Since it can be executed through gogo commands, the pipe could also simply be > some piped command in a text file that would be posted to the plumber, using > same pipebuilder functionality (see > https://github.com/apache/sling-org-apache-sling-pipes/blob/master/src/main/java/org/apache/sling/pipes/internal/GogoCommands.java#L81) -- This message was sent by Atlassian Jira (v8.3.4#803005)