[
https://issues.apache.org/jira/browse/SLING-9556?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17172258#comment-17172258
]
Bertrand Delacretaz commented on SLING-9556:
--------------------------------------------
bq. what about just checking current resolver can read a configured path in the
repository?
I like this idea, I think we discussed it already in other similar cases but
don't remember if we ended up using it.
I like it because it allows using existing access control tools for setup,
validation etc. instead of inventing new mechanisms.
If you decide to use this I would suggest creating a (simple) standard, maybe
just define that such "permission resources" have paths like
{{/system/sling/permissions/sling/pipes/execution/http}}.
On the other hand I agree that if pipes are executed with the identity of the
incoming POST request, there's no privilege escalation so an additional
permission might not be required.
> add pipes execution through a simple text POST
> ----------------------------------------------
>
> Key: SLING-9556
> URL: https://issues.apache.org/jira/browse/SLING-9556
> Project: Sling
> Issue Type: Improvement
> Components: Extensions
> Affects Versions: Pipes 4.0.0
> Reporter: Nicolas Peltier
> Assignee: Nicolas Peltier
> Priority: Major
> Fix For: Pipes 4.0.0
>
>
> problem with configuration of most pipes is JCR serialization is difficult to
> read/maintain (basic XML maintenance issue).
> Since it can be executed through gogo commands, the pipe could also simply be
> some piped command in a text file that would be posted to the plumber, using
> same pipebuilder functionality (see
> https://github.com/apache/sling-org-apache-sling-pipes/blob/master/src/main/java/org/apache/sling/pipes/internal/GogoCommands.java#L81)
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
