[jira] [Created] (SLING-9542) Unable to use junit categories with sling junit core
Nitin Nizhawan created SLING-9542: - Summary: Unable to use junit categories with sling junit core Key: SLING-9542 URL: https://issues.apache.org/jira/browse/SLING-9542 Project: Sling Issue Type: Bug Components: JUnit Core Reporter: Nitin Nizhawan Sling Junit core embeds JUnit and exports JUnit packages. These junit packages are imported by test case bundles created by teleporter. If however, test cases use junit categories to filter tests then such tests to not work. This is because sling junit core exports only some junit package. Specifically, it does not export org.junit.experimental.categories and org.junit.validator -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Created] (SLING-8111) API to enable tracer configuration
Nitin Nizhawan created SLING-8111: - Summary: API to enable tracer configuration Key: SLING-8111 URL: https://issues.apache.org/jira/browse/SLING-8111 Project: Sling Issue Type: Improvement Components: Tooling Reporter: Nitin Nizhawan Sling Tracers allows enabling loggers using request parameters. But these configs can only be specified for request thread. In cases where a thread is not associated with request it cannot be done currently and requires addition of new API -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SLING-8111) API to enable tracer configuration
[ https://issues.apache.org/jira/browse/SLING-8111?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nitin Nizhawan updated SLING-8111: -- Description: Sling Tracers allows enabling loggers using request parameters. But these configs can only be specified for request thread. In cases where a thread is not associated with request it cannot be done currently and requires addition of new API CC: [~chetanm] was: Sling Tracers allows enabling loggers using request parameters. But these configs can only be specified for request thread. In cases where a thread is not associated with request it cannot be done currently and requires addition of new API > API to enable tracer configuration > --- > > Key: SLING-8111 > URL: https://issues.apache.org/jira/browse/SLING-8111 > Project: Sling > Issue Type: Improvement > Components: Tooling >Affects Versions: Log Tracer 1.0.8 > Reporter: Nitin Nizhawan >Priority: Major > > Sling Tracers allows enabling loggers using request parameters. But these > configs can only be specified for request thread. In cases where a thread is > not associated with request it cannot be done currently and requires addition > of new API > > CC: [~chetanm] > -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SLING-8111) API to enable tracer configuration
[ https://issues.apache.org/jira/browse/SLING-8111?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nitin Nizhawan updated SLING-8111: -- Affects Version/s: Log Tracer 1.0.8 > API to enable tracer configuration > --- > > Key: SLING-8111 > URL: https://issues.apache.org/jira/browse/SLING-8111 > Project: Sling > Issue Type: Improvement > Components: Tooling >Affects Versions: Log Tracer 1.0.8 > Reporter: Nitin Nizhawan >Priority: Major > > Sling Tracers allows enabling loggers using request parameters. But these > configs can only be specified for request thread. In cases where a thread is > not associated with request it cannot be done currently and requires addition > of new API > -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Created] (SLING-7455) Provide a way to restrict access to servlets and scripts (jsp/ecma etc.)
Nitin Nizhawan created SLING-7455: - Summary: Provide a way to restrict access to servlets and scripts (jsp/ecma etc.) Key: SLING-7455 URL: https://issues.apache.org/jira/browse/SLING-7455 Project: Sling Issue Type: New Feature Components: Resource Access Security, Servlets Affects Versions: Servlets Resolver 2.4.22 Reporter: Nitin Nizhawan *Issue* Most of the web servers provide a way to restrict access to urls based on roles/groups of users. Also, since mapping of urls and scripts (servlets/jsp) is internal and end user cannot define this mapping, this method effectively restricts access to scripts (servlets/jsp). On the other hand, sling restricts access to end point using ACLs setup of content nodes having sling:resourceType property set in the repository. i.e. nodes which have "sling:resourceType" set can be used to invoke script identified by value of "sling:resourceType" property by a user only if she also has read permission on the node But as we know that mapping of paths and scripts(servlets/jsp) is done via "sling:resourceType" property and since this property can written by end users having write access to the repository using SlingPostServlet or possibly other tools. Which means that any user having read/write access to any part of repository can invoke, any servlet or script by creating a node with sling:resourceType property with its value set to resourceType of desired script/servlet. Although, the scripts which make use of current user session are not particularly affected by this since permission checks would be done by repository layer once this scripts access/modify content using this session. But many scripts which either use service user (thus un-linking repository permission check from current users session) or scripts which may have nothing to do with repository such as contacting an external service, crypto, filesystem access, launching processes etc. have no way to restrict access other than manually checking in code for session permissions etc.) *Expected* A declarative method to restrict access to scripts (servlet/jsp). -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (SLING-6423) Allow for specifying ACL merge mode (ACHandling) in repoinit
[ https://issues.apache.org/jira/browse/SLING-6423?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16137720#comment-16137720 ] Nitin Nizhawan commented on SLING-6423: --- [~cziegeler] This is only partially implemented. The parsing logic was committed but actual merging is not in place. CC: [~bdelacretaz] > Allow for specifying ACL merge mode (ACHandling) in repoinit > > > Key: SLING-6423 > URL: https://issues.apache.org/jira/browse/SLING-6423 > Project: Sling > Issue Type: New Feature > Components: Repoinit > Reporter: Nitin Nizhawan >Assignee: Bertrand Delacretaz > Fix For: Repoinit Parser 1.1.2 > > Attachments: SLING-6423_parser_changes.patch, > SLING-6423_testcases.patch, SLING_6423_testcasesV2.patch > > > Repoinit by default just add new ACLs if they are not already present. > By contract package manager provides various strategies for ACL merging > Extend repoinit to allow specifying these strategies > https://jackrabbit.apache.org/filevault/apidocs/org/apache/jackrabbit/vault/fs/io/AccessControlHandling.html#MERGE -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (SLING-6422) Allow for specifying oak restrictions with repoinit
[ https://issues.apache.org/jira/browse/SLING-6422?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16047942#comment-16047942 ] Nitin Nizhawan commented on SLING-6422: --- Thanks > Allow for specifying oak restrictions with repoinit > --- > > Key: SLING-6422 > URL: https://issues.apache.org/jira/browse/SLING-6422 > Project: Sling > Issue Type: New Feature > Components: Repoinit > Reporter: Nitin Nizhawan >Assignee: Bertrand Delacretaz > Fix For: Repoinit JCR 1.1.6 > > Attachments: SLING6422ApplyRestrictionsV2.patch, > SLING6422ApplyRestrictionsV3.patch, > SLING6422_interpretparsedrestrictionclause.patch, SLING-6422.patch > > > Allow for specifying oak restrictions with repoinit. Currently repoinit > allows one to ADD remove ACLs but there is no way to specify oak restrictions. > http://jackrabbit.apache.org/oak/docs/security/authorization/restriction.html -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (SLING-6422) Allow for specifying oak restrictions with repoinit
[ https://issues.apache.org/jira/browse/SLING-6422?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16047904#comment-16047904 ] Nitin Nizhawan commented on SLING-6422: --- [~bdelacretaz] Comparison function looks good to me, yes sorting should not be an issue on small arrays. Although, it would have been great if jackrabbit clearly documented ordered ness of the values :-) > Allow for specifying oak restrictions with repoinit > --- > > Key: SLING-6422 > URL: https://issues.apache.org/jira/browse/SLING-6422 > Project: Sling > Issue Type: New Feature > Components: Repoinit > Reporter: Nitin Nizhawan > Attachments: SLING6422ApplyRestrictionsV2.patch, > SLING6422ApplyRestrictionsV3.patch, > SLING6422_interpretparsedrestrictionclause.patch, SLING-6422.patch > > > Allow for specifying oak restrictions with repoinit. Currently repoinit > allows one to ADD remove ACLs but there is no way to specify oak restrictions. > http://jackrabbit.apache.org/oak/docs/security/authorization/restriction.html -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Comment Edited] (SLING-6422) Allow for specifying oak restrictions with repoinit
[
https://issues.apache.org/jira/browse/SLING-6422?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16047529#comment-16047529
]
Nitin Nizhawan edited comment on SLING-6422 at 6/13/17 9:52 AM:
[~bdelacretaz] I further verified that vault package manager also respects
ordering. To verify I specified following aces
{code}
{code}
Since in above case restrictions and principal are same, package manager merged
the privileges as follows
{code}
{code}
Then I tried with order reversed for restriction values as follows
{code}
{code}
In above case package manager did not merge ACEs because I think it also
considers restrictions different. So, I suppose we should also consider
restrictions with different ordering of values different.
Also, the example date based restriction provider at \[0\] assumes ordered
values
WDYT?
\[0\]
http://jackrabbit.apache.org/oak/docs/security/authorization/restriction.html
was (Author: nitin.nizhawan):
[~bdelacretaz] I further verified that vault package manager also respects
ordering. To verify I specified following aces
{code}
{code}
Since in above case restrictions and principal are same, package manager merged
the privileges as follows
{code}
{code}
Then I tried with order reversed for restriction values as follows
{code}
{code}
In above case package manager did not merge ACEs because I think it also
considers restrictions different. So, I suppose we should also consider
restrictions with different ordering of values different. WDYT?
> Allow for specifying oak restrictions with repoinit
> ---
>
> Key: SLING-6422
> URL: https://issues.apache.org/jira/browse/SLING-6422
> Project: Sling
> Issue Type: New Feature
> Components: Repoinit
> Reporter: Nitin Nizhawan
> Attachments: SLING6422ApplyRestrictionsV2.patch,
> SLING6422ApplyRestrictionsV3.patch,
> SLING6422_interpretparsedrestrictionclause.patch, SLING-6422.patch
>
>
> Allow for specifying oak restrictions with repoinit. Currently repoinit
> allows one to ADD remove ACLs but there is no way to specify oak restrictions.
> http://jackrabbit.apache.org/oak/docs/security/authorization/restriction.html
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
[jira] [Commented] (SLING-6422) Allow for specifying oak restrictions with repoinit
[
https://issues.apache.org/jira/browse/SLING-6422?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16047529#comment-16047529
]
Nitin Nizhawan commented on SLING-6422:
---
[~bdelacretaz] I further verified that vault package manager also respects
ordering. To verify I specified following aces
{code}
{code}
Since in above case restrictions and principal are same, package manager merged
the privileges as follows
{code}
{code}
Then I tried with order reversed for restriction values as follows
{code}
{code}
In above case package manager did not merge ACEs because I think it also
considers restrictions different. So, I suppose we should also consider
restrictions with different ordering of values different. WDYT?
> Allow for specifying oak restrictions with repoinit
> ---
>
> Key: SLING-6422
> URL: https://issues.apache.org/jira/browse/SLING-6422
> Project: Sling
> Issue Type: New Feature
> Components: Repoinit
> Reporter: Nitin Nizhawan
> Attachments: SLING6422ApplyRestrictionsV2.patch,
> SLING6422ApplyRestrictionsV3.patch,
> SLING6422_interpretparsedrestrictionclause.patch, SLING-6422.patch
>
>
> Allow for specifying oak restrictions with repoinit. Currently repoinit
> allows one to ADD remove ACLs but there is no way to specify oak restrictions.
> http://jackrabbit.apache.org/oak/docs/security/authorization/restriction.html
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
[jira] [Commented] (SLING-6422) Allow for specifying oak restrictions with repoinit
[ https://issues.apache.org/jira/browse/SLING-6422?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16046950#comment-16046950 ] Nitin Nizhawan commented on SLING-6422: --- Hi [~bdelacretaz] That is an interesting point. IIUC, you mean that match should unordered like that for privileges. I could not find "unorderedness" of values in documentation and assumed them to be ordered since everywhere API is using an array to store these values. So, current method implementation assumes that values are "ordered" but not sorted i.e. order of values is meaningful and preserved by underlying layer. You are correct that for OOTB restrictions like rep:ntNames and rep:itemNames the order of values does not matter. But we have written some custom restriction providers (based on same assumption) for which order of values does matter, so, if I make the match unordered (by either sorting or using a set) the those restriction providers would break. TBH, now even I am not too sure if orderedness assumption is valid. CC: [~anchela] > Allow for specifying oak restrictions with repoinit > --- > > Key: SLING-6422 > URL: https://issues.apache.org/jira/browse/SLING-6422 > Project: Sling > Issue Type: New Feature > Components: Repoinit >Reporter: Nitin Nizhawan > Attachments: SLING6422ApplyRestrictionsV2.patch, > SLING6422ApplyRestrictionsV3.patch, > SLING6422_interpretparsedrestrictionclause.patch, SLING-6422.patch > > > Allow for specifying oak restrictions with repoinit. Currently repoinit > allows one to ADD remove ACLs but there is no way to specify oak restrictions. > http://jackrabbit.apache.org/oak/docs/security/authorization/restriction.html -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (SLING-6422) Allow for specifying oak restrictions with repoinit
[ https://issues.apache.org/jira/browse/SLING-6422?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16046526#comment-16046526 ] Nitin Nizhawan commented on SLING-6422: --- [~anchela] Not an issue. I have raised a fresh PR https://github.com/apache/sling/pull/241 also link to original PR which you had reviewed https://github.com/apache/sling/pull/232 CC: [~bdelacretaz] Thanks Nitin > Allow for specifying oak restrictions with repoinit > --- > > Key: SLING-6422 > URL: https://issues.apache.org/jira/browse/SLING-6422 > Project: Sling > Issue Type: New Feature > Components: Repoinit > Reporter: Nitin Nizhawan > Attachments: SLING6422ApplyRestrictionsV2.patch, > SLING6422ApplyRestrictionsV3.patch, > SLING6422_interpretparsedrestrictionclause.patch, SLING-6422.patch > > > Allow for specifying oak restrictions with repoinit. Currently repoinit > allows one to ADD remove ACLs but there is no way to specify oak restrictions. > http://jackrabbit.apache.org/oak/docs/security/authorization/restriction.html -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[GitHub] sling pull request #241: SLING-6422, Allow for specifying oak restrictions w...
GitHub user nitin-nizhawan opened a pull request: https://github.com/apache/sling/pull/241 SLING-6422, Allow for specifying oak restrictions with repoinit - Interpret parsed restriction clauses from repoinit You can merge this pull request into a Git repository by running: $ git pull https://github.com/nitin-nizhawan/sling nnizhawa/SLING_6422ApplyRestrictionsV3 Alternatively you can review and apply these changes as the patch at: https://github.com/apache/sling/pull/241.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #241 commit 4aa930056d48655995629b9253edd1bd394f7ecb Author: Nitin Nizhawan Date: 2017-05-16T11:01:56Z SLING-6422, Allow for specifying oak restrictions with repoinit - Interpret parsed restriction clauses from repoinit --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[jira] [Commented] (SLING-6422) Allow for specifying oak restrictions with repoinit
[ https://issues.apache.org/jira/browse/SLING-6422?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16046399#comment-16046399 ] Nitin Nizhawan commented on SLING-6422: --- [~bdelacretaz] [~anchela] Updated patch after resolving conflicts with latest code [^SLING6422ApplyRestrictionsV3.patch] . Could you please review and merge. > Allow for specifying oak restrictions with repoinit > --- > > Key: SLING-6422 > URL: https://issues.apache.org/jira/browse/SLING-6422 > Project: Sling > Issue Type: New Feature > Components: Repoinit > Reporter: Nitin Nizhawan > Attachments: SLING6422ApplyRestrictionsV2.patch, > SLING6422ApplyRestrictionsV3.patch, > SLING6422_interpretparsedrestrictionclause.patch, SLING-6422.patch > > > Allow for specifying oak restrictions with repoinit. Currently repoinit > allows one to ADD remove ACLs but there is no way to specify oak restrictions. > http://jackrabbit.apache.org/oak/docs/security/authorization/restriction.html -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (SLING-6422) Allow for specifying oak restrictions with repoinit
[ https://issues.apache.org/jira/browse/SLING-6422?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nitin Nizhawan updated SLING-6422: -- Attachment: SLING6422ApplyRestrictionsV3.patch > Allow for specifying oak restrictions with repoinit > --- > > Key: SLING-6422 > URL: https://issues.apache.org/jira/browse/SLING-6422 > Project: Sling > Issue Type: New Feature > Components: Repoinit > Reporter: Nitin Nizhawan > Attachments: SLING6422ApplyRestrictionsV2.patch, > SLING6422ApplyRestrictionsV3.patch, > SLING6422_interpretparsedrestrictionclause.patch, SLING-6422.patch > > > Allow for specifying oak restrictions with repoinit. Currently repoinit > allows one to ADD remove ACLs but there is no way to specify oak restrictions. > http://jackrabbit.apache.org/oak/docs/security/authorization/restriction.html -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (SLING-6867) Repoinit ACL handler should take aggregate privilege into account
[ https://issues.apache.org/jira/browse/SLING-6867?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16031005#comment-16031005 ] Nitin Nizhawan commented on SLING-6867: --- [~bdelacretaz] [~anchela] Attached patch for taking care of aggregate privileges in contains check. please review and merge. > Repoinit ACL handler should take aggregate privilege into account > - > > Key: SLING-6867 > URL: https://issues.apache.org/jira/browse/SLING-6867 > Project: Sling > Issue Type: Bug > Components: Repoinit >Affects Versions: Repoinit JCR 1.1.4 > Reporter: Nitin Nizhawan > Attachments: SLING_6867.patch > > > Repoinit ACLUtil "contains privileges" method does not take aggregation into > account -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Updated] (SLING-6867) Repoinit ACL handler should take aggregate privilege into account
[ https://issues.apache.org/jira/browse/SLING-6867?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nitin Nizhawan updated SLING-6867: -- Attachment: SLING_6867.patch > Repoinit ACL handler should take aggregate privilege into account > - > > Key: SLING-6867 > URL: https://issues.apache.org/jira/browse/SLING-6867 > Project: Sling > Issue Type: Bug > Components: Repoinit >Affects Versions: Repoinit JCR 1.1.4 > Reporter: Nitin Nizhawan > Attachments: SLING_6867.patch > > > Repoinit ACLUtil "contains privileges" method does not take aggregation into > account -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[GitHub] sling pull request #239: SLING-6867, Repoinit ACL handler should take aggreg...
GitHub user nitin-nizhawan opened a pull request: https://github.com/apache/sling/pull/239 SLING-6867, Repoinit ACL handler should take aggregate privilege into⦠⦠account You can merge this pull request into a Git repository by running: $ git pull https://github.com/nitin-nizhawan/sling nnizhawa/aggregateprivilegehandling2 Alternatively you can review and apply these changes as the patch at: https://github.com/apache/sling/pull/239.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #239 commit 90fca96bc975a6f8d70126f64c04fb0de76756de Author: Nitin Nizhawan Date: 2017-05-31T11:11:01Z SLING-6867, Repoinit ACL handler should take aggregate privilege into account --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[jira] [Comment Edited] (SLING-6422) Allow for specifying oak restrictions with repoinit
[ https://issues.apache.org/jira/browse/SLING-6422?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16018657#comment-16018657 ] Nitin Nizhawan edited comment on SLING-6422 at 5/21/17 12:30 AM: - Uploaded new patch with review comments incorporated [^SLING6422ApplyRestrictionsV2.patch]. CC:[~anchela] [~bdelacretaz] [~chetanm] was (Author: nitin.nizhawan): Uploaded new patch with review comment incorporated [^SLING6422ApplyRestrictionsV2.patch] CC:[~anchela] [~bdelacretaz] [~chetanm] > Allow for specifying oak restrictions with repoinit > --- > > Key: SLING-6422 > URL: https://issues.apache.org/jira/browse/SLING-6422 > Project: Sling > Issue Type: New Feature > Components: Repoinit > Reporter: Nitin Nizhawan > Attachments: SLING6422ApplyRestrictionsV2.patch, > SLING6422_interpretparsedrestrictionclause.patch, SLING-6422.patch > > > Allow for specifying oak restrictions with repoinit. Currently repoinit > allows one to ADD remove ACLs but there is no way to specify oak restrictions. > http://jackrabbit.apache.org/oak/docs/security/authorization/restriction.html -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Updated] (SLING-6422) Allow for specifying oak restrictions with repoinit
[ https://issues.apache.org/jira/browse/SLING-6422?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nitin Nizhawan updated SLING-6422: -- Attachment: SLING6422ApplyRestrictionsV2.patch Uploaded new patch with review comment incorporated [^SLING6422ApplyRestrictionsV2.patch] CC:[~anchela] [~bdelacretaz] [~chetanm] > Allow for specifying oak restrictions with repoinit > --- > > Key: SLING-6422 > URL: https://issues.apache.org/jira/browse/SLING-6422 > Project: Sling > Issue Type: New Feature > Components: Repoinit > Reporter: Nitin Nizhawan > Attachments: SLING6422ApplyRestrictionsV2.patch, > SLING6422_interpretparsedrestrictionclause.patch, SLING-6422.patch > > > Allow for specifying oak restrictions with repoinit. Currently repoinit > allows one to ADD remove ACLs but there is no way to specify oak restrictions. > http://jackrabbit.apache.org/oak/docs/security/authorization/restriction.html -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[GitHub] sling pull request #234: SLING-6422, Allow for specifying oak restrictions w...
GitHub user nitin-nizhawan opened a pull request: https://github.com/apache/sling/pull/234 SLING-6422, Allow for specifying oak restrictions with repoinit - Interpret parsed restriction clauses from repoinit You can merge this pull request into a Git repository by running: $ git pull https://github.com/nitin-nizhawan/sling nnizhawa/SLING_6422ApplyRestrictionsV2 Alternatively you can review and apply these changes as the patch at: https://github.com/apache/sling/pull/234.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #234 commit c63f4420ca526019e473917ddc8f60b780d3f1d7 Author: Nitin Nizhawan Date: 2017-05-16T11:01:56Z SLING-6422, Allow for specifying oak restrictions with repoinit - Interpret parsed restriction clauses from repoinit --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] sling pull request #232: SLING-6422, Allow for specifying oak restrictions w...
Github user nitin-nizhawan closed the pull request at: https://github.com/apache/sling/pull/232 --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[jira] [Created] (SLING-6867) Repoinit ACL handler should take aggregate privilege into account
Nitin Nizhawan created SLING-6867: - Summary: Repoinit ACL handler should take aggregate privilege into account Key: SLING-6867 URL: https://issues.apache.org/jira/browse/SLING-6867 Project: Sling Issue Type: Bug Components: Repoinit Affects Versions: Repoinit JCR 1.1.4 Reporter: Nitin Nizhawan Repoinit ACLUtil "contains privileges" method does not take aggregation into account -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Commented] (SLING-6422) Allow for specifying oak restrictions with repoinit
[ https://issues.apache.org/jira/browse/SLING-6422?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16017326#comment-16017326 ] Nitin Nizhawan commented on SLING-6422: --- [~anchela] Thanks for your review. For some reason I am unable to see any comment at https://github.com/apache/sling/pull/232 Probably I am looking at wrong place, could please check if this is where you have added comments. CC: [~bdelacretaz] [~chetanm] Thanks Nitin > Allow for specifying oak restrictions with repoinit > --- > > Key: SLING-6422 > URL: https://issues.apache.org/jira/browse/SLING-6422 > Project: Sling > Issue Type: New Feature > Components: Repoinit > Reporter: Nitin Nizhawan > Attachments: SLING6422_interpretparsedrestrictionclause.patch, > SLING-6422.patch > > > Allow for specifying oak restrictions with repoinit. Currently repoinit > allows one to ADD remove ACLs but there is no way to specify oak restrictions. > http://jackrabbit.apache.org/oak/docs/security/authorization/restriction.html -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Comment Edited] (SLING-6422) Allow for specifying oak restrictions with repoinit
[ https://issues.apache.org/jira/browse/SLING-6422?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16016082#comment-16016082 ] Nitin Nizhawan edited comment on SLING-6422 at 5/18/17 5:05 PM: Also tagging [~anchela] and [~chetanm] for review [^SLING6422_interpretparsedrestrictionclause.patch] CC: [~bdelacretaz] was (Author: nitin.nizhawan): Also tagging [~anchela] and [~chetanm] for review CC: [~bdelacretaz] > Allow for specifying oak restrictions with repoinit > --- > > Key: SLING-6422 > URL: https://issues.apache.org/jira/browse/SLING-6422 > Project: Sling > Issue Type: New Feature > Components: Repoinit > Reporter: Nitin Nizhawan > Attachments: SLING6422_interpretparsedrestrictionclause.patch, > SLING-6422.patch > > > Allow for specifying oak restrictions with repoinit. Currently repoinit > allows one to ADD remove ACLs but there is no way to specify oak restrictions. > http://jackrabbit.apache.org/oak/docs/security/authorization/restriction.html -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Commented] (SLING-6422) Allow for specifying oak restrictions with repoinit
[ https://issues.apache.org/jira/browse/SLING-6422?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16016082#comment-16016082 ] Nitin Nizhawan commented on SLING-6422: --- Also tagging [~anchela] and [~chetanm] for review CC: [~bdelacretaz] > Allow for specifying oak restrictions with repoinit > --- > > Key: SLING-6422 > URL: https://issues.apache.org/jira/browse/SLING-6422 > Project: Sling > Issue Type: New Feature > Components: Repoinit > Reporter: Nitin Nizhawan > Attachments: SLING6422_interpretparsedrestrictionclause.patch, > SLING-6422.patch > > > Allow for specifying oak restrictions with repoinit. Currently repoinit > allows one to ADD remove ACLs but there is no way to specify oak restrictions. > http://jackrabbit.apache.org/oak/docs/security/authorization/restriction.html -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[jira] [Updated] (SLING-6422) Allow for specifying oak restrictions with repoinit
[ https://issues.apache.org/jira/browse/SLING-6422?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nitin Nizhawan updated SLING-6422: -- Attachment: SLING6422_interpretparsedrestrictionclause.patch [~bdelacretaz] Attaching patch with changes for interpreting parsed restriction clauses from repoinit. Please review and merge these Also, request you to release repoinit parser, currently patch points to SNAPSHOT version of the parser since release version does not have the parser changes so needs to be release first. Thanks Nitin > Allow for specifying oak restrictions with repoinit > --- > > Key: SLING-6422 > URL: https://issues.apache.org/jira/browse/SLING-6422 > Project: Sling > Issue Type: New Feature > Components: Repoinit > Reporter: Nitin Nizhawan > Attachments: SLING6422_interpretparsedrestrictionclause.patch, > SLING-6422.patch > > > Allow for specifying oak restrictions with repoinit. Currently repoinit > allows one to ADD remove ACLs but there is no way to specify oak restrictions. > http://jackrabbit.apache.org/oak/docs/security/authorization/restriction.html -- This message was sent by Atlassian JIRA (v6.3.15#6346)
[GitHub] sling pull request #232: SLING-6422, Allow for specifying oak restrictions w...
GitHub user nitin-nizhawan opened a pull request: https://github.com/apache/sling/pull/232 SLING-6422, Allow for specifying oak restrictions with repoinit - Interpret parsed restriction clauses from repoinit parser You can merge this pull request into a Git repository by running: $ git pull https://github.com/nitin-nizhawan/sling nnizhawa/SLING_6422InterpretRestrictionClause Alternatively you can review and apply these changes as the patch at: https://github.com/apache/sling/pull/232.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #232 commit 30894d2cd153e54c899ebd8a086d450424eaf759 Author: Nitin Nizhawan Date: 2017-05-16T11:01:56Z SLING-6422, Allow for specifying oak restrictions with repoinit - Interpret parsed restriction clauses from repoinit --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[jira] [Comment Edited] (SLING-6423) Allow for specifying ACL merge mode (ACHandling) in repoinit
[ https://issues.apache.org/jira/browse/SLING-6423?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15821973#comment-15821973 ] Nitin Nizhawan edited comment on SLING-6423 at 1/14/17 5:58 AM: [~bdelacretaz] Attached patch SLING-6423_parser_changes.patch to support ACLOptions syntax in parser. Could you please review was (Author: nitin.nizhawan): [~bdelacretaz] Attached patch to support ACLOptions syntax in parser. Could you please review > Allow for specifying ACL merge mode (ACHandling) in repoinit > > > Key: SLING-6423 > URL: https://issues.apache.org/jira/browse/SLING-6423 > Project: Sling > Issue Type: New Feature > Components: Repoinit > Reporter: Nitin Nizhawan > Attachments: SLING-6423_parser_changes.patch, > SLING-6423_testcases.patch, SLING_6423_testcasesV2.patch > > > Repoinit by default just add new ACLs if they are not already present. > By contract package manager provides various strategies for ACL merging > Extend repoinit to allow specifying these strategies > https://jackrabbit.apache.org/filevault/apidocs/org/apache/jackrabbit/vault/fs/io/AccessControlHandling.html#MERGE -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Comment Edited] (SLING-6423) Allow for specifying ACL merge mode (ACHandling) in repoinit
[ https://issues.apache.org/jira/browse/SLING-6423?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15821973#comment-15821973 ] Nitin Nizhawan edited comment on SLING-6423 at 1/14/17 5:58 AM: [~bdelacretaz] Attached patch SLING\-6423_parser_changes.patch to support ACLOptions syntax in parser. Could you please review was (Author: nitin.nizhawan): [~bdelacretaz] Attached patch SLING-6423_parser_changes.patch to support ACLOptions syntax in parser. Could you please review > Allow for specifying ACL merge mode (ACHandling) in repoinit > > > Key: SLING-6423 > URL: https://issues.apache.org/jira/browse/SLING-6423 > Project: Sling > Issue Type: New Feature > Components: Repoinit > Reporter: Nitin Nizhawan > Attachments: SLING-6423_parser_changes.patch, > SLING-6423_testcases.patch, SLING_6423_testcasesV2.patch > > > Repoinit by default just add new ACLs if they are not already present. > By contract package manager provides various strategies for ACL merging > Extend repoinit to allow specifying these strategies > https://jackrabbit.apache.org/filevault/apidocs/org/apache/jackrabbit/vault/fs/io/AccessControlHandling.html#MERGE -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (SLING-6423) Allow for specifying ACL merge mode (ACHandling) in repoinit
[
https://issues.apache.org/jira/browse/SLING-6423?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nitin Nizhawan updated SLING-6423:
--
Attachment: SLING_6423_testcasesV2.patch
patch SLING_6423_testcasesV2.patch containing updated test cases as per
{{(ACLOptions=merge)}} syntax
> Allow for specifying ACL merge mode (ACHandling) in repoinit
>
>
> Key: SLING-6423
> URL: https://issues.apache.org/jira/browse/SLING-6423
> Project: Sling
> Issue Type: New Feature
> Components: Repoinit
> Reporter: Nitin Nizhawan
> Attachments: SLING-6423_parser_changes.patch,
> SLING-6423_testcases.patch, SLING_6423_testcasesV2.patch
>
>
> Repoinit by default just add new ACLs if they are not already present.
> By contract package manager provides various strategies for ACL merging
> Extend repoinit to allow specifying these strategies
> https://jackrabbit.apache.org/filevault/apidocs/org/apache/jackrabbit/vault/fs/io/AccessControlHandling.html#MERGE
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (SLING-6423) Allow for specifying ACL merge mode (ACHandling) in repoinit
[ https://issues.apache.org/jira/browse/SLING-6423?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nitin Nizhawan updated SLING-6423: -- Attachment: SLING-6423_parser_changes.patch [~bdelacretaz] Attached patch to support ACLOptions syntax in parser. Could you please review > Allow for specifying ACL merge mode (ACHandling) in repoinit > > > Key: SLING-6423 > URL: https://issues.apache.org/jira/browse/SLING-6423 > Project: Sling > Issue Type: New Feature > Components: Repoinit > Reporter: Nitin Nizhawan > Attachments: SLING-6423_parser_changes.patch, > SLING-6423_testcases.patch > > > Repoinit by default just add new ACLs if they are not already present. > By contract package manager provides various strategies for ACL merging > Extend repoinit to allow specifying these strategies > https://jackrabbit.apache.org/filevault/apidocs/org/apache/jackrabbit/vault/fs/io/AccessControlHandling.html#MERGE -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (SLING-6423) Allow for specifying ACL merge mode (ACHandling) in repoinit
[
https://issues.apache.org/jira/browse/SLING-6423?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15818567#comment-15818567
]
Nitin Nizhawan commented on SLING-6423:
---
Yes, {{(ACLOptions=merge)}} syntax looks good to me for our use case.
I earlier thought that block would be required but looking at it again since
we can define multiple ACEs within one set ACL statement, it seems unnecessary.
> Allow for specifying ACL merge mode (ACHandling) in repoinit
>
>
> Key: SLING-6423
> URL: https://issues.apache.org/jira/browse/SLING-6423
> Project: Sling
> Issue Type: New Feature
> Components: Repoinit
> Reporter: Nitin Nizhawan
> Attachments: SLING-6423_testcases.patch
>
>
> Repoinit by default just add new ACLs if they are not already present.
> By contract package manager provides various strategies for ACL merging
> Extend repoinit to allow specifying these strategies
> https://jackrabbit.apache.org/filevault/apidocs/org/apache/jackrabbit/vault/fs/io/AccessControlHandling.html#MERGE
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (SLING-6422) Allow for specifying oak restrictions with repoinit
[ https://issues.apache.org/jira/browse/SLING-6422?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nitin Nizhawan updated SLING-6422: -- Attachment: SLING-6422.patch [~bdelacretaz] Attached patch for supporting restriction clause in repoinit as mentioned. Currently, it does not accept explicit type information but we can add that incrementally i.e. type hint can be optional. Please review and merge > Allow for specifying oak restrictions with repoinit > --- > > Key: SLING-6422 > URL: https://issues.apache.org/jira/browse/SLING-6422 > Project: Sling > Issue Type: New Feature > Components: Repoinit > Reporter: Nitin Nizhawan > Attachments: SLING-6422.patch > > > Allow for specifying oak restrictions with repoinit. Currently repoinit > allows one to ADD remove ACLs but there is no way to specify oak restrictions. > http://jackrabbit.apache.org/oak/docs/security/authorization/restriction.html -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[GitHub] sling pull request #195: SLING-6422, Allow for specifying oak restrictions w...
GitHub user nitin-nizhawan opened a pull request: https://github.com/apache/sling/pull/195 SLING-6422, Allow for specifying oak restrictions with repoinit - Add support for restriction clause in parser - example acl with restriction spec - set ACL on /libs deny jcr:modifyProperties for user2 restriction(rep:itemNames,prop1,prop2) end - set ACL for user1,u2 allow jcr:addChildNodes on /apps,/content restriction(rep:glob,/cat/*,*/cat,*cat/*) end You can merge this pull request into a Git repository by running: $ git pull https://github.com/nitin-nizhawan/sling nitin-nizhawan/restrictionsV3 Alternatively you can review and apply these changes as the patch at: https://github.com/apache/sling/pull/195.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #195 commit d7ea9e1a33a34a170da427fa2638dfe813cafb75 Author: Nitin Nizhawan Date: 2017-01-05T14:00:26Z SLING-6422, Allow for specifying oak restrictions with repoinit - Add support for restriction clause in parser - example acl with restriction spec - set ACL on /libs deny jcr:modifyProperties for user2 restriction(rep:itemNames,prop1,prop2) end - set ACL for user1,u2 allow jcr:addChildNodes on /apps,/content restriction(rep:glob,/cat/*,*/cat,*cat/*) end --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[jira] [Updated] (SLING-6423) Allow for specifying ACL merge mode (ACHandling) in repoinit
[ https://issues.apache.org/jira/browse/SLING-6423?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nitin Nizhawan updated SLING-6423: -- Attachment: SLING-6423_testcases.patch patch containing test cases for merge and merge_preserve mode > Allow for specifying ACL merge mode (ACHandling) in repoinit > > > Key: SLING-6423 > URL: https://issues.apache.org/jira/browse/SLING-6423 > Project: Sling > Issue Type: New Feature > Components: Repoinit > Reporter: Nitin Nizhawan > Attachments: SLING-6423_testcases.patch > > > Repoinit by default just add new ACLs if they are not already present. > By contract package manager provides various strategies for ACL merging > Extend repoinit to allow specifying these strategies > https://jackrabbit.apache.org/filevault/apidocs/org/apache/jackrabbit/vault/fs/io/AccessControlHandling.html#MERGE -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[GitHub] sling pull request #194: SLING-6423, Allow for specifying ACL merge mode (AC...
GitHub user nitin-nizhawan opened a pull request: https://github.com/apache/sling/pull/194 SLING-6423, Allow for specifying ACL merge mode (ACHandling) in repoinit - test cases for merge and merge_preserve mode You can merge this pull request into a Git repository by running: $ git pull https://github.com/nitin-nizhawan/sling nitin-nizhawan/SLING-6423 Alternatively you can review and apply these changes as the patch at: https://github.com/apache/sling/pull/194.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #194 commit 13837f09942f692a0c6d003d4fea9c48e522475a Author: Nitin Nizhawan Date: 2017-01-03T10:48:08Z SLING-6423, Allow for specifying ACL merge mode (ACHandling) in repoinit - test cases for merge and merge_preserve mode --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[jira] [Comment Edited] (SLING-6423) Allow for specifying ACL merge mode (ACHandling) in repoinit
[
https://issues.apache.org/jira/browse/SLING-6423?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15768903#comment-15768903
]
Nitin Nizhawan edited comment on SLING-6423 at 1/2/17 11:23 AM:
It seems current repoinit implementation just adds ACEs to ACLs if those ACEs
didn't already exist. Whereas behaviour of merge and merge_preserve is based on
principals \[0\]. For example given existing ACLs as
{code}
ALLOW bob rep:write
ALLOW alice jcr:read
{code}
New ACL
{code}
ALLOW bob rep:write
ALLOW bob crx:replicate
ALLOW alice jcr:read
{code}
When merged will have following resutls
1. Using repoinit
{code}
ALLOW bob rep:write
ALLOW alice jcr:read
ALLOW bob crx:replicate
{code}
2. Using merge ACHandling
{code}
ALLOW bob rep:write,crx:replicate
ALLOW alice jcr:read
{code}
3. Using merge_preserve ACHandling
{code}
ALLOW bob rep:write
ALLOW alice jcr:read
{code}
\[0\]
https://github.com/apache/jackrabbit-filevault/blob/4528e3ebb851377e37f46fc7cac411d12520ace6/vault-core/src/main/java/org/apache/jackrabbit/vault/fs/impl/io/JackrabbitACLImporter.java#L277
Thanks
Nitin
was (Author: nitin.nizhawan):
It seems current repoinit implementation just adds ACEs to ACLs if those ACEs
didn't already exist. Whereas behaviour of merge and merge_preserve is based on
principals \[0\]. For example given existing ACLs as
{code}
ALLOW bob rep:write
ALLOW alice jcr:read
{code}
New ACL
{code}
ALLOW bob rep:write
ALLOW bob crx:replicate
ALLOW alice jcr:read
{code}
When merged will have following resutls
1. Using repoinit
{code}
ALLOW bob rep:write
ALLOW alice jcr:read
ALLOW bob crx:replicate
{code}
2. Using merge ACHandling
{code}
ALLOW bob rep:write
ALLOW bob crx:replicate
ALLOW alice jcr:read
{code}
3. Using merge_preserve ACHandling
{code}
ALLOW bob rep:write
ALLOW alice jcr:read
{code}
\[0\]
https://github.com/apache/jackrabbit-filevault/blob/4528e3ebb851377e37f46fc7cac411d12520ace6/vault-core/src/main/java/org/apache/jackrabbit/vault/fs/impl/io/JackrabbitACLImporter.java#L277
Thanks
Nitin
> Allow for specifying ACL merge mode (ACHandling) in repoinit
>
>
> Key: SLING-6423
> URL: https://issues.apache.org/jira/browse/SLING-6423
> Project: Sling
> Issue Type: New Feature
> Components: Repoinit
>Reporter: Nitin Nizhawan
>
> Repoinit by default just add new ACLs if they are not already present.
> By contract package manager provides various strategies for ACL merging
> Extend repoinit to allow specifying these strategies
> https://jackrabbit.apache.org/filevault/apidocs/org/apache/jackrabbit/vault/fs/io/AccessControlHandling.html#MERGE
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Comment Edited] (SLING-6423) Allow for specifying ACL merge mode (ACHandling) in repoinit
[
https://issues.apache.org/jira/browse/SLING-6423?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15768903#comment-15768903
]
Nitin Nizhawan edited comment on SLING-6423 at 1/2/17 10:01 AM:
It seems current repoinit implementation just adds ACEs to ACLs if those ACEs
didn't already exist. Whereas behaviour of merge and merge_preserve is based on
principals \[0\]. For example given existing ACLs as
{code}
ALLOW bob rep:write
ALLOW alice jcr:read
{code}
New ACL
{code}
ALLOW bob rep:write
ALLOW bob crx:replicate
ALLOW alice jcr:read
{code}
When merged will have following resutls
1. Using repoinit
{code}
ALLOW bob rep:write
ALLOW alice jcr:read
ALLOW bob crx:replicate
{code}
2. Using merge ACHandling
{code}
ALLOW bob rep:write
ALLOW bob crx:replicate
ALLOW alice jcr:read
{code}
3. Using merge_preserve ACHandling
{code}
ALLOW bob rep:write
ALLOW alice jcr:read
{code}
\[0\]
https://github.com/apache/jackrabbit-filevault/blob/4528e3ebb851377e37f46fc7cac411d12520ace6/vault-core/src/main/java/org/apache/jackrabbit/vault/fs/impl/io/JackrabbitACLImporter.java#L277
Thanks
Nitin
was (Author: nitin.nizhawan):
It seems current repoinit implementation just adds ACEs to ACLs if those ACEs
didn't already exist. Whereas behaviour of merge and merge_preserve is based on
principals \[0\]. For example given existing ACLs as
{code}
ALLOW bob rep:write
ALLOW alice jcr:read
{code}
New ACL
{code}
ALLOW bob rep:write
ALLOW bob cq:replicate
ALLOW alice jcr:read
{code}
When merged will have following resutls
1. Using repoinit
{code}
ALLOW bob rep:write
ALLOW alice jcr:read
ALLOW bob cq:replicate
{code}
2. Using merge ACHandling
{code}
ALLOW bob rep:write
ALLOW bob cq:replicate
ALLOW alice jcr:read
{code}
3. Using merge_preserve ACHandling
{code}
ALLOW bob rep:write
ALLOW alice jcr:read
{code}
\[0\]
https://github.com/apache/jackrabbit-filevault/blob/4528e3ebb851377e37f46fc7cac411d12520ace6/vault-core/src/main/java/org/apache/jackrabbit/vault/fs/impl/io/JackrabbitACLImporter.java#L277
Thanks
Nitin
> Allow for specifying ACL merge mode (ACHandling) in repoinit
>
>
> Key: SLING-6423
> URL: https://issues.apache.org/jira/browse/SLING-6423
> Project: Sling
> Issue Type: New Feature
> Components: Repoinit
>Reporter: Nitin Nizhawan
>
> Repoinit by default just add new ACLs if they are not already present.
> By contract package manager provides various strategies for ACL merging
> Extend repoinit to allow specifying these strategies
> https://jackrabbit.apache.org/filevault/apidocs/org/apache/jackrabbit/vault/fs/io/AccessControlHandling.html#MERGE
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (SLING-6423) Allow for specifying ACL merge mode (ACHandling) in repoinit
[
https://issues.apache.org/jira/browse/SLING-6423?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15768903#comment-15768903
]
Nitin Nizhawan commented on SLING-6423:
---
It seems current repoinit implementation just adds ACEs to ACLs if those ACEs
didn't already exist. Whereas behaviour of merge and merge_preserve is based on
principals \[0\]. For example given existing ACLs as
{code}
ALLOW bob rep:write
ALLOW alice jcr:read
{code}
New ACL
{code}
ALLOW bob rep:write
ALLOW bob cq:replicate
ALLOW alice jcr:read
{code}
When merged will have following resutls
1. Using repoinit
{code}
ALLOW bob rep:write
ALLOW alice jcr:read
ALLOW bob cq:replicate
{code}
2. Using merge ACHandling
{code}
ALLOW bob rep:write
ALLOW bob cq:replicate
ALLOW alice jcr:read
{code}
3. Using merge_preserve ACHandling
{code}
ALLOW bob rep:write
ALLOW alice jcr:read
{code}
\[0\]
https://github.com/apache/jackrabbit-filevault/blob/4528e3ebb851377e37f46fc7cac411d12520ace6/vault-core/src/main/java/org/apache/jackrabbit/vault/fs/impl/io/JackrabbitACLImporter.java#L277
Thanks
Nitin
> Allow for specifying ACL merge mode (ACHandling) in repoinit
>
>
> Key: SLING-6423
> URL: https://issues.apache.org/jira/browse/SLING-6423
> Project: Sling
> Issue Type: New Feature
> Components: Repoinit
>Reporter: Nitin Nizhawan
>
> Repoinit by default just add new ACLs if they are not already present.
> By contract package manager provides various strategies for ACL merging
> Extend repoinit to allow specifying these strategies
> https://jackrabbit.apache.org/filevault/apidocs/org/apache/jackrabbit/vault/fs/io/AccessControlHandling.html#MERGE
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Comment Edited] (SLING-6422) Allow for specifying oak restrictions with repoinit
[
https://issues.apache.org/jira/browse/SLING-6422?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15768852#comment-15768852
]
Nitin Nizhawan edited comment on SLING-6422 at 12/22/16 3:02 AM:
-
+1 , in addition to this, do we think that we need to add any type hint or we
can add that later if required? \[0\].
{code}
allow ... restriction{String}(rep:glob, *.jsp, *.txt)
restriction{Name}(rep:ntNames, sling:Folder) restriction{String}(rep:prefixes,
sling)
allow ... restriction{Date}(my:custom, "13:00UTC, 23:59UTC")
allow ... restriction{Decimal}(my:custom2, 1, 2)
allow ... restriction{Name}(rep:ntNames, dam:Asset, nt:unstructured)
allow ... restriction(my:string, "It's \"quoted\"", "second string")
{code}
\[0\]
https://docs.adobe.com/content/docs/en/spec/javax.jcr/javadocs/jcr-2.0/javax/jcr/Value.html?is-external=true
was (Author: nitin.nizhawan):
+1 , in addition to this, do we think that we need to add any type hint or we
can add that later if required? \[0\].
{code}
allow ... restriction{String}(rep:glob, *.jsp, *.txt) restriction(rep:ntNames,
sling:Folder) restriction(rep:prefixes, sling)
allow ... restriction{Date}(my:custom, "13:00UTC, 23:59UTC")
allow ... restriction{Decimal}(my:custom2, 1, 2)
allow ... restriction{Name}(rep:ntNames, dam:Asset, nt:unstructured)
allow ... restriction(my:string, "It's \"quoted\"", "second string")
{code}
\[0\]
https://docs.adobe.com/content/docs/en/spec/javax.jcr/javadocs/jcr-2.0/javax/jcr/Value.html?is-external=true
> Allow for specifying oak restrictions with repoinit
> ---
>
> Key: SLING-6422
> URL: https://issues.apache.org/jira/browse/SLING-6422
> Project: Sling
> Issue Type: New Feature
> Components: Repoinit
>Reporter: Nitin Nizhawan
>
> Allow for specifying oak restrictions with repoinit. Currently repoinit
> allows one to ADD remove ACLs but there is no way to specify oak restrictions.
> http://jackrabbit.apache.org/oak/docs/security/authorization/restriction.html
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (SLING-6422) Allow for specifying oak restrictions with repoinit
[
https://issues.apache.org/jira/browse/SLING-6422?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15768852#comment-15768852
]
Nitin Nizhawan commented on SLING-6422:
---
+1 , in addition to this, do we think that we need to add any type hint or we
can add that later if required? \[0\].
{code}
allow ... restriction{String}(rep:glob, *.jsp, *.txt) restriction(rep:ntNames,
sling:Folder) restriction(rep:prefixes, sling)
allow ... restriction{Date}(my:custom, "13:00UTC, 23:59UTC")
allow ... restriction{Decimal}(my:custom2, 1, 2)
allow ... restriction{Name}(rep:ntNames, dam:Asset, nt:unstructured)
allow ... restriction(my:string, "It's \"quoted\"", "second string")
{code}
\[0\]
https://docs.adobe.com/content/docs/en/spec/javax.jcr/javadocs/jcr-2.0/javax/jcr/Value.html?is-external=true
> Allow for specifying oak restrictions with repoinit
> ---
>
> Key: SLING-6422
> URL: https://issues.apache.org/jira/browse/SLING-6422
> Project: Sling
> Issue Type: New Feature
> Components: Repoinit
>Reporter: Nitin Nizhawan
>
> Allow for specifying oak restrictions with repoinit. Currently repoinit
> allows one to ADD remove ACLs but there is no way to specify oak restrictions.
> http://jackrabbit.apache.org/oak/docs/security/authorization/restriction.html
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Created] (SLING-6423) Allow for specifying ACL merge mode (ACHandling) in repoinit
Nitin Nizhawan created SLING-6423: - Summary: Allow for specifying ACL merge mode (ACHandling) in repoinit Key: SLING-6423 URL: https://issues.apache.org/jira/browse/SLING-6423 Project: Sling Issue Type: New Feature Components: Repoinit Reporter: Nitin Nizhawan Repoinit by default just add new ACLs if they are not already present. By contract package manager provides various strategies for ACL merging Extend repoinit to allow specifying these strategies https://jackrabbit.apache.org/filevault/apidocs/org/apache/jackrabbit/vault/fs/io/AccessControlHandling.html#MERGE -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Created] (SLING-6422) Allow for specifying oak restrictions with repoinit
Nitin Nizhawan created SLING-6422: - Summary: Allow for specifying oak restrictions with repoinit Key: SLING-6422 URL: https://issues.apache.org/jira/browse/SLING-6422 Project: Sling Issue Type: New Feature Components: Repoinit Reporter: Nitin Nizhawan Allow for specifying oak restrictions with repoinit. Currently repoinit allows one to ADD remove ACLs but there is no way to specify oak restrictions. http://jackrabbit.apache.org/oak/docs/security/authorization/restriction.html -- This message was sent by Atlassian JIRA (v6.3.4#6332)
Sling Oak Restrictions bundle
Hi, We have a use case where we need to use resourceType based restrictions as described in [0], but this [1] bundle which implements this is not yet available in maven central. Could someone please release this bundle? Please let me know if I can help in anyway. [0] https://sling.apache.org/documentation/bundles/sling-oak-restrictions.html [1] https://github.com/apache/sling/tree/trunk/contrib/extensions/sling-oak-restrictions Thanks Nitin
[Content Manipulation][SlingPostServlet] Performing Multiple operations using Sling Post Servlet
Hi All,
I have a requirement where I need to remove certain properties of a given
node and also add some new child nodes to the same node, e.g. I need to
transform node as in [1] to [2]. I am planning to use content manipulation
operations of sling post servlet [3].
For adding child nodes, import operation seems to work but for removing
properties it seems I need to use default modify operation with "@Delete"
suffix as the "@Delete" suffix does not work when specified within content JSON
of import operation.
Also, I would not like to touch properties which I do not intend to modify.
E.g. in [1] I would not like to write to prop1 and prop2, so I do not have
option to rewrite entire node.
So, I need to use two post requests to perform this complete transformation.
e.g.
/path/to/node
1. {"prop3@Delete":""}
2. {":operation":"import",
":contentType":"json",":content":"{childnode1:{cp1:'',cp2:''},childnode2:{cp3:'',cp4:''}}",":replace":true}
This seems to work but this does not happen atomically i.e. ajax in #1 may
succeed and #2 may fail, which would lead to an inconsistent node structure for
me. So, is there a way to perform both these operations in one sling post
request?
[1]
+ node
- prop1
- prop2
- prop3
[2]
+ node
- prop1
- prop2
+ childnode1
- cp1
- cp2
+ childnode2
-cp3
-cp4
[3]
https://sling.apache.org/documentation/bundles/manipulating-content-the-slingpostservlet-servlets-post.html
Thanks
Nitin
[jira] [Updated] (SLING-5266) Adding org.mozilla.javascript.ast package in org.apache.sling.scripting.javascript bundle
[ https://issues.apache.org/jira/browse/SLING-5266?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nitin Nizhawan updated SLING-5266: -- Attachment: SLING-5266.patch Attaching patch for exporting org.mozilla.javascript.ast package. We need this package in one of our project. Our project needs to parse javascript source and get its AST using Rhino. Currently Sling Scripting Javascript Support only exports org.mozilla.javascript package which is sufficient for evaluating javascript using Rhino but for getting access to parsed AST we need this additional package. Thanks Nitin > Adding org.mozilla.javascript.ast package in > org.apache.sling.scripting.javascript bundle > --- > > Key: SLING-5266 > URL: https://issues.apache.org/jira/browse/SLING-5266 > Project: Sling > Issue Type: Task > Components: General >Reporter: Mandeep Gandhi >Priority: Critical > Attachments: SLING-5266.patch > > > There is a need of parsing javascript expression. For achieving this, there > is a requirement of adding org.mozilla.javascript.ast package to the existing > bundle (org.apache.sling.scripting.javascript ) and exporting it. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (SLING-3742) Python and Ruby language bundle throw exception with sling scripting console
[ https://issues.apache.org/jira/browse/SLING-3742?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nitin Nizhawan updated SLING-3742: -- Attachment: SLING-3742.patch Patch to check for NPE > Python and Ruby language bundle throw exception with sling scripting console > > > Key: SLING-3742 > URL: https://issues.apache.org/jira/browse/SLING-3742 > Project: Sling > Issue Type: Bug > Components: Console, Extensions > Reporter: Nitin Nizhawan > Attachments: SLING-3742.patch > > > When running Ruby and Python language bundles from contrib/scripting with > sling scripting console I am getting following exception > java.lang.NullPointerException > at > org.apache.sling.scripting.python.PythonScriptEngine.eval(PythonScriptEngine.java:69) > at > org.apache.sling.scripting.core.impl.DefaultSlingScript.call(DefaultSlingScript.java:361) > at > org.apache.sling.scripting.core.impl.DefaultSlingScript.eval(DefaultSlingScript.java:171) > at > org.apache.sling.scripting.console.internal.ScriptConsolePlugin.doPost(ScriptConsolePlugin.java:112) > at > javax.servlet.http.HttpServlet.service(HttpServlet.java:727) > at > javax.servlet.http.HttpServlet.service(HttpServlet.java:820) > at > org.apache.felix.webconsole.internal.servlet.OsgiManager.service(OsgiManager.java:526) > at > org.apache.felix.webconsole.internal.servlet.OsgiManager.service(OsgiManager.java:450) > at > org.apache.felix.http.base.internal.handler.ServletHandler.doHandle(ServletHandler.java:96) > at > org.apache.felix.http.base.internal.handler.ServletHandler.handle(ServletHandler.java:79) > at > org.apache.felix.http.base.internal.dispatch.ServletPipeline.handle(ServletPipeline.java:42) -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Created] (SLING-3742) Python and Ruby language bundle throw exception with sling scripting console
Nitin Nizhawan created SLING-3742: - Summary: Python and Ruby language bundle throw exception with sling scripting console Key: SLING-3742 URL: https://issues.apache.org/jira/browse/SLING-3742 Project: Sling Issue Type: Bug Components: Console, Extensions Reporter: Nitin Nizhawan When running Ruby and Python language bundles from contrib/scripting with sling scripting console I am getting following exception java.lang.NullPointerException at org.apache.sling.scripting.python.PythonScriptEngine.eval(PythonScriptEngine.java:69) at org.apache.sling.scripting.core.impl.DefaultSlingScript.call(DefaultSlingScript.java:361) at org.apache.sling.scripting.core.impl.DefaultSlingScript.eval(DefaultSlingScript.java:171) at org.apache.sling.scripting.console.internal.ScriptConsolePlugin.doPost(ScriptConsolePlugin.java:112) at javax.servlet.http.HttpServlet.service(HttpServlet.java:727) at javax.servlet.http.HttpServlet.service(HttpServlet.java:820) at org.apache.felix.webconsole.internal.servlet.OsgiManager.service(OsgiManager.java:526) at org.apache.felix.webconsole.internal.servlet.OsgiManager.service(OsgiManager.java:450) at org.apache.felix.http.base.internal.handler.ServletHandler.doHandle(ServletHandler.java:96) at org.apache.felix.http.base.internal.handler.ServletHandler.handle(ServletHandler.java:79) at org.apache.felix.http.base.internal.dispatch.ServletPipeline.handle(ServletPipeline.java:42) -- This message was sent by Atlassian JIRA (v6.2#6252)
