On Monday 07 November 2016 10:05:18 Oliver Lietz wrote: > On Monday 07 November 2016 07:58:33 Carsten Ziegeler wrote: > > Roy Teeuwen wrote > > Hi Roy, > > > > Hey Carsten,
...and good morning, Carsten! O. > > > Thanks for the info, I will definitely follow up on the progress of what > > > you are making then :). > > > > > > One remark though, you say it's not the task of the bundle developer to > > > create the user and assigning the rights. I can follow in this, but this > > > also means that the potential users of the bundle you create has to know > > > exactly the name of the service user and the rights required for the > > > bundle to work. > > which service user is mapped to the bundle is not important – but it has to > be a service user with sufficient permissions. > To ensure a user mapping is present for your component before getting > activated use ServiceUserMapped[1]. > > Which permissions (JCR ACLs) are required by a bundle should be documented > in the module's README but for now you have to look at provisioning model > in launchpad/builder. > > > > Is there going to be some sort of mechanism (like the > > > require-capability header) to tell the users of the bundle what the > > > needed user and rights are? Maybe even a webconsole plugin showing which > > > bundles aren't satisfied > > > > That's indeed a good point, so far we don't have any mechanism here. > > Defining the requirement is easy and we could add an entry to the > > manifest of a bundle if the bundle requires a service user including the > > sub module names. > > > > The problematic part is providing the capability as these can't be > > dynamically created and added to a module at runtime. For example, it > > would not be possible that the Oak implementation bundle adds the > > provide capabilities entries based on the available service users. > > > > I think the only option we have is using OSGi services as these are > > dynamic and requirements can be easily expressed through services. I > > don't have any good idea on how to do this with service users, but I > > should definitely be possible and I agree that we should provide > > something like this. > > We would have to observe the repository for all system users' ACLs and > provide both as capabilities (or services) – is it worth the effort? > > Regards, > O. > > [1] > https://sling.apache.org/apidocs/sling8/org/apache/sling/serviceusermapping/ > ServiceUserMapped.html > > Regards > > > > Carsten
