Details
-
Improvement
-
Status: Open
-
Major
-
Resolution: Unresolved
-
None
-
None
-
None
Description
karlpauls, as discussed i would like to suggest to add a bit of additional analysis to the repo-init checks in the feature model analyzer.
the following features in repo-init should IMHO trigger a warning or fail the analyser:
- regular user creation with password
- ac-handling defined with access control setup that is present in the parser but luckily not implemented in the jcr-part (see SLING-6423)
- ac-line with unsupported remove (afaik only the remove * is implemented so far in jcr-repo-init)
- ac-line with deny entry for principal-based setup (throws exception in jcr-repo-init)
- resource-based access control setup with service users (maybe too AEM specific where principal-based-ac-setup should be used for service users)
- minor: duplicate set ACL for principalName statements for the same principal that could be merged into a single set-acl-...-end block