[SLING-9953] ACEs on/below user nodes are ignored upon conversion - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Critical
Resolution: Fixed
Affects Version/s: None
Fix Version/s: Content-Package to Feature Model Converter 1.1.0
Component/s: Content-Package to Feature Model Converter
Labels:
None

Description

I had a look at the cp-feature-model-converter in the light of ~~SLING-9692~~ and found a surprising comment pointing to ~~SLING-8561~~:

// clean the unneeded ACLs, see SLING-8561

code here:
https://github.com/apache/sling-org-apache-sling-feature-cpconverter/blob/master/src/main/java/org/apache/sling/feature/cpconverter/acl/DefaultAclManager.java#L146-L153

what it does in fact is omit any kind of permission setup that is defined for the service users home node. that's quite a serious bug IMHO.... and on top of that unnecessary because Sling repo-init allows to define those kind of ACEs using the home(userid) notation (see https://sling.apache.org/documentation/bundles/repository-initialization.html)

and btw: what does unneeded ACLs mean? they are for sure not 'unneeded' and omitting them will essentially result in an invalid permission setup (and thus break the feature using the service login).

cc: cziegeler, karlpauls, dsuess

Attachments

Issue Links

blocks

SLING-9692 Add support for principal-based access control entries

Closed

is blocked by

SLING-9959 SystemUser.getPath must reveal the path of the original user node

Closed

SLING-9966 Update dependency to org.apache.sling.repoinit.parser

Closed

links to

GitHub Pull Request #51

GitHub Pull Request #55

Activity

People

Assignee:: Karl Pauls

Reporter:: Angela Schreiber

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 01/Dec/20 10:24

Updated:: 17/May/21 11:38

Resolved:: 14/Jan/21 17:31