[jira] [Commented] (SLING-6422) Allow for specifying oak restrictions with repoinit

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[jira] [Commented] (SLING-6422) Allow for specifying oak restrictions with repoinit

JIRA jira@apache.org

    [ https://issues.apache.org/jira/browse/SLING-6422?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16046950#comment-16046950 ]

Nitin Nizhawan commented on SLING-6422:
---------------------------------------

Hi [~bdelacretaz] That is an interesting point. IIUC, you mean that match should unordered like that for privileges. I could not find "unorderedness" of values in documentation and assumed them to be ordered since everywhere API is using an array to store these values.
So, current method implementation assumes that values are "ordered" but not sorted i.e. order of values is meaningful and preserved by underlying layer. You are correct that for OOTB restrictions like rep:ntNames and rep:itemNames the order of values does not matter. But we have written some custom restriction providers (based on same assumption) for which order of values does matter, so, if I make the match unordered (by either sorting or using a set) the those restriction providers would break. TBH, now even I am not too sure if orderedness assumption is valid.

CC: [~anchela]

> Allow for specifying oak restrictions with repoinit
> ---------------------------------------------------
>
>                 Key: SLING-6422
>                 URL: https://issues.apache.org/jira/browse/SLING-6422
>             Project: Sling
>          Issue Type: New Feature
>          Components: Repoinit
>            Reporter: Nitin Nizhawan
>         Attachments: SLING6422ApplyRestrictionsV2.patch, SLING6422ApplyRestrictionsV3.patch, SLING6422_interpretparsedrestrictionclause.patch, SLING-6422.patch
>
>
> Allow for specifying oak restrictions with repoinit. Currently repoinit allows one to ADD remove ACLs but there is no way to specify oak restrictions.
> http://jackrabbit.apache.org/oak/docs/security/authorization/restriction.html



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
Loading...