Details
-
Bug
-
Status: Closed
-
Critical
-
Resolution: Fixed
-
Repoinit Parser 1.6.8
-
None
Description
bdelacretaz, while working on SLING-10274 kpauls noticed that repo-init parser doesn't support aggregated privilege names with namespace prefix.
Looking at the parser I found that the handling of privileges seems to be inconsistent:
1. Register Privileges
the parser defines this as follows:
<REGISTER> ((<ABSTRACT>) {isAbstract = true;})? <PRIVILEGE> (privilege = <STRING> | privilege = <NAMESPACED_ITEM>) (<WITH> aggregates = principalsList())?
-> privilege name can be a STRING or a NAMESPACED_ITEM (that's correct ()
-> aggregates is a principalList??? that's quite odd and obviously not correct.... aggregates can again be a list of STRING and/or NAMESPACED_ITEM ()
2. Using Registered Privileges in AC-lines
line.setProperty(AclLine.PROP_PRIVILEGES is always populated with the result of namespacedItemsList()
-> if my reading is correct that means that only NAMESPACED_ITEM can be used as privilege names, which is not correct because a privilege name can be any valid JCR name, with or without namespace prefix. ()
3. Summary and Suggested Fix
this can easily be illustrated by slightly adjusting the test-*.txt (see attachment).
the fix should IMHO be 2-fold:
- allow aggregated privilege names to be STRING or NAMESPACED_ITEM
- allow privilege names in AC-line to be STRING or NAMESPACED_ITEM in accordance to the register privilege call.
Attachments
Attachments
Issue Links
- links to