Details
-
Improvement
-
Status: Closed
-
Minor
-
Resolution: Fixed
-
JCR Jackrabbit Access Manager 2.0.4
-
None
Description
ModifyAceServlet and DefaultContentCreator both have a need to merge new privileges for a given principal to an existing resource ACL. Doing so involves some rather complex logic which is easy to get wrong, and in the Sakai 3 project, we found that quite a few service developers needed the same functionality. This patch moves the functionality to a shared utility method to eliminate any tempatations to copy-and-paste (or worse, rewrite incorrectly).
Besides consolidating the logic (and removing it from ModifyAceServlet and DefaultContentCreator), this patch introduces a couple of other changes:
- The ACE merge is more conservative.
SLING-997broke apart specified and existing aggregated privileges and then tried to recombine them into possibly new combinations. This patch instead maintains exactly what the client specified and (when possible) what was already there, but does not create any new aggregates of its own. This better matches Jackrabbit's default behavior, should minimize client surprises, and eliminates a subtle bug: any candidate aggregate privilege needs to be checked for "isAbstract()". - The ModifyAceServlet JavaDoc is corrected and expanded.
- Some bad logging format is fixed.