Uploaded image for project: 'Sling'
  1. Sling
  2. SLING-1411

Add replaceAccessControlEntry method to AccessControlUtil

    XMLWordPrintableJSON

Details

    Description

      ModifyAceServlet and DefaultContentCreator both have a need to merge new privileges for a given principal to an existing resource ACL. Doing so involves some rather complex logic which is easy to get wrong, and in the Sakai 3 project, we found that quite a few service developers needed the same functionality. This patch moves the functionality to a shared utility method to eliminate any tempatations to copy-and-paste (or worse, rewrite incorrectly).

      Besides consolidating the logic (and removing it from ModifyAceServlet and DefaultContentCreator), this patch introduces a couple of other changes:

      • The ACE merge is more conservative. SLING-997 broke apart specified and existing aggregated privileges and then tried to recombine them into possibly new combinations. This patch instead maintains exactly what the client specified and (when possible) what was already there, but does not create any new aggregates of its own. This better matches Jackrabbit's default behavior, should minimize client surprises, and eliminates a subtle bug: any candidate aggregate privilege needs to be checked for "isAbstract()".
      • The ModifyAceServlet JavaDoc is corrected and expanded.
      • Some bad logging format is fixed.

      Attachments

        1. SLING-1411.patch
          36 kB
          Ray Davis

        Activity

          People

            enorman Eric Norman
            raydavis Ray Davis
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: