[SLING-1411] Add replaceAccessControlEntry method to AccessControlUtil - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: JCR Jackrabbit Access Manager 2.0.4
Fix Version/s: Launchpad Testing 6, Launchpad Content 2.0.6, JCR Jackrabbit Access Manager 2.1.0, JCR ContentLoader 2.1.0
Component/s: JCR
Labels:
None

Description

ModifyAceServlet and DefaultContentCreator both have a need to merge new privileges for a given principal to an existing resource ACL. Doing so involves some rather complex logic which is easy to get wrong, and in the Sakai 3 project, we found that quite a few service developers needed the same functionality. This patch moves the functionality to a shared utility method to eliminate any tempatations to copy-and-paste (or worse, rewrite incorrectly).

Besides consolidating the logic (and removing it from ModifyAceServlet and DefaultContentCreator), this patch introduces a couple of other changes:

The ACE merge is more conservative. ~~SLING-997~~ broke apart specified and existing aggregated privileges and then tried to recombine them into possibly new combinations. This patch instead maintains exactly what the client specified and (when possible) what was already there, but does not create any new aggregates of its own. This better matches Jackrabbit's default behavior, should minimize client surprises, and eliminates a subtle bug: any candidate aggregate privilege needs to be checked for "isAbstract()".
The ModifyAceServlet JavaDoc is corrected and expanded.
Some bad logging format is fixed.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

SLING-1411.patch
25/Feb/10 15:53
36 kB
Ray Davis

Activity

People

Assignee:: Eric Norman

Reporter:: Ray Davis

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 25/Feb/10 15:52

Updated:: 20/Sep/19 11:34

Resolved:: 27/Feb/10 18:39