Details
-
New Feature
-
Status: Closed
-
Major
-
Resolution: Fixed
-
None
-
None
Description
As discussed in the "Removing loginAdministrative, how to test that, and service username conventions" thread on our dev list [1] we need to be able to create service users and set the corresponding ACLs from our provisioning model.
This should be implemented using distinct utility classes, one for the users and one for the ACLs, that take simple mini-languages as input. This will allow for reusing these utilities in test code for example.
[1] http://markmail.org/message/kcvuhwfdald2dyuz
Edit: high-level requirements
As discussed in the "SLING-5355 - configs vs. content for ACLs and service users" thread - http://markmail.org/message/tzno2via2wjckhuc
- HR1 - Create service users and set their ACLs as defined in the Sling instance's provisioning model.
- HR2 - Create initial paths like /var/discovery, so that ACLs can be set on them.
- HR3 - Make the full text of the ACL definitions available at runtime for auditing purposes (see Michael Marth's Dec.17 comment in
SLING-5355). Also useful for upgrades where merging with conflict detection is needed.
Attachments
Issue Links
- blocks
-
SLING-5252 Remove getAdministrativeResourceResolver() from Scripting Core
- Closed
-
SLING-5253 Remove getAdministrativeResourceResolver() from the Sightly engine
- Closed
-
SLING-5254 Remove getAdministrativeResourceResolver() from the Sightly JS Provider
- Closed
-
SLING-5238 Remove getAdministrativeResourceResolver() usage from org.apache.sling.resource.inventory
- Open
-
SLING-5226 Remove loginAdministrative() usage from org.apache.sling.servlets.post
- Resolved
-
SLING-5229 Remove getAdministrativeResourceResolver() and loginAdministrative() usage from JCR components
- Resolved
-
SLING-5227 Remove loginAdministrative() usage from org.apache.sling.bgservlets
- Closed
-
SLING-5228 Remove loginAdministrative() usage from org.apache.sling.installer.provider.jcr
- Closed
-
SLING-5230 Remove getAdministrativeResourceResolver() usage from org.apache.sling.event.dea
- Closed
-
SLING-5231 Remove getAdministrativeResourceResolver() usage from Discovery components
- Closed
-
SLING-5232 Remove loginAdministrative() usage from org.apache.sling.event
- Closed
-
SLING-5233 Remove getAdministrativeResourceResolver() usage from org.apache.sling.i18n
- Closed
-
SLING-5234 Remove getAdministrativeResourceResolver() usage from org.apache.sling.xss
- Closed
-
SLING-5235 Remove loginAdministrative() usage from org.apache.sling.resourceresolver
- Closed
-
SLING-5236 Remove getAdministrativeResourceResolver() usage from scripting bundles
- Closed
-
SLING-5237 Remove getAdministrativeResourceResolver() usage from org.apache.sling.servlets.resolver
- Closed
-
SLING-5239 Remove loginAdministrative() usage from org.apache.sling.rewriter
- Closed
-
SLING-5240 Remove getAdministrativeResourceResolver() usage from org.apache.sling.tenant
- Closed
-
SLING-6562 Remove getAdministrativeResourceResolver from Sling Validation
- Closed
- is blocked by
-
SLING-5414 Make the contents of the provisioning model available at runtime
- Closed
-
SLING-5449 Content repository initialization language
- Closed
- is related to
-
SLING-5135 Whitelist legit usages of loginAdministrative and administrative ResourceResolver
- Closed
-
JCRVLT-61 Allow AccessControllHandling be defined per filter root
- Open
-
SLING-6990 Content Package Installer: Use service resource resolvers instead of admin resource resolver
- Closed
-
SLING-9422 Content Package Installer: Use service resource resolvers instead of admin resource resolver for installation
- Closed