You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by "Angela Schreiber (Jira)" <ji...@apache.org> on 2021/11/03 09:55:00 UTC
[jira] [Commented] (SLING-10740) Repoinit create path statement
fails for node types with a mandatory property
[ https://issues.apache.org/jira/browse/SLING-10740?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17437874#comment-17437874 ]
Angela Schreiber commented on SLING-10740:
------------------------------------------
hi [~enorman], principal-based authorization must only rely on principal management API. the fact that users/groups are also a source of principals should be considered an implementation detail and neither oak authorization nor application code should expect any principal being backed by a user/group.
what you perceive as an inconsistency in the user management between lookup by id vs principal is caused by the fact that lookup by id results in a UUID-query in the {{IdentifierManager}}. while the query itself would only be executed against persisted data, there exists special handling for transient UUIDs in oak, which does not exist for any other lookup. if you think the default principal lookup should also come with such a special behavior feel free to open an improvement request in the Oak project for components 'query' and 'security'. then we can discuss it with the teams involved what the impact would be and whether that makes sense or not.
> Repoinit create path statement fails for node types with a mandatory property
> -----------------------------------------------------------------------------
>
> Key: SLING-10740
> URL: https://issues.apache.org/jira/browse/SLING-10740
> Project: Sling
> Issue Type: Bug
> Components: Repoinit
> Reporter: Eric Norman
> Assignee: Eric Norman
> Priority: Major
> Fix For: Repoinit JCR 1.1.38
>
>
> The processing of the "create path" statement calls save() at the end which will cause a constraint violation if the nodetype of the created path contains any properties that are declared as mandatory (and not autocreated). No processing of "set properties" statements happens before the save() call in AclVisitor#visitCreatePath so it does not seem to be possible to define any mandatory properties using the current repoinit grammar.
> I could see this solved in a couple ways:
> # The AclVisitor#visitCreatePath could possibly pre-process any "set properties" statements that are applicable to the created path before calling save and then skip those same items when NodePropertiesVisitor visits the same.
> # Or, the "create path" grammar could be extended to allow defining properties to be set at the same time as the create (with a syntax that is similar to the "set properties" statement?)
> # Or, perhaps calling save in AclVisitor#visitCreatePath is not necessary? I'm not sure of the historical reasons why save() is done there.
> # Or, maybe something else I haven't thought of
>
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)